Senior Information Security Manager, Third Party Security Risk Senior Information Security Manager, Third Party  …

Standard Chartered Bank
in Singapore, Singapore, Singapore
Permanent, Full time
Last application, 30 May 20
Standard Chartered Bank
in Singapore, Singapore, Singapore
Permanent, Full time
Last application, 30 May 20
Senior Information Security Manager, Third Party Security Risk
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

Job Purpose

The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function within the Group Chief Operating Officer (COO), Trust, Data & Resilience, the Group CISO serves as the first line of defence for operating ICS controls effectively and in accordance with the ICS Risk Framework and for practicing and promoting a culture of cyber security within the Bank. As such, the Group CISO is central to ensuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.

This role sits within the Third Party Security Risk (TPSR) team. The main purpose will be to support the Head, Operations & Management Third Party Security Risk in ensuring:
  • Country compliance to TPSA policy and processes
  • Reconciling and resolving any potential gaps with any country requirements
  • Oversight and escalation of TPSA risks and issues at country committees
  • Key country stakeholder management
Key Responsibilities
  • Tracking of progress, risks & issues of all TPSA activities for the country of coverage
  • Representing TPSR within country committees, presenting key risks and issues to drive compliance
  • Regularly review country requirements against TPSA processes and identification of gaps - drive discussions towards resolution
  • Socialise forward view of risks and / or issues with key stakeholders to ensure continuous compliance
  • Drive broader in-country education of TPSA policy and processes to drive greater in country adoption and adherence
  • Act as a channel of feedback and / or new requirements to the broader TPSR team from a country perspective
  • Agree and operationalise detailed R&R between this role and the local country HICS
  • Establish a clear scope of coverage with the country committee / authority
  • Remain current on industry trends and regulatory requirements related to third party information security
Regulatory and Business Conduct
  • Display exemplary conduct and live by the Group's Values and Code of Conduct
  • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct
  • Demonstrate leadership ability to ensure that the team achieves the outcomes set out in the Bank's Conduct Principles
  • Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters
People and Talent (if applicable)
  • Provide mentoring and support as required across the team and CISO organisation

Our Ideal Candidate
  • Experience in and / or knowledge of Third Party Security Risk, Third Party Risk Management and related country regulation
  • Bachelor's degree from an accredited college/university in an appropriate field
  • Professional auditing certification, e.g. CISA
  • Experience in IT auditing, preferably with Big 4 and/or Banking & Financial services experience
  • Experience in managing audit staff and complex audits
  • Experience in third party audits or risk management is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement
  • Understanding of controls, regulatory and risk issues in a global financial institution
  • Knowledge of key outsourcing regulatory requirements, e.g. MAS, HKMA, RBI
  • Familiarity with working in a MNC or cross-cultural setting
  • Excellent written and interpersonal skills
  • Strong stakeholder engagement skills, and ability to interact at all levels across an organisation
  • Strong audit project organisation and management skills
  • Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles and security architecture

Apply now to join the Bank for those with big career ambitions.

To view information on our benefits including our flexible working please visit our career pages .