Senior Manager, Third Party Security Risk(Malaysia, India) Job Details

Job Details

Senior Manager, Third Party Security Risk(Malaysia, India)

Job Description

Requisition Number: 51801

Job Location: Bukit Jalil KL, MYS,

Global Grade: Band 6

Work Type: Office Working

Employment Type: Permanent

Posting Start Date: 13/04/2026

Posting End Date: 27/04/2026

Job Description:

Job Summary

This role could be based in Malaysia and India. When you start the application process you will be presented with a drop down menu showing all countries, Please ensure that you select a country where the role is based.

The Senior Manager, Third Party Security Risk (TPSR) role sits within the Client and Third Party Security team and plays an essential part in protecting the Bank from cyber threats originating from third party providers. The role is primarily focused on delivering high quality third party cyber security assessments, analysing supplier risks, validating control effectiveness, and ensuring that external partners meet the Bank’s security requirements.

The position supports the ongoing enhancement of the Bank’s Third Party Security Risk framework by contributing to process improvements, supporting toolset optimisation, and helping refine methodologies in response to emerging threats. While not a people leadership role, the Senior Manager will work closely with cross functional teams, collaborate with senior stakeholders, and support selected project initiatives that strengthen third party cyber resilience.

This role requires strong technical knowledge of cyber security, supply chain risk, and assessment practices, along with the ability to engage effectively across different business functions.

Strategy
• Support the execution of the Bank’s third party cyber security strategy by delivering consistent and high quality assessments.
• Monitor emerging cyber threats, risks, and technologies relevant to third party ecosystems and propose enhancements to existing methodologies.
• Contribute insights to senior leadership to ensure third party risk management remains aligned with broader organisational priorities.
• Participate in initiatives aimed at improving the maturity and quality of third party cyber security controls.

Business
• Act as a subject matter expert advising Business Units on third party cyber risks and security expectations.
• Help stakeholders understand their third party risk exposure and support them in implementing appropriate mitigation actions.
• Collaborate with Procurement and vendor management teams to embed third party security requirements into onboarding and lifecycle processes.

Key Responsibilities

Processes
• Deliver end to end third party cyber security assessments, including evidence review, control evaluation, and risk analysis
• Maintain and enhance the Third Party Security Risk toolset by supporting requirement gathering, testing, and platform improvements.
Track and report on remediation activities related to identified risks, assessments, or findings.
• Continuously refine operational processes based on feedback, threat intelligence, and industry best practices.
• Identify and support automation opportunities to improve accuracy, efficiency, and scalability of assessment processes.

People & Talent
• Support knowledge sharing and skill development within the team through guidance, subject matter expertise, and contribution to best practice documentation.

Risk Management
• Ensure third party assessments and processes comply with relevant regulatory requirements and internal security standards.
• Apply a threat based mindset to assess control effectiveness and prioritise risks based on real world attack scenarios.
• Communicate assessment outcomes, risks, and recommendations clearly and promptly.
• Escalate critical risk and compliance issues as appropriate.

Governance
• Maintain and update third party security documentation, assessment templates, and procedural materials.
• Contribute to the development of clear, actionable reporting that articulates the Bank’s third party cyber risk exposure.

Regulatory & Business Conduct
• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key stakeholders
• Supply Chain Management
• CISO
• OTCR
• Business Unit stakeholders
• Group Threat Management

Skills and Experience

• Risk Management
• Information Cyber Security
• Project Management
• Stakeholder Management
• Incident management
• Process Governance

Qualifications

• Strong written and verbal communication skills, with the ability to present complex cyber security topics clearly to both technical and non technical audiences.
• 5 years of experience in information security, cyber risk management, IT auditing, or security focused project delivery within large organisations.
• Strong understanding of auditing standards, regulatory requirements, risk assessment methodologies, and internal control frameworks across global markets.
• Strong personal ownership mindset with the ability to drive outcomes, influence decision making, and uphold the highest standards of cyber resilience.
• Excellent time management, prioritisation, and organisational skills, with the capability to manage multiple strategic and operational priorities simultaneously.
• Solid knowledge of cyber security frameworks (e.g., COBIT, NIST CSF, ISO 27001, ISF, CIS), security architecture principles, and supply chain security practices.
• Familiarity with emerging cyber threats, attack vectors, and evolving third party and supply chain risk trends.
Highly relevant and desirable cyber security certifications:
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CRISC (Certified in Risk and Information Systems Control)
• CCSP (Certified Cloud Security Professional)
• CEH (Certified Ethical Hacker) or equivalent
• ISO 27001 Lead Auditor

Competencies

Action Oriented

Collaborates

Customer Focus

Gives Clarity & Guidance

Manages Ambiguity

Develops Talent

Drives Vision & Purpose

Nimble Learning

Decision Quality

Courage

Instills Trust

Strategic Mindset

Technical Competencies: This is a generic competency to evaluate candidate on role-specific technical skills and requirements

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
Flexible working options based around home and office locations, with flexible working patterns.
Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Recruitment Assessments

Some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

Visit our careers website www.sc.com/careers

Information at a Glance

Provider	Description	Enabled
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions
Google Analytics	Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Cookie Information Privacy Policy Terms and Conditions
Google Tag Manager	Google Tag Manager is a tag management system for conversion tracking, site analytics, remarketing and more. Privacy Policy Terms and Conditions