Head Information and Cyber Security SC Ventures
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
(SCV) is a business unit created to promote innovation , invest in disruptive financial technology ,
and explore alternative business models. It leverages human-centric design and a lean start-up approach that nurtures an intrapreneurial culture by empowering people and creating open platforms and partnerships. Through its Innovation Investment Fund supported by 3 rd party investment managers, it invests in Fintech companies that enable forward-thinking capabilities. Through its Business Ventures programme, it sponsors and oversees formation of new business ventures, which focus on disruptive business models to create optionality. And through its eXellerator programme,
it facilitates innovation and culture change across the Bank and provides a platform to support the Bank's intrapreneurs and clients along their innovation journey. Information and Cyber Security ("ICS")
function in the Bank is our first line of defence, aimed at regularly evaluating the Bank's cyber security posture in today's ever evolving threat landscape and constantly improving the Bank's cyber framework/controls and remediating cyber security services and products.
This is a new role to strengthen our first line of defence and extend the ICS focus within SCV by working closely with key business stakeholders and ensuring that the innovative and disruptive business models continue to have the required level of cyber security with value-added solutions, whilst remaining in line with the regulations, business risk appetite, policies and standards. It reports to the Global Head of Operations, ICS , to drive the ICS risk reduction agenda in the respective business / function / region.
The key deliverables of the role are:
- Lead the Information and Cyber Security ("ICS") Risk Type Framework ("RTF") implementation in SCV in a manner that balances innovation and risk and in line with legal, compliance and regulations
- Lead risk mitigation and remediation in SCV in line with the ICS TRP agenda, where necessary
- Interface with the respective Group Business, Function and / or Country MT for effective implementation of innovative business models introduced by SCV
- For select Group wide initiatives, lead the change agendas agreed with the ICS TRP AE
- Understand SCV specific requirements including regulatory driven requirements. Support the management of these requirements within risk appetite
- Provide leadership over the operational delivery, controls, and governance of the ICS agenda. Faceoff to the Group ICS TRP and ICS subject matter experts in Group Business lines
- Chair SCV ICS Working Groups. Support in the respective business / function / region Heads to manage ICS risk including in Non-Financial Risk Committees
- Identify and independently drive strategic change initiatives to deliver on the ICS agenda for SCV with a forward-looking view
- Develop insightful strategies for engaging business on information security matters, ensure investments are prioritised and funding is approved
- Support delivery of the Bank's enterprise wide risk management plan and strategy
- Work with different ventures and partners to assist in the development of strategies and plans for improving both Architecture and application security
- Ensure ICS risks in SCV are proactively managed and effectively controlled, mitigated and remediated with senior stakeholder's support and buy-in, in line with Group, Region, Country, Business/Function risk appetite and regulatory driven requirements, that SCV is working with to introduce innovative business models
- Establish priorities in partnership with the COOs and take responsibility for resolving security issues
- Ensure that the management of ICS risk is effective and operating efficiently within SCV
- Drive security culture/awareness and help improve readiness for a cyber event.
