Head of Risk & Control - Security Technology Services
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
- Security Technology Services (STS) is a critical function within Standard Chartered Bank operating under the overall purview of "Technology Services".
- The STS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products to maintain and continuously improve Bank's cyber security posture in today's ever evolving cyber security landscape.
- The STS team protect the Bank from cyber security threats by delivering effective information security technology services, managing, and responding to security incidents to ensure, and support the continuity and growth of Bank's business operations; and meet the both internal and external stakeholders' expectations across 60+ countries and territories, in which SCB operates.
- The Risk & Control team is a critical function within STS and requires a highly skilled and experienced risk and control professional to lead the team and build a world class capability to ensure all risks (self identified, audit, regulatory) are proactively identified, mitigated and remediated.
Risk & Control Management:
Risk & Control Function:
- Provide leadership and oversight by setting the direction and strategy for the management of Security Technology Services' risk profile and assurance of its control environment in line with internal Policy / Standard requirements and industry best practices.
SCB Risk Frameworks:
- Provide leadership and oversight by setting the operating model, agenda and book of work/deliverables of the Risk & Control function within Security Technology Services (STS)
- Lead the overall STS Risk & Control function with direct responsibility for the central R&C team (15 FTE) and matrix responsibility for the R&C teams (25 FTE) in the STS Service Lines
Control Assessment and Testing:
- Lead / manage the effective day-to-day delivery of standard risk management processes as required under the Bank's Operational (OR) and Information and Cyber Security (ICS) Risk Frameworks
- Manage the implementation of new requirements under the ICS Risk Framework and ensure new processes are effectively implemented into BAU
- Provide thought leadership on any new framework developments working closely with the respective risk framework owners
STS Risk Governance and Reporting:
- Manage and oversee the adequacy of the STS control environment across the service portfolio
- Provide thought leadership on control design, assessment, testing processes and drive continuous improvement
- Perform final review of the control self-assessment outcome, monthly control testing results and adequacy of the related remediation actions
- Manage STS's involvement and deliverables in the annual SWIFT Attestation and the continuous control monitoring and exception remediation
- Lead STS internal risk governance via chairing the STS Risk Forum
- Manage and oversee the portfolio of all regulatory, audit and self-identified risk issues / commitments to ensure successful and timely delivery
- Work with the STS Service Lines to identify emerging risks and ensure they are appropriately addressed and subjected to formal governance
- Perform final review of all new regulatory, audit or risk remediation commitments ensuring that deliverables, dependencies and timeframes are assessed in detail and agreed with all stakeholders
- Manage and continuously improve the STS internal risk profile reporting
- Manage and drive continuous improvement of the STS internal risk profile reporting, issue management processes and supporting tools
Regulatory & Business Conduct:
- Support the Global Head of STS on all risk governance requirements such as global senior risk committee meetings and deliverables
- Support ad-hoc tactical and strategic risk initiatives to meet business and operational demands through thoughtful leadership or partnership
- Act as the SME during regulatory engagements when discussing risk and control topics
COMPETENCIES (KNOWLEDGE & SKILLS)
- Display exemplary conduct and live by the Group's Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
The successful candidate should have at least 10 years of experience in senior / leading positions in Technology Risk, Information Security Risk and / or Technology Audit.
Competencies required for the position include:
- Excellent organizational and leadership skills (successfully lead and managed risk & control functions) with ability to manage multiple deadlines and effectively prioritise
- Experience of developing a people strategy, influencing relevant stakeholders and decision makers, and executing decisions efficiently and consistently
- Strong sense of personal ownership and responsibility in accomplishing the organisation's goal. Is confident and will roll-up his/her sleeves to drive success
- Able to get things done in a quick-paced environment. Be transparent and open around what doesn't work and what does
- Knowledge of relevant Technology and Business Regulations and experience engaging directly with regulators
- Excellent communication and briefing skills at senior executive and board level - oral, written and presentation; technical reporting writing across various types of target audiences.
- Highly entrepreneurial with a high level of energy, dedication, and an unrelenting drive to deliver value.
- Hands on experience with Control Design and Implementation & Testing
- Relevant industry certifications desirable (e.g. CISSP, CISA, CRISC etc.)
- Understanding of the cyber threat landscape and mitigating controls/approach would be desirable.
- Experience engaging directly with regulators
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages .