Job Summary

•    The T & O ICS Risk and Governance has been set-up to provide best in class risk & control execution from both a ‘Vertical’ and ‘Horizontal’ perspective. Central Risk & Governance is one of the horizontal functions in T & O ICS team with the objective to ensure effective application of relevant Principal Risk Type Frameworks across T & O ICS, including the provision of relevant information to Risk Management and Oversight Forums, and to oversee the timely identification and resolution of emerging risks, issues, and findings. In addition, to raise the effectiveness and efficiency of risk and control management across all ICS domains 
•    Director, Risk and Control role is created under Cyber Security (CS) Risk and Control team to look after continuous improvement of the CS Data Security and Application support control environment via proactive risk assessments and structured risk & control management. This role will report Director for IP, DS, GTM Risk & Control.

Key Responsibilities

•    Oversee all risk and control activities related to processes and assets within the T & O ICS function.
•    Deliver risk focused, timely and re-performable deep dive reviews following T & O Control methodology.
•    Design and maintain internal processes that allow T & O ICS and Application Support to dynamically monitor risk and controls.
•    Maintain all ORTF based T & O ICS controls and corresponding CSTs, KCIs and KRIs.
•    Provide timely and accurate risk & control MI to the respective risk forums.
•    Drive compliance with the Bank’s risk framework and policies (e.g. ERMF, ORTF and ICS RTF).
•    Support the design, build, and implementation of effective processes and controls to effectively mitigate ICS risks.
•    Support the T & O I CS and application support Function to be ‘First to Know’ its risks & issues, and to deliver on its commitments. 
•    Support stakeholders in defining remediation actions to address identified control weaknesses and issues. 
•    Act as the key confidant to the T & O ICS and application ‘Process Owner(s)’ responsible for developing, prioritizing and implementing controls
•    Maintain accurate and timely data within M7 and any other agreed repositories for risk & control data and issues. 
•    Track issue remediation, check and challenge delivery status and escalate delays.
•    Validate that remediation activities completed by T & O ICS and application support function to  address the risk in the issues (e.g. Audit issues and deep dive findings).

Strategy
•    Strategize how to perform risk buydown for elevated risk in service domain

Risk Management
•    Perform risk assessment and liaise with respective stakeholder to write elevated residual risk papers with treatment plan.
•    Support liaison with Group Internal Audit and any third party or regulatory inspections.
•    Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
•    Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.
•    Support T & O ICS and application support  Process owners in the execution of their accountabilities related to:
•    Identification and management of the end to end processes as defined by the Process Universe and associated risks for the activities carried out.
•    Implementing the RCSA to monitor the effectiveness of the controls and standards governing the end to end process.
•    Being accountable to the Group Process Universe Owner, framework and policy owners and implementing the control requirements applicable to the process.
•    Escalating significant risks and issues to the Process Universe Owners, relevant Risk Framework Owners or Policy Owners.
•    Perform review of the control self-assessment outcomes, monthly control testing results and adequacy of the related remediation actions.
•    Support activities related to control design, assessment, testing processes and drive continuous improvement in ICS RTF.
•    Execute deep dive reviews and consistent, efficient and meaningful CSTs / KCI tests for CS and application support processes.
•    Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction.
•    Manage and drive continuous improvement of the T & O I CS and application support control environment through proactive risk management (e.g. technical deep dive and issue validation).
•    Provide good technical input and challenge on assignment to steer team member in producing high quality output which address the risk

Governance 
•    Provide timely and accurate reporting to appropriate committees.
•    Ensure appropriate oversight and facilitate resolution of high impact risk and issues.
•    Tracking and reporting of risk assessments (e.g. audits, risk assessments etc) and their outputs to ensure oversight and escalation mechanisms are in place to provide MI on obligations.
•    Work with the T & O ICS and application support Service Lines to identify emerging risks and ensure they are appropriately addressed and subjected to formal governance.
•    Support continuous improvement of the T & O ICS and application support internal risk profile reporting, issue management processes and supporting tools

Regulatory & Business Conduct 
•    Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
•    Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
•    Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key stakeholders

•    Global Head Risk & Governance
•    Global Head ICS (ICS)
•    Global Head Application Support Technology
•    Head of ICS R & C
•    Service Heads Cyber Security / Application Support
•    Service Heads GTM
•    Service Heads Data Security
•    Cyber Security MT
•    Group OTCR
•    Group Internal Audit

Skills and Experience

•    Experience in setting up objectives for the team and drive performance discussions with teams. 
•    Minimum 11 years’ experience as Risk and Controls Expert
•    Excellent written and oral and presentation and communication skills
•    Experience in writing assurance / risk assessment reports is an added advantage
•    Knowledge around industry standard security control frameworks
•    Strong sense of personal ownership and responsibility in accomplishing the organisation’s goal. Exudes confidence and will roll-up his/her sleeves to drive success
•    Able to get things done in a quick-paced environment. Be transparent and open around what doesn’t work and what does
•    Good understanding of regulatory compliance, information and cyber security risk and controls
•    Ability to collect and analyse data, establish facts and make recommendations in written and oral form
•    Strong Technical skills and good understanding in Data Protection and access management across platforms/Applications
•    Strong interpersonal and team skills.
•    CISSP / CISA / CISM /CRISC trained or certified will be a definite advantage
•    Good working knowledge of MS software application: Outlook (advance), Word (advance), PowerPoint (advance), Excel (advance)

•    Cyber Risk Management
•    Data Security Technologies 
•    People Management

Qualifications

•    Bachelor / Honours Degree in Information Technology, Computer Science, Cyber Security or other technology related qualifications or 10+ years of experience in cyber/IT security, technology audit or assurance.
•    Fluency in English.

Competencies

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Recruitment Assessments

Some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

Visit our careers website www.sc.com/careers