Product Owner PCI DSS
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
- Experience with development of Information and Cyber Security strategy, standards, policies and procedures.
- Conduct risk assessments and support mitigation activities and projects
- Drive compliance with group policies standards, and local PCI and other regulatory requirements
- Work closely with Group CISO, Head of ICS Governance, TISO, Business and COOs to provide oversight, governance and monitoring, and work with various delivery owners to embed the ICS risk type framework within the business.
- Understand and assess the impact of changes in the policy or procedures on Retail Banking and engage with the Business Heads to ensure the impact is understood.
- Recommend additions/enhancements/changes to the ICS policy, procedures, risk type framework. SECURE THE
REPORTING AND GOVERNANCE:
- Ensure ICS risks are proactively managed and effectively controlled, mitigated and remediated with senior stakeholder's support and buy-in.
- Establish priorities in partnership with the COOs and take responsibility for resolving security issues
- Manage security-related incidents and events
- Ensure that the management of ICS risk is effective and operating efficiently within RB.
- Drive security culture / awareness and help improve readiness for a cyber event.
- Support risk assessments (gross and residual risks) for the business and provide advice whenever technical expertise is required.
- Ensure the Bank's information is protected by working with the businesses to validate the Confidentiality, Integrity and Availability framework has been applied effectively
- Ensure information risks are identified, assessed, mitigated and controlled.
- Ensure Critical Assets are identified and graded appropriately. Monitor changes in the risk profile of the highly critical systems.
- Work with IT and operations to validate the resilience of Retail Banking's data and IT systems.
- Support Group initiatives ensuring RB needs are represented effectively
- Prepare periodic reports, dashboards and committee papers summarizing the risk posture for the business. Report non-compliance issues to senior management or governance committees.
- Participate and represent RB in PGCs, Cyber working groups, Graphene PgSCs etc to provide updates and influence positive outcomes for the business.
- Validate the accuracy and consistency of KRIs, KCIs and other risk ratings, as well as process designs using available MI.
- Support the Third-Party Security Assessment team during Retail's 3rd party reviews
- Help design and embed ICS RTF controls in ORF across Retail Banking.
- Support regulatory engagements
RESILIENCY AND RECOVERY:
- Maintain strong stakeholder engagement and serve as the business-facing lead with ITO, Business, COO, CISO, Risk & Control stakeholders to bring alignment across stakeholder groups in conjunction with ICS risk management.
- Collaborate with Corporate Communications, threat intelligence and other functions to lead and coordinate the information security change management effort around branding, communications, staff awareness and training.
- Maintain relationships with key service and product owners within Security Technology Services to keep abreast of changes that may affect Retail Banking's risk landscape.
- Help to interpret and translate the information security requirements of the business IS program into technical requirements when needed.
- Engage external agencies / third parties to understand the threat environment and reported events; assess impact for Retail Banking.
- Identify and independently drive strategic change initiatives to deliver on the ICS agenda for RB with a forward-looking view.
- Develop insightful strategies for engaging business on information security matters, ensure investments are prioritised and funding is approved.
- Support delivery of the bank's enterprise wide risk management plan and strategy.
- Work with application development organizations to assist in the development of strategies and plans for improving both Architecture and application security.
REGULATORY AND BUSINESS CONDUCT:
- Serve as the first point of contact and escalation for all business information security matters; serve as the business security incident response coordinator and advisor on emergency actions to protect the business.
- Respond to security events by initiating and coordinating emergency actions to protect the business unit from an imminent loss of information or value.
- Ensure that Business Cyber Contingency Plan, Crisis Management Plan, Playbook etc are in place.
- Conduct scenario testing, table top exercise with RBMT, regional and product RB heads on a regular basis to ensure preparedness for any contingency.
Our Ideal Candidate
- Display exemplary conduct and live by the Group's Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Retail Banking. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
- Engage key stakeholders including Legal and Compliance on interpreting local laws and regulations pertaining to information security. Work closely with Business Heads, Compliance, CISO and ITO to develop reasonable solutions and/or mitigation.
- Own and manage the project plan, estimates, issue/dependency tracking, resourcing and timescales
- Advocate delivery excellence, minimising delivery risk
- Conduct code reviews to ensure quality and standards of development
- Hands on development as and when required
- Follow the bank's development methodology and drive enhancements to it where appropriate
- Advocate delivery excellence, ensuring application release quality
- Build relationships with key stakeholders: Business, Fellow developments managers inside and outside of FM, Infrastructure teams etc.
- Timely and clear communications to the stakeholder community
- Degree in Engineering, Computer Science/Information Technology or its equivalent.
- Experience in Information Security in Banking and Financial services.
- Experience in PCI compliance in Banking and Financial services.
- Experience in implementation of varying cybersecurity (NIST, ISO, COBIT) and PCI frameworks within Banking and Financial services.
- One or more of the following certifications will be preferred:
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- SANS Global Information Assurance Certifications (GIAC)
- Certified in Risk & Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Strong knowledge of Retail Banking related products and operations will be preferred.
- Exposure or hands-on experience in infrastructure / web application penetration testing and vulnerability assessments is preferred.
- Ability to articulate gross and residual risk with specific ability to clearly, concisely and accurately communicate complex technology and process risk to non-technical stakeholders in a lucid way.
- Strong interpersonal and stakeholder management skills, across various levels in the organization including senior leadership teams, in influencing key decisions taken in the business and in support teams.
- Strong communication skills - oral, written and presentation. Sound knowledge of MS-Excel, PPT, and Word.
- Must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision.
- Strong analytical skills and ability to prioritise, make decisions, and work to tight timeframes.
- Strong business acumen and deep knowledge and experience in the ICS field.
- Proven ability to lead highly complex, global activities through influence and credibility rather than command and control.
- Ability to both assess strategic priorities and to focus on detailed aspects of a function in order to drive effective delivery.
- Strong integrity, independence and resilience.
Apply now to join the Bank for those with big career ambitions.