Job Summary

• Operational, Technology and Cyber Risk (OTCR) is a second line-of-defence Risk department that provides independent guidance, oversight and partnership with first line-of-defence (1LoD) risk management.  OTCR comprises coverage teams that oversee risk in the Bank’s business units and SME teams that provide deep expertise, setting the Bank’s OTCR risk management approach.  The risks themselves are owned in 1LoD.  Within OTCR, our team sets the Bank’s Policy for managing Information and Cyber Security (ICS) and Technology Risks.
• For this transformational role, the person will drive thought leadership and partner with 1LoD to mature the Bank’s ICS and Technology control compliance capabilities. This means capabilities that provide control traceability (across Group Policies, Standards and Processes) and observability of control implementation (such as applicability matrices, asset coverage, effectiveness indicators etc.).
• This is a Band 5A, individual contributor position that reports directly to the Head, OTCR, T&O International Markets, Policy & Regulatory Management.

Key Responsibilities

• The successful candidate will have strong experience in a second line ICS and Technology Risk capacity, with a particular focus on areas such as control lifecycles and control compliance.
• They should have as strong working knowledge of industry best practice, be able to quickly develop a thorough understanding of the Bank’s internal control compliance capabilities and work well with others to help influence the strategic direction.

The role will focus on the following key activities:

• Capability mapping and evaluation. Partner with 1LoD to map, develop and maintain a holistic understanding of internal capabilities that deliver controls traceability and observability. Evaluate capability maturity, limitations and benchmark these against industry best practice.
• Risk profile insights. Identify and drive opportunities to integrate control traceability and observability capabilities into ICS and Technology risk profile reporting, embedding data-driven insights to improve the confidence with which risk profiles are reported.

• Strategic roadmap. Partner with 1LoD to holistically understand and shape the Bank’s strategic roadmap to mature controls compliance capabilities and their exploitation to improve the quality of risk profile oversight.
• Policy & Standards effectiveness measurement and attestation. Support exercises to evaluate effectiveness of Group Policies & Standards, as defined in the Enterprise Risk Management Framework (ERMF). Drive thought leadership around how Policies and Standards must evolve to adapt to changing business, industry and regulatory demands. Support evaluation and submissions for compliance attestations, both against internal (e.g. ERM) and external requirements (e.g. Basel Committee on Banking Supervision [BCBS]).

Key Stakeholders

• Enterprise Risk Management
• Group CISO and Technology & Architecture
• T&O Risk & Governance
• OTCR Frameworks & Stress Testing
• OTCR Policy Owners

Other Responsibilities

• Embed Here for Good and Group’s brand and values in first line operational risk management.

Qualifications

• Experience in an ICS or Technology risk role for a first, second or third line of defence team.
• Strong knowledge of ICS and Technology industry frameworks and principles.
• Technical knowledge across a broad range of ICS and Technology domains such as software delivery, IT operations, security architecture, cyber defence, security monitoring and analytics, data protection, identity and access management etc.
• Thorough understanding of internal controls relevant for managing ICS and Technology risks in business processes.
• Strong leadership, negotiation and collaboration skills. Able to work effectively in a complex, multicultural and multi-timezone organization.

• Strong interpersonal and stakeholder management skills. Experience across various levels in the organization including senior leadership teams, influencing key decisions taken in business and support teams.  
• Ability to collect and analyse data, establish facts, and make recommendations based on sound risk management principles
• Ability to communicate complex ICS, Technology and process risk clearly, concisely, and accurately to non-technical stakeholders.
• A self-starter who is able to initiate and successfully drive initiatives to completion with little management supervision.
• A passion for keeping technical skills up to date and horizon scanning for emerging risks.

Certifications  

• Professional certifications related to ICS and Technology risk are desirable (e.g., CCSP, CRISC, CISA, CISSP, CISM, GIAC etc).

Languages

• Excellent English communication skills – oral and written

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.