Job Title Here Experience Director

Title: Senior ICS Risk, Threat and Governance Manager
Bukit Jalil KL, MY
Job Summary
Strategy
• Awareness and understanding of WRB and Markets ICS team’s strategy in supporting (1) WRB business strategy and (2) Group ICS strategy; towards management and oversight of WRB ICS risk.
• Identify changes to plan required in terms of additional components, reprioritisation to anticipate and respond to changes
• Learn from the recent regional and global cyber events and build into strategy towards management of WRB and Markets ICS risk, in order to address current and emerging risks (factoring into TSRA).
• Assist with other cyber activities underway.
Business
• Dynamic management of WRB ICS risk in alignment with WRB business strategy and Group ICS strategy.
• Maintain strong stakeholder engagement with WRB COO team, WRB Business Risk Management (BRM) team, WRB CIO and WRB OTCR teams, to jointly deliver value for WRB.
• Proactive and effective communication of WRB and markets ICS risk to Business and Group ICS stakeholders (e.g. communication to WRBRC, Stakeholder communication, Governance day, Performance wall)
o Support the Head of ICS Risk, Threat and Governance, WRB & Markets in various working groups and ensuring proper rollout of the team objectives.
o Support the Head of ICS Risk, Threat and Governance, WRB & Markets in putting together Risk papers and risk heatmap for submission to Risk committees (WRB RC, GRC, BRC, GNFRC) and associated stakeholder preparation.
o Support the Head of ICS Risk, Threat and Governance, WRB & Markets in content submission and stakeholder preparation associated to Cyber Security Advisory Forum (CSAF).
o Support the Head of ICS Risk – Threat, Risk and Governance, WRB & Markets in reviewing Market submission of risk papers for Markets Non-Financial Risk Forums (NFRFs)
o Responsible for WRB and Market CISO inputs to the Group ICS governance day.
o Responsible for WRB Performance Wall publication.
Processes
• Responsible for governance and management of WRB ICS Risk, along with WRB and Markets, ICS Risk, Threat and Governance team.
• Escalate appropriately to ensure the Head of ICS Risk – Threat, Risk and Governance, WRB & Markets is briefed and necessary decisions are made in a timely manner.
Risk Management
• Provide oversight on the Threat Security Risk Assessment (TSRA), Continuous Control and Risk Monitoring and Risk and Control Self Assessment for all WRB & Markets domains / risk profiles, including leading and managing any required changes.
• Identification and Management of WRB & Markets ICS Risks and Threats and leading the drafting and coordination of Treatment Plans and Actions arising from risk events, in collaboration with the business and technology teams. This include: Establishing a Book of Work of activities required to support the Business risk reduction timelines, Interface with other areas to ensure dependencies are known and prioritised, and actions addressing horizon risk items.
• Manage risk associated to resiliency with focus on Important Business Services (IBS) and its impact on ICS risk (e.g. Response and recover related discussions, assist with cyber crisis management exercises, playbooks etc.)
• Support the Third Party (TP) risk identification and oversight (of material focus TP) in view of prioritisation and focus from the business and OTCR.
Key Responsibilities
Governance
• Governance and Oversight on WRB Board Risk Metrics and remediation plans.
• Governance and Oversight of WRB ICS risk and treatment actions by providing regular status updates including progress, top risks and issues to the respective business forums for the relevant domains. Track RAG status, key milestones, risks, dependencies and issues.
• Governance and Oversight of Third Party Security Assessment findings and its associated reporting, risk papers and exception requests.
Regulatory & Business Conduct
• Display exemplary conduct and live by the Group's Values, Valued Behaviours, and Code of Conduct
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank.
• Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.
Key stakeholders
• Business Risk Management, WRB & Markets
• Group Information and Cyber Security teams
• WRB Chief Information Security Officer and teams
• WRB Chief Information Officer and teams
• WRB Operational, Technology & Cyber Risk teams
Skills and Experience
Understanding of the Cyber landscape and ICS Controls within the banking environment
Excellent organisation skills with ability to manage multiple deadlines and effectively prioritise
Ability to foster positive relationships with internal and external stakeholders at appropriate level ensuring open cooperative environment. Be a Team player.
Experienced in the production of executive reporting; good communication skills (written and oral).
Excellent analytical and problem-solving skills, with the ability to prioritize and manage multiple tasks in a fast-paced environment
Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders
Qualifications
EDUCATION Bachelor’s Degree in engineering, Computer Science/ Information Security or Technology, or its equivalent.
TRAINING • At least 8 to 10 years experience in risk and governance of key ICS Controls – Data Protection, Vulnerability and Compliance Management, Network security, Security Incident Management, etc
• Experience in the identification and assessment of Cyber Risks
• Experience in third party oversight and risk management
• Experience working across multiple security frameworks (e.g. NIST, ISO 27001, PCI-DSS) and understanding of various regulatory requirements globally.
• Experience within security or risk function, ideally gained in the financial industry
• Good organisation and stakeholder management skills with ability to manage multiple deadlines and effectively prioritise
• Ability to work collaboratively with stakeholders and execute independently to effect change across the business lines and manage multiple deliverables simultaneously
• Proven ability to deliver complex, global, pan-bank initiatives by driving collaboration and participation across diverse set of stakeholders
• Stakeholder management, Negotiation skills, Conflict management, Decision-making and Team work
CERTIFICATIONS Possess one or more security certifications such as CISSP, CISA, CISM, CRISC, PCI-QSA, CSX etc.
LANGUAGES English
About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.
Together we:
- Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
- Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
- Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
What we offer
In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
- Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
- Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
- Flexible working options based around home and office locations, with flexible working patterns.
- Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
- A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
- Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.