JOB SUMMARY

The Information Security Officer will implement essential measures to assess, oversee, manage, and communicate the security risks associated with the use of information technologies in banking operations on behalf of Board of Directors and management of Bank as explained in Banking Regulatory and Supervisory Agency’s Regulation on Information Systems and Electronic Banking Services of Banks.

RESPONSIBILITIES

Strategy
•    Having sufficient information security risk management experience for monitoring the provisions on information systems security
•    Having sufficient information and experience to carry out the relations with the outsource services/third parties concerning the security support service being procured
Business
•    Carry out the relations with the support service institution concerning the support service being procured
•    Participate in projects to prevent Information/cyber security risks 
Processes
•    Establish information security across the Bank in line with business requirements and business objectives, in harmony with relevant departments
•    Assist in the classification of information assets
•    Ensure the execution of, and monitor, information security activities and tests
•    Contribute to the determination of information security requirements for important projects and changes
•    Ensure information security awareness training is taken for bank employees, top management, external service providers and customers (where applicable) via conducting information security awareness program and documenting it
•    Be a local security adviser/champion in coordination with Group Information and Cyber Security teams on provisions related to information systems security while managing the security related dispensations/risks 
•    Work in coordination with Technology, ICS and GBS teams both at group and local level

•    Give information about country security requirements to all relevant stakeholders
•    Oversee penetration tests, review penetration test results and take actions with Local Technology cooperation
•    Apply clean desk controls and report to relevant stakeholders
•    Check notifications and assigned tasks from National Cyber Security Defence Team and take necessary actions
•    Monitor and report on ICS events and incidents 
•    Ensure issues correlated to Information Security are covered by and included in resilience plans i.e. Disaster Recovery and Business Continuity plans/test

GBS: Global Business Services

Risk Management
•    Actively contribute to and assist in IS risk management activities in terms of confidentiality, integrity, and accessibility criteria for related information assets from an information security perspective
•    Monitoring information systems records and preparing reports on information systems security risks and management of these risks

Governance
•    Update and submit for approval of Information Security policies, procedures and process documents
•    Ensure country addendums for Information Security are provided to Group Governance teams when and where required
•    Monitor Information Security compliance with the provisions of the legislation, standards, policies, procedures and process documents related to information security, and ensure translations are done into local language for regulatory audit purposes
•    Inform CEO and CTM about critical Information Security events and problems 

Regulatory & Business Conduct
•    Display exemplary conduct and live by the Group’s Values and Code of Conduct
•    Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct
•    Lead the Country Information Security function to achieve the outcomes set out in the Bank’s Conduct Principles: Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment
•    Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters
•    Act based on local regulations specifically the directives of the Banking Regulation and Supervision Agency (BRSA)
Key Stakeholders
Internal
•    Turkey CEO
•    Turkey Board of Directors
•    CISO, Europe and Americas
•    Global Technology Operations
•    Global Security Functions
•    Global/ Local Technology
•    Related business and support functions
•    Country Risk Committee
•    Internal audit
•    Compliance and Internal Control
External
•    Regulators
•    External audit

Qualifications

•    Minimum 5 years of experience in Information Security and/or IT Risk Management
•    Have a risk mindset with ability to analyse and foresee cyber risks
•    Preferable to have professional certificates such as ISO27001 LA, CISM, CRISC etc.
•    Ability to write policies and procedures on Information Security processes
•    Have deep understanding of local banking regulations on Information/Cyber Security
•    Experience concentrated on the aspects of governance.
•    Have basic level of understanding on log management and data leakage prevention tools to cooperate with relevant Technology and ICS teams and able to provide evidence for regulatory audit purposes.    Have experience reporting suspicious activities via Cyber Threat/Incident Response Management cycles
•    Have Project Management capabilities
•    Have basic understanding level on Business Continuity and Disaster Recovery planning
•    Native-level proficiency in the Turkish language with exceptional spoken and written fluency in English.

Role Specific Technical Competencies
•    System: SIEM - Security Incident & Event Management and SQL Writing                       
•    System: DLP – Data Leakage Prevention
•    Process: Network Management, Vulnerability Scanning and Patch Management
•    Process: Monitoring Logs, Cyber Threats Intelligence, and Incident Response
•    Process: Reading/Writing Skills on IS and IT Regulations/Standards/Policies/Procedures
•    Process: BCP and DR Planning/Testing

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Recruitment Assessments

Some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

Visit our careers website www.sc.com/careers