Job Details

Lead, Third Party Threat Assessments (India, Poland)
Job Description
Requisition Number:  57395
Job Location: 
Global Grade:  Band 5
Work Type:  Office Working
Employment Type:  Permanent
Posting Start Date:  14/07/2026
Posting End Date:  10/08/2026
Job Description: 

Job Summary

This role could be based in India or Poland. When you start the application process you will be presented with a drop-down menu showing all countries, please ensure that you only select a country where the role is based

 

You will be joining Client & Third Party Security (CTPS), a vital specialist unit within the Group Threat Management (GTM) function, part of the broader Information & Cyber Security (ICS) landscape. CTPS plays an instrumental part in advancing the Bank's ICS Strategy by providing a focused understanding of external cyber threats linked to third-party vendors, key partners, and clients.

In your role as Lead, Third Party Threat Assessments, you will be at the forefront of evolving and enhancing the Bank’s approach to managing third-party cyber risks. Your work will underpin a transition towards a more proactive, threat-informed, and intelligence-driven management approach.

You will be responsible for integrating diverse inputs — from third party incident reviews, threat intelligence, and continuous monitoring — into robust, actionable strategies and controls. This will ensure that both assessment methodologies and remediation efforts are attuned to the evolving threat landscape. Additionally, you will serve as a critical liaison to the new centralised Third Party Risk Management Assessment framework, ensuring that ICS requirements are well represented and harmonised with organisational risk appetites and threat intelligence.

The role demands a combination of technical acumen in cyber threat intelligence, comprehensive knowledge of third party risk frameworks, sharp analytical skills, and strong stakeholder collaboration capabilities. Your contributions will be integral to increasing the resilience of the Bank’s supply chain against emerging cyber threats and supporting data-driven risk decisions.

This position offers the chance to influence safety and security at a major international financial institution and engage in dynamic, forward-looking cyber risk management practice.

Key Responsibilities

Strategy
•    Develop and embed a brand new Third Party Threat Assessment capability that translates external cyber threats, incident learnings, threat intelligence and continuous monitoring insights into practical risk management action. 
•    Shape how emerging threats, including AI-enabled vulnerability discovery, external attack surface exposure and sector-specific threat trends, inform assessment methodologies, reassessment triggers, control expectations and remediation priorities. 
•    Influence the design and implementation of a new centralised third party risk management assessment capability, ensuring ICS requirements are embedded into the future-state assessment model and remain relevant over time.

Business
•    Maintain awareness and understanding of the Group’s business strategy, operating model, third party ecosystem, critical dependencies and wider economic, geopolitical and cyber threat environment. 
•    Translate complex threat intelligence, incident investigation findings and continuous monitoring outputs into actionable insights that support business decision-making and prioritisation. 
•    Assess how external threats may impact third party services, operational resilience, client outcomes, regulatory expectations and the Bank’s residual cyber risk profile. 
•    Partner with the wider CTPS team, Supply Chain Management, TPRM assessment teams, CISOs and business-facing teams to ensure third party cyber risk insights are reflected in relevant assessment, monitoring and remediation decisions. 
•    Support senior management and business stakeholders by providing clear articulation of how emerging threats and third party control weaknesses may affect the Bank’s risk exposure.

Processes
•    Responsible for developing, maintaining and operating Third Party Threat Assessment processes, including the contextualisation of cyber threats, incident findings and monitoring signals into actionable outputs. 
•    Define and maintain threat-led assessment and reassessment triggers based on external threat intelligence, third party incident findings, vulnerability trends, continuous monitoring outputs and material changes in risk exposure. 
•    Shape targeted reassessment scopes, control focus areas and evidence expectations following material third party incidents, near misses or emerging threat developments. 
•    Provide structured inputs into third party assessment methodologies, post-incident reassessments, continuous monitoring prioritisation and remediation planning. 
•    Ensure threat assessment outputs are repeatable, evidence-based, documented and aligned to CTPS operating procedures, the Operational Risk Framework and relevant governance expectations. 
•    Establish feedback loops between teams so lessons learned are consistently embedded into process improvements.

People & Talent
•    Lead through example by promoting a proactive, threat-led, risk-focused and evidence-based culture across teams involved in third party security risk management. 
•    Set appropriate expectations for collaboration, quality of analysis, risk judgement, clear documentation and constructive challenge across stakeholders involved in threat assessment activities. 
•    Provide subject matter expertise, coaching and guidance to CTPS colleagues on how emerging threats, incident learnings and threat actor behaviours should inform third party risk management decisions.

