Job Summary

•    The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Technology, Operations and Transformation Officer, the Group CISO serves as the first line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework, Policy and Standard, and for instilling a culture of cyber security within the Bank.

•    The role will work closely with Country CISOs / ISRO / CISRO / ICS / TTO representatives within the bank to ensure the Banks ICS regulatory obligations are met on time. 

•    This includes supporting the ICS Legal Regulatory Mandatory compliance and ISO assessments for all markets. 

Key Responsibilities

Business
•    The role will work closely with Country CISOs / ISRO / CISRO / ICS / TTO representatives within the bank to ensure the Banks ICS regulatory obligations are met on time.

Processes:
The role will:
•    The role is responsible to complete regulatory compliance assessments and support all SCB regions in meeting critical and complex ICS regulatory obligations. 
•    The role oversees all ICS regulatory compliance assessment activities (design and operating effectiveness), supports issue remediations and ensures these are performed to quality and submitted to regulators on time. 
•    The role requires technical ICS domain knowledge, SME skills in regulatory compliance assessments / audit / risk & control, and strong senior stakeholder management abilities (RCISO, CISO, ISRO, ICS/Technology/CIO Domains). 
•    Regularly identify and implement opportunities for efficiencies across processes, systems, and infrastructure.  
•    Supporting ISO certification for various markets,
•    Ensure ISMS Activities are performed in country by CISOs as per ISO Standards. Ex: Circulation of ISMS Policy to country users.
•    To conduct Preparatory Assessment in respective markets to validate all Clauses and Annex controls in ISO 27001:2022 standards.

Business
•    Maintain comprehensive and up-to-date documentation of the ISMS, including policies, procedures, and audit records.
•    Ensure necessary support to CISO during GIA Audit, to stay compliant with the internal process and to assist CISOs in gathering necessary evidence. Based on requirement, need to manage GIA Audit by submitting evidence as an exceptional requirement.
•    Ensure standby support to CISOs during External Audit. Need to join the External audit call based on requirement from CISO

People & Talent Management
•    Working in close collaboration with CISO, risk and control partners across all functions to effectively embed a strong culture of risk awareness and good conduct,
•    Track and sustain a continuous improvement and innovation culture,
•    Support a culture of diversity and inclusion to bring the best out of our people

Risk Management
•    Track the milestones of the ISO progress,
•    Work closely with AIC LRM cluster leads to drive an effective risk management culture and compliance mindset,
•    Mature the Bank’s ability to proactively identify and manage cyber threats through quality compliance assessments at a Design and Operating level 
•    Update and Maintain the ISMS Calendar for each market through monthly discussion with respective CISOs’

Governance
•    Track and follow up for timely and accurate completion of ICS regulatory compliance assessments and ensure all governance metrics are met
•    Support appropriate oversight and follow-up for resolution of high impact risk and issues

Regulatory & Business Conduct 
•    Display exemplary conduct and live by the Group’s Values and Code of Conduct. Including tracking and remediation of conduct issues 
•    Effectively and collaboratively support to identify, escalate, mitigate, and resolve risk, conduct and compliance matters

Key Stakeholders
•    Head, App & Infra Compliance
•    VP, RMO
•    AVP / VP, LRM App & Infra Compliance
•    Regional and Country - Chief Information Security Officers (CISOs) and delegate
•    Information Security Risk Officers and delegate
•    ICS Service domains 
•    COOs/CIOs of different businesses/functions
•    Group Internal Audit 

Qualifications

•    Minimum 8 years of experience in Cyber Security, technology and ICS risk management, A proven track record of leading successful teams is priority.
•    Excellent interpersonal skills to foster positive relationships with internal and external stakeholders.
•    Thorough understanding of ICS business processes, risks, threats, internal controls, and experience with regulators and multi-stakeholder organisations.
•    Ability to collect and analyse data and make recommendations in written and oral form.
•    Strong ability to liaise with all parts of the Bank, including senior security, risk and business stakeholders.
•    Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers. Fluency in English.
•    Bachelor’s Degree in Information Technology, Cybersecurity, Business Management, or other related discipline. Professional certifications have an advantage (e.g., CISA, CISSP, CISM etc).

Role Specific Technical Competencies

•    Business Process Design
•    Process Management
•    Risk Management  
•    Regulatory Environment – Financial Services
•    Program Management 

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.