• Competitive
  • London, England, United Kingdom
  • Permanent, Full time
  • Standard Chartered Bank
  • 2019-05-21

Information & Cyber Security Policy Manager

  • Location: London, England, United Kingdom
  • Salary: Competitive
  • Job Type: Full time

Information & Cyber Security Policy Manager

Job Grade: Grade 6
Location: London (UK), Warsaw (Poland), Kuala Lumpur (Malaysia) or Chennai (India)
Salary Range: Competitive Market Rate on par with Grade 6 (Senior Analyst / SME level)

The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, red teaming, third party security risk, industry partnerships, and regulatory engagement. In addition, a team of Information Security Officers (ISO) reports to the CISO and performs a pivotal role as an extension of the CISO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions. The Office of the CISO is central to ensuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.

Information & Cyber Security Policy Manager
Information & Cyber Security Policy Manager role is a permanent role requiring thorough understanding of the Information and Cyber Security regulatory landscape and an ability to assess its implications for a global bank. The successful candidate will be responsible for developing and maintaining an ICS Obligations Register with a Group-wide reach, preparing regulatory papers and horizon scanning for ICS regulatory change.

Whilst analytical and technical abilities are necessary for the role, sound stakeholder management skills are also required to liaise with senior executives across the organisation in relation to the Obligations Register.

The candidate will work directly to the Global Head, Cyber Partnerships and Government Strategy, and support the Global Head in the CISO's regulatory oversight role.

The primary purpose of this position is to effectively develop, maintain and promulgate the ICS Obligations Register and ensure quality and timely submission. This will involve research, analysis and interpretation of ICS regulation, legislation and mandatory requirements and an ability to explain these to business leaders in succinct, accessible language. In addition, the candidate should have sufficient technical understanding to explain the implications of regulations to technical colleagues responsible for taking action upon regulatory requirements.

• Ownership of the development and maintenance of the ICS Obligations Register;
• Active monitoring of the regulatory and legislative ICS landscape to ensure all future obligations of ICS regulation are captured;
• Promulgation of the ICS Obligations Register to the business as a whole, in an appropriate format for key stakeholders;
• Active liaison with key stakeholders to ensure understanding of the implications of ICS regulation;
• Periodic formal review and continuous improvement of the ICS Obligations Register;
• Support to the Global Head, Cyber Partnerships and Government Strategy in the creation of regulatory papers and presentation materials.

Key Stakeholders
Global Head, Cyber Partnerships and Government Strategy Team, CISO
• Group Regulatory Affairs
• Group Compliance
• CISO Policy, Assurance and Testing and Third Party Risk teams
• Internal technical teams

Other Responsibilities
• Perform other duties as assigned, including drafting briefing papers and preparing other materials for senior executives.
• Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.

• Bachelor's Degree in Information Technology, Cybersecurity, Business Management or other related discipline;
• Understanding of IT and cyber security business processes, risks, threats and internal controls;
• Strong understanding of global cyber regulations and their implications;
• 3 - 5 years' regulatory experience in a financial institution, regulator or consultancy;
• Analytical mindset, with outstanding ability to research and analyse data and draw out key, salient points;
• Strong stakeholder management, ensuring high quality communication, transparency and objective prioritisation;
• Strong written communication skills, with the ability to succinctly explain the implications of ICS regulations to business leaders and technical colleagues;
• Bachelor's degree in Information Technology, Cybersecurity, Business Management or other related discipline;
• Professional certifications desirable, e.g. CISSP;
• Strong multi-tasking, planning and prioritisation ability;
• Expert in the use of MS software;
• Exemplary conduct and fit with the Bank's culture and values.