• Competitive
  • Singapore
  • Permanent, Full time
  • Standard Chartered Bank
  • 2019-06-26

Senior Manager, ICS Measurement & Change Management

  • Location: Singapore
  • Salary: Competitive
  • Job Type: Full time

Senior Manager, ICS Measurement & Change Management

The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, red teaming, third party security risk, industry partnerships, and regulatory engagement. In addition, the team of Information Security Officers (ISO) reports to the CISO and performs a pivotal role as an extension of the CISO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions. The Office of the CISO is central to ensuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.

The Cyber Training, Awareness & Exercises team is looking for an Information & Cyber Security Measurement and Change Management expert to join their small but energetic communications team to manage the design, research, measurement, reporting, tracking and assurance of their Information and Cyber Security (ICS) training and awareness programme.

You will be responsible for designing strategic audience-based programmes and communications that inform and inspire business leaders and employees about the human angle of ICS risk. Are the Bank's phishing simulation results improving YOY? Which businesses and countries are leading the way in building a Security culture? What actions are we asking our board, management and employees to take to help protect the Bank from cyber attacks?

The role is varied and extremely dynamic. One day, you could be designing a phishing simulation programme for 80,000 employees, the next working with an agency to create an interactive PDF that helps countries identify specific employee risk areas.

In view of the ever-evolving information security landscape and the CISO function's new 2 nd line responsibilities, a strategic and measurable programme for increasing information security awareness amongst employees and executives in the Bank, as well as external stakeholders, is crucial for the management of information security risk.

This role will appeal to a senior marketing or communications professional who likes to look beyond the data and asks: "what does this mean for my audience and what action do I want them to take?" With an ability to digest and analyse numbers and turn them into outcomes-based, visually impactful and actionable communications and reports for internal audiences, only the collaborative and customer-focused need apply.

Main Purpose of the role:
Reporting to the Head of Cyber Training, Awareness and Exercises team, GIS, the Senior Manager, ICS Measurement & Change Management will collaborate with multiple stakeholders to lead, design and deliver a range of complex activities in the following fields:

Roles and Responsibilities:
Programme Management + Strategic Planning
· Drive the strategic vision and direction for improved awareness-through-data insights and reporting for all audience-specific Cyber awareness programmes (Executives, targeted awareness, general employees)
· Lead and conduct complex existing/new Cyber awareness measurement programes/projects such as the Bank's global phishing simulation exercises, clear desk checks and 3 rd party surveys that indicate the Bank's awareness capabilities
· Manage existing reports including the Security Culture Report, Phishing Communications, Quarterly Awareness updates, and introduce new reports where needed, that demonstrate the Bank's Security Culture
· Launch and manage the Security Quotient - a new yearly indicator of country's secure behaviour, gathering data and creating leadership boards
· Review, maintain and update existing project process documents regularly
· Manage all Awareness data asks/inputs as needed for CISO, ICS TRP, business and other reports such as Process Universe, risk/governance reports, conduct reviews, GNFRC papers etc

Research and Analysis
· Lead and drive data governance of how generated data will be used, stored, shared and accessed by the broader team
· Be the in house expert for Awareness team data/intelligence requirements (what topics, when, how often, where and why employees are behaving unsecurely) to improve employee competence and change behaviour.
· Provide key trend predictions, behavioural pattern analysis and deep dive insights through data analysis/3 rd party research engagement for regular reporting to the wider team based on customised audience requests using people-focused, user experience and change behaviour analytics approach

Communications
· Manage all communications and provision of awareness data points for the ICS Risk Type Framework and other related risk dashboards/papers/reports
· Create visually impactful, interactive and actionable reports for stakeholders that demonstrate the Bank's security posture in different regions, countries, businesses and functions using key information and cyber security parameters.
· Liaise with Corporate Affairs and other communications partners to amplify our story in human-centric ways

Stakeholder and people management
· Liaise with Audit, regulators, Governance, Operational risk, Compliance, Corporate Affairs and other functions to provide Cyber awareness metrics that demonstrate the Bank's ability to manage the human side of ICS risk - including the new Conduct Phishing Metrics dashboard
· Lead a team of 1-2 staff for phishing simulations, clear desk, data gathering and tracking, data trends analysis, generating reports, trend prediction and behavioural pattern analysis to support improvement in all teams audience specific programmes

Key Stakeholders
Information Security Officers (Geography, Business and Functions)
Executive, General and BFG Awareness Teams
CISO and Management team of Security Technology Services
Key Business Stakeholders including: All Business and Function C IOs, CTMs, CROs, Compliance Heads
· Country Property Teams
· Information Security Champions in country
Audit, regulators, Governance, Operational risk, Compliance, Corporate Affairs

Regulatory and Business Conduct
• Display exemplary conduct and live by the Group's Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Group Standard Compliance Performance
· Take personal responsibility for understanding the risk and compliance requirements of my role. Understand and comply with, in letter and spirit, all applicable laws, and regulations, including those governing anti-money laundering, terrorist financing, and sanctions; the Group's policies and procedures; and the Group Code of Conduct. Effectively and collaboratively identify, escalate, mitigate and resolve risk and compliance matters
· Embed 'Here for Good' and Group's purpose - Driving commerce and prosperity through our unique diversity. Promote a culture of openness, trust, and risk awareness, where ethical, legal, regulatory and policy compliant conduct is the norm

Qualifications, Skills & Experience
· A visionary, proactive go-getter with a minimum of 10 years relevant working experience in market research, data-driven marketing/analytics/communications or similar field
· Finely tuned attention to detail with the ability to lead and act strategically with an eye for the "bigger picture" a must
· A genuine interest in transforming data and insights into actionable, plan English, visually appealing reports and communications
· Meticulous project management skills
· Excellent communications and writing skills a must
· Advanced competency skills using MS Office software (Word, Powerpoint, Excel) or Tableau to generate trend prediction, behavioural pattern analysis and reports an added advantage.
· Leading a team in a multinational corporation experience a plus.
· A reasonably competent level of understanding of (or interest in) information technology and user-oriented information security.
· High adaptability to work and contribute to the team across geographies in a matrix and digital-centric environment
· Ability to assess and manage priorities, working in a structured, autonomous manner with a firm focus on delivering results
· Sound judgement and anticipation with strong integrity, independence and resilience
· A Degree in a related field. Extended years of relevant working experience may be considered in lieu.