Director, CSS Risk & Control
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base. The Role Responsibilities
Significant transformation is underway within the Cyber Security Services (CSS), under the overall purview of COO - Trust, Data and Resilience, to rapidly improve the control environment, along with digitization and innovation.
The role is to be the Thematic Risk Lead supporting horizontally across all of the CSS domain services. To co-ordinate risk & control returns/ input/ activities centrally including CSS MI reporting and co-ordination of actions for CSS Risk Forum, co-ordination of any risk and control activities/remediation which cut across all of the domains.
As of 1st April 2020, this team has been integrated into the wider TDR Risk & Control function. This team will provide governance, oversight and assurance, as well as advocating and imparting lessons and good practice to shape the design and implementation of cyber security controls. In addition, determining whether these controls are operating effectively. Key responsibilities include:
- Oversee all risk and control activities related to all people, processes and assets within the CSS function.
- Lead a team of risk and ICS SMEs to drive a multi-year and complex controls transformation agenda.
- Deliver risk focused, timely and re-performable deep dive reviews following TDR Control methodology.
- Design and maintain internal processes that allow CSS to dynamically monitor risk and controls.
- Maintain all ORTF based CSS controls and corresponding CSTs, KCIs and KRIs.
- Support the delivery of the overall COO TDR Conduct Risk Management plan.
- Provide timely and accurate risk & control MI to the respective risk forums.
- Drive compliance with the Bank's risk framework and policies (e.g. ERMF, ORTF and ICS RTF).
- Support the design, build, and implementation of effective processes and controls to effectively mitigate ICS risks.
- Support the CSS Function to be 'First to Know' its risks & issues, and to deliver on its commitments.
- Support stakeholders in defining remediation actions to address identified control weaknesses and issues.
- Act as the key confidant to the CSS 'Process Owner(s)' responsible for developing, prioritizing and implementing controls
- Maintain accurate and timely data within EORP and any other agreed repositories for risk & control data and issues.
- Track issue remediation, check and challenge delivery status and escalate delays.
- Validate that remediation activities completed by CSS address the risk in the issues (e.g. Audit issues and deep dive findings).
- Support liaison with Group Internal Audit and any third party or regulatory inspections.
- Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
- Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.
- Support CSS Process owners in the execution of their accountabilities related to:
- Identification and management of the end to end processes as defined by the Process Universe and associated risks for the activities carried out.
- Implementing the RCSA to monitor the effectiveness of the controls and standards governing the end to end process.
- Being accountable to the Group Process Universe Owner, framework and policy owners and implementing the control requirements applicable to the process.
- Escalating significant risks and issues to the Process Universe Owners, relevant Risk Framework Owners or Policy Owners.
- Perform review of the control self-assessment outcomes, monthly control testing results and adequacy of the related remediation actions.
- Provide thought leadership on control design, assessment, testing processes and drive continuous improvement in ORFT and ICS RTF.
- Execute deep dive reviews and consistent, efficient and meaningful CSTs / KCI tests for CSS processes.
- Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction.
- Manage and drive continuous improvement of the CSS control environment through proactive risk management (e.g. technical deep dive and issue validation).
- Provide good technical input and challenge on assignment to steer team member in producing high quality output which address the risk.
- Build effective relationships with leaders to facilitate:
- Growing trust with clients and regulators by supporting the CSS Function to be 'First to Know' its risks & issues, and to deliver on its commitments; and
- The provision of timely, expert advice and assurance;
- Partnerships with other functions to provide professional advice and assurance
People and Talent
- Work closely with the TDR key strategic initiatives to provide delivery assurance and assessments of key deliverables.
- Provide strong leadership, management and coaching over colleague(s).
- Provide proactive self-orienting and self-motivating leadership, and work with limited direction.
- Lead through example and build the appropriate culture and values. Set appropriate tone and expectations, and work in collaboration with risk and control partners.
- Build the right mix of SME and risk & control skills.
- Responsible for identifying 'risk' related knowledge gaps across CSS and facilitate the provision of appropriate training to address these gaps.
Regulatory & Business Conduct
- Provide timely and accurate reporting to appropriate committees, most specifically the CSS Risk Forum and TDR NFRC.
- Ensure appropriate oversight and facilitate resolution of high impact risk and issues.
- Tracking and reporting of risk assessments (e.g. audits, risk assessments etc) and their outputs to ensure oversight and escalation mechanisms are in place to provide MI on obligations.
- Work with the CSS Service Lines to identify emerging risks and ensure they are appropriately addressed and subjected to formal governance.
- Manage and drive continuous improvement of the CSS internal risk profile reporting, issue management processes and supporting tools.
- Display exemplary conduct and live by the Group's Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank.
- Lead the Controls service team to achieve the outcomes set out in the Bank's Conduct Principles: The Right Environment.
- Effectively and collaboratively identify, escalate and resolve conduct and compliance matters.
- Provide timely and accurate risk & control information to support regulatory meetings and RFIs.
- Global Head, Trust, Data and Resilience
- Global Head, Cyber Security Services
- Service Heads, Cyber Security Services
- Trust, Data & Resilience MT
- Cyber Security Services MT
- Group Operational Risk
- Group CISRO
- Group Internal Audit - T&I and Operations and Cyber
Our Ideal Candidate
- Perform other responsibilities as assigned by the Head of Cyber Risk and Controls.
- Bachelor / Honours Degree in Information Technology, Computer Science, Cyber Security or other technology related qualifications or 10+ years of experience in cyber/IT security, technology audit or assurance, which must include some element of experience in a 'first line' security or assurance team.
- Background in the information and cyber security domain within international financial services organisations.
- Demonstrated ability to support a 'first line' function in responding to external/regulatory audits.
- Up to date with key regulation / developments in Information and Cyber Security Management Framework (including Technology Risk Management), Data, Privacy and Automation.
- Professional Qualifications (i.e. CISSP, CCNA and CCNP).
- Risk and control related certification in security domain (i.e. CISA, CRISC).
- Experience in SWIFT and PCI attestations.
- Risk & control, assurance, or audit experience.
- Ability to challenge the status quo.
- Ability to commit up to 10% business travel.
- Excellent organisation skills with ability to manage multiple deadlines and effectively prioritise workload.
- Strong interpersonal skills to foster positive relationships with internal and external stakeholders.
- Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers.
- Ability to exercise good judgment and objectivity.
- Demonstrates ability to work with limited direction and multi-task without loss of quality.
- Confident and courageous to raise/escalate issues in a pro-active, professional, and timely manner.
- Demonstrate understanding of and commitment to the Group's core values.
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages . We welcome conversations on flexible working.