Job Summary

The role is responsible for supporting the Technology and Operations (T&O) division in managing First Line of Defence (1LOD) risk activities across Chief Information Officer (CIO) functions. This includes coordinating and overseeing risk identification, assessment, mitigation, and monitoring, as well as managing technology risk–related internal and external audit engagements.
The individual will partner closely with CIO teams and stakeholders across the three lines of defence, including internal and external auditors, to deliver targeted risk outcomes. Key responsibilities include establishing proactive risk identification processes, advising on control operating effectiveness, and identifying gaps or non-compliance with technology control standards or country-specific regulatory obligations.
The role also ensures comprehensive management audit oversight, including the creation, maintenance, and tracking of audit observations, management action plans, and remediation progress. Continuous monitoring of risks, issues, and action items is required to ensure timely remediation and escalation to senior management where necessary. Acting as a trusted risk subject matter expert, the individual will drive improved audit outcomes, maintain a strong control environment, and support timely closure of audit actions and identified gaps throughout the audit lifecycle

RESPONSIBILITIES

Risk identification
•    Execute Risk and Control Self Assessments (RCSA) for annual cycles and adhoc triggers. 
•    Perform residual risk assessments and prepare detailed reports for review by senior stakeholders.
•    Conduct review for new projects, system changes and transition to assess impact to risk profile. 
•    Carry out top down and thematic reviews, highlighting emerging risks and areas requiring attentions.
Risk Mitigation and Measurements
•    Perform root cause reviews / analysis for risk events.
•    Track key applications controls and risk metrics to mitigate identified risks.
•    Elevate and document risk dispensation and exceptions in alignment with governance requirements.

Risk Monitoring and Reporting
•    Monitor control compliance and performance through risk scorecard, providing accurate and timely updates.
•    Track issues and management action plan, ensuring on-time remediation and escalation of delays or concerns.
•    Validate closure of completion treatment plans and confirm risk reduction measures are effective.
•    Prepare and deliver materials for CIO line of Business risk forums to enable informed decision making.
Governance and Advisory Support
•    Review and maintain alignment with IT Standards, processes and regulatory obligations.
•    Identify control gaps or non-compliance and provide advisory to stakeholders on remediation options.
•    Support audit readiness, engagement and closure activities to improve audit outcomes and maintain a string control environment.

Key Responsibilities

Audi Engagement

•    Establish a proactive risk identification approach, including risk assessment and timely mitigation measures , to drive measurable reduction in audit findings
•    Manage audit requests from internal and external auditors end to end, ensuring timely acknowledgement, accurate responses, and adherence to agreed timelines.
•    Facilitate and review potential audit observation or findings with issue owners, ensuring factually accuracy before submission of management responses, including appropriate risk mitigation actions.
•    Ensure remedial actions are prioritised, tracked timely management of audit engagement request and issues are address and closed before target dates. Escalate overdue requests or delayed responses as per standard TAT, to facilitate and ensure timely submission.
•    Foster effective communication and collaboration with internal and external stakeholders, including CIO community, to ensure complete and accurate submissions.
•    Work closely with CIO community and relevant technology teams for all audit engagement requirements.
•    Provide management oversight on regulatory and audit matters and working engagement including remediation progress where necessary

Strategy
To strengthen and establish (includes enhancing efficiency) on Risk Management proactive communication and foster strong collaboration relationships with respective CIOs to deliver the target risk outcomes and uploading the highest standard of compliance through proactive risk management and communication across technology teams  

•    Support proactive risk identification approach including risk assessment and timely mitigation measures.
•    Ensure proper track action plans and timely resolution of issues with timely status reporting.
•    Support 1/2LOD Line Conformance & Control Testing / Assurance Review 

Business
CIB, WRB and Global Functions  

Processes
All Technology Processes

People & Talent 
•    Provide self-oriented and self-motivating individual, and work with limited direction.
•    Set appropriate tone and expectations, and work in collaboration with Risk and Control partners.
Risk Management 
•    Understand the Bank’s regulatory framework and regulatory requirements / expectations.
•    Learn and understand the Bank’s Policies, Standards, Technology Processes, Risk, Control, and measures. 
•    Manage and drive continuous improvement of the Risk Control environment through factual, insightful, analysis of the current environment and validating the same against regulatory and external engagement requirements.
•    Proactive management of regulatory and audit request (RFI) through strengthen collaboration with CIO teams and other functional teams/ risk manager to ensure complete and accurate information are gathered and reviewed before regulatory and audit submission. 
•    Collaborate with our stakeholders on thematic risk observed during regulatory/audits observation, to help identity process improvement.

Governance 
•    Ensure management risk oversight, timely and accurate reporting to the appropriate stakeholders. 
•    Monitor risk and issues from central risk platform and ensure remediation actions are undertaken as per committed plan. 

Regulatory & Business Conduct 
•    Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
•    Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
•    Lead the Controls team to achieve the outcomes set out in the Bank’s Conduct Principles: The Right Environment.
•    Effectively and collaboratively identify, escalate, and resolve Conduct and Compliance matters.
•    Provide timely and accurate Risk and Control information as scheduled / as required.

Key stakeholders
•    1LOD Technology Teams (Delivery, Application and Support, SRE)
•    2LOD Operational Risk
•    1LOD ICS teams
•    CISRO teams
•    1LOD Assurance, Conformance and Control Testing Teams

Other Responsibilities
Effectively support the organisational / team priorities

Skills and Experience

• Technology Risk Management
• Quality Assurance and Testing
• IT Standards, Procedures and Policies
• Agile Development
• Operational Risks
• Data gathering, analysis and problem solving
• MS Office (Excel, Power Point, Word)
• Effective communications and stakeholder management
• Communication platforms
• Confluence, SharePoint, Tableau, other MI Tools

Qualifications

•    Experience in technology risk management, Internal or External or other related technology risk and control roles.
•    Tertiary qualifications in Computer Science, CRISC or other relevant areas.
•    Good organizational skills with ability to manage multiple deadlines and effectively prioritise.
•    Good communication and technical report writing skill across various types of target audiences.
•    Proven track record of implementation of solutions using Business Intelligence platforms (Power BI, Tableau, etc.)
•    Self-starter, capable of managing discussions with stakeholders and engagement expectations.
•    Team player and able to coordinate with internal stakeholders.

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.