- Permanent, Full time
- Standard Chartered Bank
Technical Control Assurance Director - Information & Cyber Security
- Location: Singapore
- Salary: Competitive
- Job Type: Full time
Technical Control Assurance Director - Information & Cyber SecurityAbout Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
Information and Cyber Security ("ICS") Transformation and Remediation Portfolio ("TRP") is a critical collection of programmes (the portfolio) aimed to improve Bank's cyber framework/controls, cyber security services and products, and remediate and continuously improve Bank's cyber security posture in today's ever evolving cyber security landscape.
The remit of the ICS TRP is to establish a sustainable operating model for the newly formed 1st line Business, Functional and Regional Heads of Information and Cyber Security (HICs). A global utility will be established as a centre of excellence to establish sustainable processes for all Business and Function ICS requirements, covering Change and Business As Usual (BAU) aspects. This utility will include '1 st line' assurance (i.e. delivered by the businesses, not by an independent audit) on ICS capabilities throughout the development lifecycle and in BAU.
The ICS 1 st Line Technical Control Assurance Director will safeguard the businesses and ICSTRP delivery, through the provision of high quality assurance on the effectiveness of ICS capabilities. Working with their business and function colleagues, they will provide assurance and advice, and advocate and impart lessons and good practice to shape the design and implementation of ICS capabilities, and determine whether these ICS capabilities are operating effectively in BAU to achieve and maintain ICS risk reduction. Regular outputs will be presented to the Global Head Operations- Cyber, Data, Privacy and Automation and the ICSTRP Portfolio Review Committee.
The key objectives for this role, are to effectively establish and execute technical assurance processes for ICS capabilities:
· During the system development lifecycle (via requirements, design and testing checks).
· In the BAU environment.
Key responsibilities include:
Supporting Strategic Delivery and Risk Reduction
Build effective relationships with leaders to facilitate:
- The provision of timely, expert advice and assurance to influence the development and operation of ICS capabilities.
- Partnerships with other functions to provide professional advice and assurance.
- Support stakeholders in defining remediation activities/solutions to address identified issues.
Providing Expert Assurance
- Define and maintain an efficient technical assurance methodology which delivers risk focused, timely and re-performable assurance on key controls, to support and maintain ICS risk reduction.
- Define and maintain an assurance plan based on continuous risk assessment. This plan will be agile; focused on both the current and emerging risks; and regularly re-assess and update the plan as the ICS risk profile of the businesses changes.
- Independently assess ICS capabilities during the development lifecycle including requirements, design and testing, and in BAU, to determine whether they deliver compliance with ICS standards and achieved intended risk reduction outcomes.
- Ensure assurance and approval is fully integrated and planned; commission or deliver impartial reviews to provide stakeholders with confidence in the achievement of their intended outcomes and compliance with standards.
- Support stakeholders in defining remediation actions / solutions to address identified findings from technical assurance reviews.
- Validate that the completed remediation activities address the risk in the identified assurance findings
- Act as an advocate of good practice and 'critical friend' to support the 'Global Head Operations - Cyber, Data, Privacy and Automation', ICSTRP AE, Chief Information Security Office, and Global Head of Security Technology Services in achieving and maintaining ICS risk reduction outcomes.
Developing Capability and Supporting Success
- Facilitate the learning from previous ICS experience by identifying and communicating transferable lessons, helping to embed these lessons, and encouraging best practice.
· Support liaison with Group Internal Audit and any regulatory inspections as required.
· Provide assurance that the delivery and operation of ICS capabilities is in line with the ICS Policy and underlying technical standards.
· Assist in identifying, assessing, monitoring, controlling and mitigating ICS risks to the Group.
· Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment to improve assurance planning.
· Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.
Business, Functions and Regions
- Provide robust challenge and escalation to senior management and all relevant business/function/region stakeholders to ensure activities achieve and maintain ICS risk reduction.
- Maintain strong stakeholder engagement with BISOs, Chief Information Security Office, Technology Services MT, T&I MT, Risk & Compliance, and Group Internal Audit and COOs to ensure alignment across stakeholder groups
· Provide timely and accurate reporting to appropriate committees
· Ensure appropriate oversight and facilitate resolution of high impact risk and issues
Processes and Alignment
· Drive the continuous improvement of the technical assurance methodology and ICS Risk Type Framework, by ensuring alignment between the two frameworks and lessons on key controls and control tests are continually shared.
Leadership, People and Talent
· Provide proactive self-orienting and self-motivating leadership, and work with limited direction
· Provide strong leadership, management and coaching
· Lead through example and build the appropriate culture and values. Set appropriate tone and expectations, and work in collaboration with risk and control partners.
· Regularly share lessons learnt and best practice in a timely manner across ICSTRP, BISOs, CISO, STS and the businesses/functions
Regulatory and Business Conduct
· Display exemplary conduct and live by the Group's Values, Valued Behaviours, and Code of Conduct
· Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank.
· Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.
· Global Head Operations- Cyber, Data, Privacy and Automation
· Accountable Executive, ICS TRP
· Head of Investment Delivery Assurance, ICS TRP
· Chief Operating Officers
· Security Technology Services MT
· Technology Services MT
· Global Head Governance & Change, CIO
· Chief Information Security Office
· Head, Operational Risk Information Security
· Group Operational Risk
· Head, Audit - Information Security & Cyber
Our Ideal Candidate
· Strong background in the information and cyber security domain within international financial services organisations.
· Professional auditors or experienced information/cyber security professional with deep subject matter expertise/knowledge.
· Experience of enterprise security architecture and information/cyber security concepts for global banking and financial institutions.
· Experience in SWIFT and PCI attestations preferred
· Experience in penetration testing preferred
· Deep expertise in two of the following ICS domains, and a broad knowledge of all other ICS domains.
o Identify and Access Management
o Data Protection
o Vulnerability Management (application security; infrastructure security; and configuration compliance monitoring)
o Security monitoring and response
· Up to date with key regulation / developments in Information and Cyber Security Management Framework (including Technology Risk Management)
· Knowledge of financial services businesses, processes and controls
· Excellent organisation and leadership skills with ability to manage multiple deadlines and effectively prioritise
· Strong interpersonal skills to foster positive relationships with internal and external stakeholders
· Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers
· Ability to exercise good judgment and objectivity.
· Demonstrates ability to work with limited direction and multi-task without loss of quality
· Ability to perform the role of 'Change Leader'
· Confident and courageous to raise/escalate issues in a pro-active, professional and timely manner
· Demonstrate understanding of and commitment to the Group's core values
· University degree and professional certification (such as CISA, CISSP, or CISM) preferred
· Fluency in English
· Ability to commit up to 10% business travel
Apply now to join the Bank for those with big career ambitions.