VP, OTCR, 3rd Party Risk Mgt T&O Job Details

Job Details

VP, OTCR, 3rd Party Risk Mgt T&O

Job Description

Requisition Number: 51384

Job Location: Chennai, IND

Global Grade: Band 5

Work Type: Office Working

Employment Type: Permanent

Posting Start Date: 25/03/2026

Posting End Date: 30/04/2026

Job Description:

Job Summary

The Group OTCR organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing Information and Cyber Security (ICS) and Technology risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of OTCR serves as the second line of defence for assuring ICS and Technology controls are implemented effectively and in accordance with the ICS and Technology Risk Framework and for instilling a culture of cyber and technology security within the Bank. The Group OTCR is responsible for ICS and Technology governance, strategy, policy, awareness, board training, risk assessments, red teaming, third party security risk, industry partnerships, and regulatory engagement. The OTCR is central to ensuring the Bank’s ability to meet its ICS and Technology risk commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS and Technology risk profile that is regularly reported to the Board. As part of the OTCR function, OTCR T&O Third-Party Risk Management [TPRM] and Third-Party Security Risk [TPSR] performs a pivotal role in supporting the Third-party risk management framework, independent challenge, oversight and guidance for Technology & Operations function.

Key Responsibilities

Strategy
• OTCR T&O TPRM is a permanent strategic role that requires strong business acumen and deep knowledge and in-depth experience of TPRM / TPSR framework, Policy, regulatory obligations and end to end vendor lifecycle management complimented with experience in Operations, Information security and Technology risk.
• The successful candidate will have a strong understanding of risk oversight, and can respond flexibly and collaboratively to evolving business, regulatory and threat requirements.
• This role reports directly to the Head, OTCR T&O TPRM / TPSR and works with other OTCR Coverage and SME teams to address Operational, Technology and Cyber risk as a principal risk type for the Bank and support its integration into the Bank's overall Enterprise Risk Management strategy.

Business
• The role delivers services that continually monitor the threat landscape related to Third-party risk within T&O, undertake constructive and robust oversight of the effectiveness of risk appetite, controls and risk remediation strategies, and ensure accurate, insightful, and transparent risk reporting is provided to the OTCR T&O TPRM / TPSR – Head and senior management for adequate assurance and confidence on the T&O Third Party Risk Management risk profile.

Processes
The major functional activities that the OTCR, T&O Third Party Risk Management will lead and manage are:
• Independent challenge and oversight of the T&O Third-party risk profile. Intervene and provide guidance to ensure the risks are managed within the Bank’s Risk Appetite.
• Monitor Third-party risks within T&O, Third Party Security Risk across bank and associated remediation plans across T&O Function inline with the Third-party risk framework requirements.
• Oversee implementation of controls by 1LoD to comply with requirements as defined in the Third-party risk management policies and standards, escalate material risks / issues to Head, OTCR, T&O TPRM / TPSR and senior management.
• Review remediation plans to mitigate the risks / issues and their ongoing implementation status.
• Promote a healthy OTCR & TPRM risk culture and good conduct within T&O domain.

People & Talent
• Lead through example and operate with the appropriate culture and values.
• Uphold and reinforce the independence of the second line ICS and Technology Risk function
• Facilitate awareness and training for business units within T&O in managing Third Party Risk Management and Third-Party Security risk.

Risk Management
• Support the assessment of Third-party risk and reporting for T&O ILoD Teams.
• Support OTCR T&O team in complying with the OTCR risk frameworks, policies and standards.
• Highlight risks and issues against TPRM / TPSR standards and regulations in the T&O domains.
• Oversee RCSA process across Third Party Risk [vendor] management within T&O
• Review risk mitigation plans and ensure they are adequate and effective.
• Perform thematic reviews as required

Governance
• Establish strong ties into the SCM and T&O TPRM teams, governance, risk and control committees to ensure adequate monitoring, tracking and governance of TPRM risk. Awareness and understanding of the regulatory requirements and expectations relevant to the role.
• Engage within T&O teams and participate in TPRM and TPSR risk management workshops and committee meetings to understand, advise, and challenge the 1LoD risk outlook.
• Report and escalate TPRM/TPSR risks and issues in the T&O NFRC and Group Third Party Risk Management Committee [GTPRMC] for management attention and support.
• Ensure consistency of reporting and production of high-quality documentation and materials.
• Provide recommendations and feedback to OTCR teams based on experience with T&O.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Key stakeholders

• Group SCM Team
• T&O TPRM / TPSR Team
• OTCR T&O Management Team
• Group Internal Audit
• Group OTCR Leadership Team
• Global Head, Security Technology Services
• Head of T&O Risk Frameworks, Reporting & Governance

Other Responsibilities
Embed Here for good and Group’s brand and values in OTCR]; Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures; Multiple function.

Skills and Experience

• EDUCATION: Bachelor’s degree in business, engineering, Computer Science, Information Technology, Cybersecurity, or other related discipline
• TRAINING: Minimum of 8 years of experience in security risk management with a focus on vendor / third-party risk.
• Financial Institutions / Outsourcing / Vendor Management with experience in supporting Third Party Risk Management or within Third Party Management or Third-Party Security 1st line or 2nd line.
• Understanding of third-party regulatory landscape EU: DORA (Digital Operational resilience Act, RBI master directions, US: Interagency Guidance (OCC, Fed, FDIC), UK: PRA SS2/21 (Outsourcing and TPRM).
• Understanding of vendor lifecycle, including onboarding, ongoing compliance, and offboarding.
• Excellent understanding of Non-Financial Risk Management (Operational risk management) and Risk and Control Self-Assessment framework [RCSA]
• Experience with GRC tools (E.g. ServiceNow, Archer etc.)
• Conduct due diligence and risk assessments, including financial, operational, and cybersecurity risks.
• Monitor and report on third-party compliance with security requirements.
• Strong communications skills - verbal and written.
• Good negotiating and stakeholder management.
• CERTIFICATIONS: Highly Preferred certifications include CTPRP, C3PRMP, CISA. CRISC, CISM, Deep understanding of ISO27001, SOC2 reports, NIST Framework
• LANGUAGES: Excellent English communication skills – oral and written

Role Specific Technical Competencies

• Third-party risk management / Third-party security risk
• Operational, ICS and Technology risk
• Risk & Control Self-Assessment (RCSA)
• Third Party Risk Management Framework Expertise
• Technology Architecture and Infrastructure Understanding
• Regulatory and Compliance knowledge
• Operational Resilience and Business Continuity

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
Flexible working options based around home and office locations, with flexible working patterns.
Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Information at a Glance

Provider	Description	Enabled
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions
Google Analytics	Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Cookie Information Privacy Policy Terms and Conditions
Google Tag Manager	Google Tag Manager is a tag management system for conversion tracking, site analytics, remarketing and more. Privacy Policy Terms and Conditions