Job Summary
The Associate Director for Information and Cyber Security (ICS) Unified Business Impact Assessment (UBIA) is a pivotal first line of defense role at Standard Chartered. The role is accountable for driving high-quality, timely, and risk-accurate UBIA outcomes across information assets and systems by reviewing and challenging submissions from Asset Owners and System Owners, ensuring alignment to ICS risk expectations and regulatory requirements. The role also oversees the UBIA operating model including prioritization of critical assessments, remediation of overdue or poor-quality submissions, delivery of actionable management information, and continuous improvement of the UBIA process, guidance, and enabling tooling.
In addition, the role provides targeted support to End User Computing (EUC) governance through contribution to EUC control assurance activities, data quality oversight, and risk reporting where required
Key Responsibilities
- Review and Challenge UBIA Assessments: Conduct thorough reviews and constructive challenge of UBIA submissions from Information Asset Owners and System Owners, ensuring accurate evaluation of ICS risk and consistent application of methodology and rating criteria.
- ICS Risk Identification and Prioritisation: Analyse UBIA population and trends to identify concentrations of ICS risk, recommend prioritisation and remediation actions, and support risk-based focus on critical assets and services.
- UBIA Operations and Backlog Management: Oversee distribution, tracking, and completion of assessments to ensure effective prioritisation, timely completion, and closure of overdue assessments. Escalate material control or quality issues as required.
- Quality Standards and Assurance: Define and apply clear quality expectations for submissions (completeness, evidence, consistency, audit defensibility) and drive rework where needed.
- Continuous Improvement and Change Delivery: Develop and implement improvements to UBIA process, guidance, controls, and tooling (including release readiness, operationalisation, and post-go-live stabilisation).
- Stakeholder Training and Enablement: Lead creation and maintenance of training materials, job aids, and guidance to ensure stakeholders understand the UBIA process, methodology, responsibilities, and expected evidence standards.
- Stakeholder Support and Advisory: Provide responsive and customer-focused support to business stakeholders, including clarifying methodology requirements, resolving queries, and enabling timely completion of assessments.
- Tooling and System Administration: Act as system super-user for the UBIA / Information Asset assessment platform, including day-to-day operations, user support, defect triage, coordination with development teams, and leading UAT for new features and changes.
- Management Information, Variance Analysis and Reporting: Produce insightful management information and variance analysis, including trends, exceptions, root drivers, and targeted interventions. Provide clear commentary suitable for senior stakeholders and governance forums.
- Ad Hoc Reporting and Executive Insights: Deliver ad hoc analysis to support management initiatives, risk appetite monitoring, and decisions aimed at reducing ICS risk exposure.
- Cross-Functional Collaboration: Collaborate with internal partners (e.g., CISOs, Operational Risk, Resilience, Architecture, Technology teams) to ensure UBIA outputs are usable downstream (controls applicability, risk decisions, governance triggers).
- Regulatory Compliance: Ensure UBIA activities and deliverables are compliant with internal standards, policies, and relevant regulatory expectations for technology and cyber risk governance.
- Risk and Control Awareness: Maintain strong understanding of risk appetite, control environment expectations, and how UBIA supports broader risk management outcomes.
Variance Analysis and Reporting:
• Lead the development of insightful management information, perform periodic variance analysis, and provide commentary and explanation for senior executives and operational stakeholders.
Ad Hoc Reporting:
• Produce ad hoc reports to support management initiatives aimed at reducing ICS risk, ensuring timely and accurate communication of risk-related insights and recommendations.
Cross-Functional Collaboration:
• Collaborate with various internal and external stakeholders to foster strong relationships, ensuring cooperative and effective communication across departments.
Client-Centric Focus:
• Maintain a client-centric mindset in all activities, ensuring that all deliverables meet the needs of internal clients and align with the bank’s strategic objectives.
Problem-Solving and Multi-Tasking:
• Demonstrate strong problem-solving skills and the ability to manage multiple complex tasks simultaneously, ensuring that all responsibilities are met efficiently and effectively.
Communication and Leadership:
• Exhibit strong communication skills, both written and verbal, and demonstrate the ability to lead and engage with multiple stakeholders across various levels of the organization.
Regulatory Compliance:
• Ensure that all activities and deliverables are in compliance with relevant regulatory requirements, standards, and guidelines, particularly those related to information and cyber security.
Risk and Control Awareness:
• Maintain a deep understanding of the business’s risk appetite and control environment, aligning impact assessment activities with the bank’s broader risk management framework.
Strategy
Support Strategic Alignment:
• Assist in aligning the ICS Security Business Impact Assessment process with broader organizational strategies by implementing improvements and ensuring adherence to established policies and guidelines.
Facilitate Process Optimization:
• Contribute to the ongoing optimization of the assessment process by supporting the identification of inefficiencies and assisting in the implementation of solutions that enhance operational effectiveness.
Enhance Stakeholder Collaboration:
• Provide support in fostering effective collaboration with business stakeholders by ensuring they understand the assessment process and receive timely guidance, thereby promoting consistent and accurate evaluations of ICS risks.
Business
Collaborate with Business Units:
• Work closely with various business units and functions to ensure they have the necessary support and guidance throughout the ICS Security Business Impact Assessment process, helping them understand their responsibilities and the implications of their assessments.
Facilitate Communication:
• Act as a liaison between the Information and Cyber Security team and business stakeholders, ensuring clear and consistent communication of assessment requirements, timelines, and outcomes to promote alignment and understanding.
Support Stakeholder Engagement:
• Provide hands-on support in engaging with stakeholders across different functions, helping to address their questions and concerns related to the assessment process, and ensuring their input is considered in refining and improving methodologies.
Processes
Execute ICS Assessment Processes:
• Lead the execution of the ICS Security Business Impact Assessment process, ensuring that all assessments are conducted accurately and in a timely manner, following the established protocols and guidelines.
Implement Process Enhancements:
• Actively implement and manage process improvements within the assessment framework, ensuring that any updates or changes are effectively integrated into daily operations to enhance efficiency and reliability.
Maintain Process Integrity:
• Ensure the integrity of the assessment process by strictly adhering to and enforcing all procedures, and by conducting regular reviews to confirm that all steps are being executed consistently across different business units and functions.
People & Talent
Provide Training and Guidance:
• Deliver training and offer ongoing guidance to team members and business stakeholders involved in the ICS Security Business Impact Assessment process, ensuring they have the knowledge and skills required to perform their roles effectively.
Foster a Collaborative Environment:
• Promote a collaborative working environment by actively engaging with colleagues across teams, encouraging knowledge sharing, and supporting the development of best practices within the assessment process.
Support Talent Development:
• Assist in the development and mentorship of junior team members, providing them with the support and feedback needed to grow their skills and advance their careers within the information and cyber security domain.
Risk Management
Execute Risk Assessment Procedures:
• Conduct detailed risk assessments as part of the ICS Security Business Impact Assessment process, ensuring that risks to information assets and systems are accurately identified, evaluated, and documented.
Ensure Compliance with Risk Standards:
• Ensure that all assessments align with the bank’s risk management standards and regulatory requirements, actively monitoring for any deviations and taking corrective actions where necessary.
Contribute to Risk Mitigation Strategies:
• Work with risk management teams to contribute to the development and implementation of risk mitigation strategies, ensuring that identified risks are addressed promptly and effectively to protect the bank's assets and systems.
Governance
Enforce Governance Standards:
• Ensure that the ICS Security Business Impact Assessment process adheres to the bank’s governance frameworks and policies, maintaining strict compliance with internal controls and regulatory requirements.
Monitor Governance Compliance:
• Regularly monitor and review the assessment process to ensure ongoing compliance with governance standards, identifying any gaps or issues and implementing corrective measures as needed.
Support Governance Reporting:
• Prepare and provide accurate reports on governance-related activities within the assessment process, offering insights and updates to senior management and relevant committees to support informed decision-making.
Regulatory & Business Conduct
• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Lead the Controls team to achieve the outcomes set out in the Bank’s Conduct Principles: The Right Environment.
• Effectively and collaboratively identify, escalate, and resolve conduct and compliance matters.
• Provide timely and accurate risk & control information to support regulatory meetings and RFIs.
• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Key stakeholders
- Global Head T&O Governance
- Global Head, Risk Management CISO
- Head ICS Risk Management CISO
- Business CISOs
- COOs
Other Responsibilities
• Embed Here for good and Group’s brand and values in ICS R&G; Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures; Multiple functions (double hats); [List all responsibilities associated with the role]
Qualifications
- Education: Bachelor’s degree in Cybersecurity, Information Technology, or a related field. Advanced degrees or relevant certifications (e.g., CISSP, CISM, CISA) are preferred.
- Experience: Minimum of 6-10 years of experience in cybersecurity, with a focus on standards and controls, risk management, and regulatory compliance. Experience in a financial institution or a similarly regulated industry is highly desirable.
Skills: Strong communication, and interpersonal skills. Demonstrated ability to work effectively with diverse teams and stakeholders
Skills and Experience
• Business Process Design
• Process Management
• Risk Management
• Assurance & Governance
• Regulatory Environment
• Interpersonal Relationships
• Stakeholder and Team Management
About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.
Together we:
- Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
- Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
- Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
What we offer
In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
- Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
- Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
- Flexible working options based around home and office locations, with flexible working patterns.
- Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
- A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
- Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
