Chief Info Security Risk Officer - Virtual Banking
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
As one of the biggest banks in market, we are rapidly expanding by growing a new virtual banking business in Hong Kong. We see ourselves as a fast growing start-up company where you will enjoy autonomy and teamwork at the same time, solving new and exciting problems in a nimble and agile way. Join us and be part of history making for future banking experience!
The Role Responsibilities
We are looking for a CISRO to be accountable for ensuring and strengthening the bank's control for information & cyber security, and technology. The CISRO will manage the control environment to protect the Bank from information & cyber security and technology risks and be the change agent to continuously manage and improve the information & cyber security and technology framework for the bank. Experience in both technology risk and information & cyber security risk is required. Information & Cyber Security
- Lead and direct the design of the Bank's second line of defence in managing information & cyber security risk, encompassing the areas of strategy, governance, business engagement, policy, risk assessment, and awareness
- Understand regulatory requirements for information & cyber security and define control requirements to mitigate relevant risks
- Represent the Bank on internal and external information & cyber security committees
- Establish an assessment processes for: 1) new products and services; and 2) continuous monitoring of existing platforms and infrastructure
Our Ideal Candidate
- As a specialist in Technology Risk & Controls, build a firm foundation of risk & control within a fast-paced technology banking environment
- Uphold the integrity of technology risk within the Bank's risk appetite
- During the build of the virtual bank, provide a focal point of control for the bank's technology risk, including the design and monitoring of effective controls
- Understand regulatory requirements for technology risk and define control requirements to mitigate relevant risks
- Ensure the risks of processing failure are actively managed and monitored
- Design and implement healthy 1st line risk & controls for technology
- Understand and overcome the nuances in the governance of an agile bank compared to a traditional bank
- Aggregate industry experience in both technology risk and information & cyber security risk
- Experience of technology regulations, preferably HKMA
- Educational background in computer science or information security
- Familiarity with the regulatory requirements of a digital or virtual bank and the three lines of defence risk model
- Experience in the following areas is important: information security, cyber security, technology risk management, privacy, and cloud technology
- Experience in the following areas is desirable: cloud security, network and application security, data loss prevention, identity and access management, vulnerability management, and data encryption
- Influencing skills and ability to manage relationships with senior management.
Apply now to join the Bank for those with big career ambitions.