Risk Management
•    Identify, assess, monitor and support mitigation of cyber risks arising from the Bank’s third party ecosystem, with a focus on emerging threats, incident patterns, control weaknesses and external attack surface exposure. 
•    Assess how threat intelligence, AI-enabled vulnerability discovery, geopolitical instability, supply chain attack patterns and third party incident findings may influence the Bank’s residual third party cyber risk profile. 
•    Provide risk-based recommendations to prioritise reassessments, continuous monitoring activity, remediation actions and control uplift across the third party population. 
•    Identify systemic or recurring control gaps across third parties and recommend actions to reduce the likelihood or impact of future compromise. 
•    Support responsibilities under the Group’s Risk Management Framework by ensuring threat assessment outputs are used to inform risk identification, control effectiveness, remediation planning and residual risk articulation. 
•    Provide effective challenge where assessment scopes, monitoring priorities or remediation plans do not sufficiently reflect current threat intelligence, incident learnings or risk exposure. 
•    Support the proactive management of third party security residual risk by ensuring emerging threats are considered before they crystallise into material Bank impact.

Governance
•    Act as a key ICS interface into centralised third party assessment teams, ensuring ICS cyber risk requirements are clearly represented and embedded. 
•    Support effective governance, oversight and challenge by ensuring third party threat assessment insights are escalated through appropriate CTPS, ICS, TPRM and Group governance channels. 
•    Provide clear, evidence-based reporting and risk articulation to senior stakeholders on emerging third party threats, assessment implications, monitoring priorities and residual risk impacts. 
•    Periodically assess the effectiveness of existing assessment methodologies, control expectations, monitoring scope and post-incident reassessment arrangements, recommending improvements where required. 
•    Maintain awareness and understanding of the regulatory framework relevant to third party security risk, operational resilience, cyber resilience and technology risk management. 
•    Review outputs from the centralised assessment model to ensure they remain aligned to the Bank’s cyber threat landscape, ICS risk appetite and third party residual risk profile. 
•    Escalate material gaps, inconsistencies or areas of concern where assessment outputs, operating procedures or governance arrangements do not adequately address third party cyber security risk.

Regulatory & Business Conduct
•    Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
•    Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
•    Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key stakeholders
•    Head, Client & Third Party Security (and wider team)
•    Cyber Intelligence Centre
•    Threat Assessment & Countermeasures
•    Global Head, Group Threat Management
•    Technology & Operations Third Party Risk Management Utility
•    Supply Chain Management
•    Risk stakeholders across 1st, 2nd and 3rd lines of defence

Other Responsibilities
•    Embed Here for good and Group’s brand and values in the CTPS team

Skills and Experience

Skills and Experience Required:

  • Excellent written and verbal communication skills to convey complex cyber threat assessments and recommendations clearly to diverse stakeholders at various organisational levels.
  • Strong expertise in governance frameworks and security reporting methods to support effective risk oversight and regulatory compliance.
  • Proven knowledge and practical application of cyber threat intelligence – analysing threat actors, attack vectors, emerging vulnerabilities – and translating these insights into proactive security measures.
  • Comprehensive understanding of third party security risks, including assessment methodologies, control frameworks, and remediation strategies.
  • Demonstrated experience in third party risk management in a regulated environment, with ability to adapt risk controls dynamically based on intelligence and incident learnings.
  • Exceptional stakeholder engagement skills to build and maintain relationships with internal partners and external vendors, promoting collaboration and informed decision-making.
  • Experience in implementing new security capabilities, process improvements, and leading change initiatives within complex organisations.
  • Minimum 8 years of relevant work experience in cyber security, third party risk management, or related fields

Qualifications

Qualifications:

  • Fluency in English is essential due to the international scope and stakeholder engagement requirements of the role.
  • A degree or equivalent qualification in Cyber Security, Information Technology, Risk Management, or related disciplines is highly desirable.
  • Professional certifications such as CISSP, CISM, CRISC, or equivalent in cyber security and risk management are advantageous.

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

  • Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
  • Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
  • Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

  • Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
  • Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
  • Flexible working options based around home and office locations, with flexible working patterns.
  • Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
  • A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
  • Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
Information at a Glance