Job Summary

The Operational, Technology and Cyber Risk (“OTCR”) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s operations, data, and IT systems by managing operational, technology and cyber risks across the enterprise. As a critical function reporting into the Group Chief Risk Officer (“CRO”), the Group OTCR team serves as the second line of defence for assuring that controls are implemented effectively, in accordance with the OTCR Framework, and for instilling a risk culture within the Bank.

The Associate Director, OTCR, WRB is an important role that requires solid business acumen, a deep knowledge of cyber security technologies and understanding of working in a second line capacity within a risk management organisation. The role reports directly to the Head, OTCR, WRB.

The purpose of this role is to act as the single point of contact (“SPOC”) within the second line for Wealth and Retail Business (“WRB”), in respect of all OTCR matters and decisions, for Information and Cyber Security (“ICS”), providing judgement-based input and advice to ensure effective risk management and be a trusted partner collaborating as appropriate with senior stakeholders including Subject Matter Experts (“SMEs”) and other risk teams to ensure that risk management practices are integrated into all aspects of WRB.

The individual is expected to be familiar with ICS tools / practices, enabling the WRB first line leads to make the right decisions. The individual will be skilled in business risk management, stakeholder management, and communication, with an ability to contribute to a vision for others to follow. 

The successful candidate will add value by helping to deliver customer centric solutions, providing clear direction on effective risk management, taking on tough challenges, addressing difficult issues and responding in a flexible, courageous and collaborative manner to evolving business, regulatory and threat demands.

Key Responsibilities

Strategy
Awareness and understanding of the Group's business strategy and model appropriate to the role.

Business
Awareness and understanding of the wider business, economic and market environment in which the Group operates.

Risk Management
Monitor

• Risk indicators, metrics, and thresholds 
• Completeness and accuracy of risk identification and assessment
• Regular review of residual risks and concentration of risks 
• Impact to risks / regulations which the bank faces (e.g., through internal / external change or events) 
• Reporting and escalation of business restrictions where the risks not aligned with Risk Appetite
• Timely and effective completion of actions and treatment plans 
• Business adherence to framework, policies, standards, and regulations
• Appropriate application of decision authorities and delegation rights

Challenge

• Business initiatives and decisions to ensure effective adherence of risk, policy, regulations, etc.
• Outputs of business risk identification and assessment activities for completeness and accuracy 
• Design and implementation of treatment plans / actions to mitigate risk or improve risk mgmt.
• Risk Appetite Setting: 1LOD proposals on Risk appetite and where Risk Appetite is near breach.
• Proactive challenge on strategy, process, product, channel, change activities e.g., new deals / transactions.
• Design and operating effectiveness of controls in place to mitigate material risks.

Approve

• Risk Assessment decisions for changes arising from products / process and projects etc. E.g. Inherent and Residual Risk assessments; Control design; Control Monitors;
• Treatment plans and actions design to mitigate risks, remediate appetite breaches, improve risk management. e.g. RCR, Treatment Plans, (subject to scope defined in Appendix D of the Group Operational Risk Standard); Validation of treatment plan actions;
• Other approvals explicitly required by frameworks, policies, and standards 

Governance

• Providing ongoing reporting of risk exposure into governance meetings and to key stakeholders and escalating any blockages to progress to ensure Group MT, Risk & CFCC, and OTCR Scorecard objectives are met.

Skills and Experience

• Hands-on experience in implementing, configuring, and managing Information Technologies, and Information and Cyber Security (“ICS”) controls.
• Strong understanding of the ICS threat landscape and ICS controls within the financial services environment.
• Clear understanding of how security technologies such as anti-malware, encryption, identity and access management, network security, etc work in mitigating ICS risks.
• Strong understanding of the defence-in-depth strategy.
• Knowledge of the MITRE ATT&CK Framework and Cyber Kill Chain.
• Excellent analytical and problem-solving skills, with the ability to prioritize and manage multiple tasks in a fast-paced environment.
• Ability to foster positive relationships with internal and external stakeholders at appropriate level ensuring open cooperative environment; be a team player.
• Strong communication and interpersonal skills, with the ability to effectively communicate complex information and cyber security concepts to non-technical stakeholders.

The Ideal Candidate

• Bachelor’s degree in Computer Science, Information Security or related field.
• Minimum 5 years’ experience in Information Technology, Information Security, or Information Security Audit.
• Certification in ICS or ICS Risk Management (e.g. CISSP, CISA, CRISC, OSCP, CCSP, CEH) an added advantage.
• Membership to ICS or ICS Risk Management professional organizations (e.g. ISACA, ISC2) an added advantage.

Role Specific Technical Competencies

• Information security technologies
• Information and Cyber Security risk management
• Business partnering
• Cyber resilience

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.