- Ensure information risks are identified, assessed, mitigated and controlled
- Ensure Critical Information Assets are identified and graded appropriately and monitor changes in the risk profile of the highly critical systems
- Work with IT to validate the resilience of SCV's data and IT systems
- Support Group initiatives ensuring SCV needs are represented effectively. Face off to the Group ICS TRP and ICS subject matter experts in Group Business lines
People and Talent
- Drive the continuous improvement of practices
- Agree and drive the implementation of the ICS agenda for the respective business / function / region by working with the respective Business/Function Heads, Region / Country Management Team, COO/CIO teams, ISOs, the ICS TRP and senior T&I leadership
- Lead ICS risk remediation initiatives and activities including incident responses, crisis exercises, risk assessments, stress testing, regulator engagement
- Drive the implementation of the ICS RTF in in the respective business / function / region with a focus on key countries. The plan will incorporate digital footprint discovery, threat/risk assessment, definition and implementation of controls as guided by the ICS RTF
- Maintain strong stakeholder engagement and serve as the business-facing lead with Group, Regional and Country IT, Business/Function, COO, ISOs, Risk & Control stakeholders to bring alignment across stakeholder groups in conjunction with ICS risk management
- Collaborate with Corporate Communications, threat intelligence and other functions to lead and coordinate the information security change management effort around branding, communications, staff awareness and training
- Maintain relationships with key service and product owners within Security Technology Services to keep abreast of changes that may affect TRB 's risk landscape
- Help to interpret and translate the ICS requirements of the SCV ICS programme into technical requirements when needed
- Engage external agencies / third parties to understand the threat environment and reported events; assess impact for SCV
- Drive compliance with Group policies standards, and local regulatory requirements
- Work closely with CISO, Regional ISO, Country ISO, Head of ICS Governance, TISO, Business and COOs to provide oversight, governance and monitoring, and work with various delivery owners to embed the ICS RTF
- Understand and assess the impact of changes in the policy or procedures on SCV and engage with the SCV Heads to ensure the impact is understood
- Recommend additions/enhancements/changes to the ICS policy, procedures, and RTF.
Regulatory & Business Conduct
- Monitor ICS risk profile and posture and report any non-compliance to senior management or governance committees
- Participate and represent SCV in Risk Committees, ICS working groups, Programme Steer Cos etc. to provide updates and influence positive outcomes for the Business/Function/Region/Country
- Validate the accuracy and consistency of KRIs, KCIs and other risk ratings/assessments, as well as process designs using available MI
- Support the Third-Party Security Assessment team during 3rd party reviews
- Help design and embed ICS RTF controls in ORF across SCV
- Display exemplary conduct and live by the Group's Values and Code of Conduct
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct
- Lead the SCV to achieve the outcomes set out in the Bank's Conduct Principles : [Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment.] *
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
- Engage key stakeholders including Legal and Compliance on interpreting local laws and regulations pertaining to information security. Work closely with SCV Heads, Compliance, CISO and ITO to develop reasonable solutions and/or mitigation.
Our Ideal Candidate
- Global Head Operations- Cyber, Data, Privacy and Automation
- Accountable Executive, ICS TRP
- SCV MT
- Head of Investment Delivery Assurance, ICS TRP
- Chief Operating Officers
- Security Technology Services MT
- Technology Services MT
- Global Head Governance & Change, CIO
- Chief Information Security Office (CISO)
- Head, Operational Risk Information Security
- Group Operational Risk
- Head, Audit - Information Security & Cyber
- Degree in Engineering, Computer Science/Information Technology or its equivalent.
- Experience in Information Security in Banking and Financial services.
- One or more of the following certifications or equivalents will be preferred:
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- SANS Global Information Assurance Certifications (GIAC)
- Certified in Risk & Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA)
- Exposure or hands-on experience in developing Cyber and Risk Management Strategy
- Knowledge of cyber frameworks, ICS principles and architecture
- Knowledge of ICS products and operations
- Knowledge of cyber regulations, compliance frameworks and legal
- Knowledge and exposure to FinTech, RegTech, AML, CTF
- Knowledge and exposure to emerging technologies (AI, VR, IoT, Blockchain etc.)
- Knowledge and exposure to Banking Systems
- Exposure or hands-on experience in penetration testing and vulnerability assessments
- Ability to articulate gross and residual risk and communicate complex technology and process risk to non-technical stakeholders in a clear and concise manner
- Strong interpersonal and stakeholder management skills, across various levels, including senior leadership teams, in influencing key decisions taken across cross-functional teams
- Ability to assess strategic priorities and focus on detailed aspects to drive effective delivery
- Lead complex activities through influence and credibility rather than command and control
- Must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision
- Strong analytical skills and ability to prioritise, make decisions, and work to tight timeframes
- Integrity, independence and resilience
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages .