Strategy

• Support the Group Functions (Risk, CFCC and GIA) CISOs in defining Information and Cyber Security Strategy and socialize to enhance awareness within the businesses, working closely with Group Functions (Risk, CFCC and GIA) CIO and COO’s.
• Support Group Functions (Risk, CFCC and GIA) CISOs in determining key ICS threats and risks to the business and their mitigation plans.
• Track and align ICS adoption and execution to the ICS risk reduction initiatives with key enterprise programmes (Obsolescence remediation, Cloud Adoption, etc.)
• Develop and implement risk mitigation strategies and controls to protect against identified threats, ensuring alignment with business objectives and regulatory requirements.
• Monitor and analyze security intelligence sources to stay updated on the latest cyber threats and trends relevant to our industry.
• Serve as a subject matter expert on security risk management, providing guidance and support to internal stakeholders and external partners.

Business

• Group Functions (Risk, CFCC and GIA) CISOs delegate within the Group Functions (Risk, CFCC and GIA) functions.
• Identify and manage ICS risk within the Group Functions (Risk, CFCC and GIA) and represent ICS risk to relevant Risk Committees / governance forums.
• Educate business stakeholders regarding ICS Risks to drive accountability across the business.
• Maintain strong stakeholder engagement with business stakeholders, COO, CIO and CISRO teams.

Processes

• Conduct comprehensive risk assessments to identify potential security vulnerabilities and threats specific to our business operations.
• Lead the development and maintenance of security policies, standards, and procedures tailored to our organization's risk profile and regulatory environment.
   

People & Talent

• Good organisation skills with ability to manage multiple deadlines and effectively prioritise, including strong collaboration with peers.
• Collaborate with cross-functional teams to assess the security implications of new projects, initiatives, and technologies, providing recommendations for risk mitigation.

Risk Management

• Responsible to represent Group Functions (Risk, CFCC and GIA) CISOs in the relevant committees.
• Perform ICS risk assessment for Group Functions (Risk, CFCC and GIA) – Execute Threat Security Risk Assessment (TSRA) to identification and manage Group Functions (Risk, CFCC and GIA) ICS Risks and threats as per the Bank’s Risk framework and frequency.
• Define Group Functions (Risk, CFCC and GIA) ICS Risk treatment plans in collaboration with the Group Functions (Risk, CFCC and GIA) CISOs including ICS Risk tracking and management of associated ICS Treatment plans.
• Key focal point for CISRO in relation to TSRA Risk Assessment.
• Responsible for risk and threat reporting requirements for key risk committees / forums (like NFRC, ICS check point, Sustainability Refinement forums, ERR Treatment plan governance meeting etc.)
• Manage actions coming out of various risk committees / forums.

Governance

• Governance of Group Functions (Risk, CFCC and GIA) ICS Treatment Plans actions in collaboration with Group Functions (Risk, CFCC and GIA) CISOs.
• Ensure key Group Functions (Risk, CFCC and GIA) ICS risk and issues are monitored and appropriately addressed by key stakeholders.
• Ensure adoption of the ICS controls across Group Functions (Risk, CFCC and GIA).

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group's Values, Valued Behaviours, and Code of Conduct
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank. 
• Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.

Key stakeholders

• CISO, CIB, Core Technology and Functions 
• Group Functions (Risk, CFCC and GIA) CIO and relevant Functions Stakeholders
• Group Functions (Risk, CFCC and GIA) Technology Team
• Group Functions (Risk, CFCC and GIA) CISOs
• Group Functions (Risk, CFCC and GIA) CISRO
• Head of ICS Controls, CIB, Core Technology and Functions
• Head of ICS Risk and Threat, CIB, Core Technology and Functions

Skills and Experience

• At least 8 years’ experience in banking industry, preferably in information security, with a focus on risk assessment and management – MUST
• Experience in ICS Risk Framework within banking industry – MUST
• Strong knowledge of risk assessment methodologies and and experience in working across multiple security frameworks (e.g. NIST, ISO 27001, PCI-DSS) – MUST
• Experience with security tools and technologies for risk assessment, threat intelligence, and incident response – MUST
• Understanding of the Cyber landscape and ICS Controls within the banking environment    
• Excellent organisation skills with ability to manage multiple deadlines and effectively prioritise    
• Ability to foster positive relationships with internal and external stakeholders at appropriate level ensuring open cooperative environment. Be a Team player.    
• Experienced in the production of executive reporting; good communication skills (written and oral).
• Excellent analytical and problem-solving skills, with the ability to prioritize and manage multiple tasks in a fast-paced environment    
• Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders    
   

Qualifications

EDUCATION     

• Bachelor’s Degree in engineering, Computer Science/ Information Security or Technology, or its equivalent.

CERTIFICATIONS     

• Industry certifications will be preferred like Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), CRISC, SANS GIAC, GPEN, OCSP, CREST.

LANGUAGES     

• English

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.