Senior Audit Manager, Information & Cyber Security
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
To act as team manager for Information & Cyber Security (ICS) assigned audit work and lead the more complex audits such as cross-functional and multi-location high risk audits . Also, maintain stakeholder relationships with the purpose of understanding the respective businesses, identify emerging cyber risks and advise on Audit top risk & concerns. Strategy
- Support the Head of Audit (HOA), in the development of the GIA risk assessment and development of an appropriate audit plan for the Information & Cyber Security (ICS) portfolio.
- Support the HOA to ensure that audits assigned to the individual in the GIA audit plan address the key risks identified in the detailed risk assessment and in the audit planning process, and meet relevant regulatory requirements and expectations that are required to be covered by GIA.
- Ensure that the assigned audit plan remains relevant throughout the year as the ICS risk profile of the business changes, and propose changes as appropriate.
- Ensure that GIA operates in line with the Audit Charter, remains independent from management and free from interference.
- Assist the HOA to effectively manage the cost of assigned audits within the allocated budget for audit engagements.
- Identify and implement opportunities for cost savings and optimal productivity of assigned audit engagements.
People and Talent
- Support development of the Information and Cyber Security audit plan through risk assessment and top-down approach based on the inherent risks and knowledge of the risk profiles.
- Oversee the implementation and execution of the agreed audit plan and facilitate collaboration with the country audit and other functional audit teams to achieve a holistic approach to the assessment of risks and development of audit plan / strategy.
- Ensure audit activity in the Information and Cyber Security audit portfolio is sufficient to meet the requirements of regulators and Audit Committee if applicable.
- Embed a strong understanding and discipline of implementation of GIA methodology in the team.
- Apply Cyber Security experience and skill to share knowledge within GIA.
- Lead through example and employ the appropriate culture and values. Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.
- Demonstrate strong leadership and ability to motivate and guide audit team leaders and members.
- Influence change within the business.
- Ensure correct capacity planning for assigned audits to ensure optimal productivity of the team.
- Provide written performance feedback to team leaders at the end of an audit. Review and agree the feedback provided by the team leader to team members.
- Facilitate the development of direct reports and audit team members by providing on the job training and recommending formal training to support GIA activities.
- Support the HOA to proactively spot talent for GIA.
- Assist the HOA to manage the relevant ICS stakeholders, establish good working relationships to help the businesses improve the control environment, and keep updated with changes in the business impacting their risk profile.
- Assist in identifying, assessing, monitoring, controlling and mitigating technology risks to the Group.
- Also, maintain awareness and understanding of the main risks facing the Group and the role the individual plays in managing them.
- Adopt an anticipatory approach to risk assessment through stakeholder communication and monitoring of the external environment to improve audit planning.
Regulatory & Business conduct
- Responsible for assessing the effectiveness of the Group's arrangements to deliver effective governance, oversight and controls in the business and, if necessary, oversee changes in these areas.
- Awareness and understanding of the regulatory framework in which the Group operates, and the regulatory requirements and expectations relevant to the role.
- Responsible for delivering 'effective governance'; capability to challenge fellow executives effectively; and willingness to work with any local regulators in an open and cooperative manner.
- Display exemplary conduct and live by the Group's Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Support the Information and Cyber Security audit portfolio to achieve the outcomes set out in the Bank's Conduct Principles: Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Prevention; The Right Environment.
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
- Designated business stakeholders, typically related to individual audit assignments and the Information & Cyber Security portfolio.
- GIA stakeholders - team leaders, team members and team managers, Product, Functional, Country and Regional Heads of Audit.
- External Auditors / Professional Services Companies.
Our Ideal Candidate
- Embed Here for good and Group's brand and values in Group Internal Audit.
- Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures.
- Significant experience within the banking and financial services industry, focusing on the information and cyber security domain.
- Experienced career internal (or external) auditor, or experienced information and cyber security professional with deep subject matter expertise/knowledge.
- Industry wide knowledge of enterprise security architecture and information/cyber security concepts for global banking and financial institutions.
- Up to date with key regulation / developments in Information and Cyber Security Management Framework (including Technology Risk Management).
- Knowledge of Banking controls and processes.
- Ability to perform the role of 'Change Leader'.
- Strong communicator, both written and verbal, with an ability to influence and an ability to gain the respect of senior management, regional stakeholders, peers and their teams.
- Confident and courageous to raise/escalate issues in a pro-active, professional and timely manner.
- Demonstrate understanding of and commitment to the Group's core values.
- University degree and professional certification (such as CISA, CISSP, or CISM) preferred.
- Fluency in English.
- Ability to commit up to 10% business travel.
- Self-directed and able to work with minimum supervision.
Reports Directly to: Head of Audit, Information and Cyber Security
Direct Reports: Audit Managers (where applicable)
Matrix/Dual reports: Not Applicable
Indirect Reports: Where performing Team Manag er role on an audit assignment, will have supervisory responsibility for all auditors.
Apply now to join the Bank for those with big career ambitions.