Job Summary

The Global Head of Risk Management for the Chief Information Security Office (CISO) is a senior leadership role within the Technology and Operations Risk & Control function, responsible for establishing and driving a comprehensive, proactive, and forward-looking risk management approach across these critical areas.

This role ensures that risk frameworks, governance structures, and control programs are effectively embedded within the first line of defence, enabling the organization to anticipate, assess, and mitigate risks while ensuring alignment with the Enterprise Risk Management Framework (ERMF), Principle Risk Type Frameworks, and the Group’s risk appetite.

The role plays a strategic function in proactively identifying emerging and horizon risks, governing risk exposure, driving issue remediation, and ensuring regulatory and audit engagements are well-managed. The individual will work closely with senior leadership across Technology and Operations (T&O), as well as with first- and second-line risk functions, regulators, and governance bodies, to shape the risk agenda and ensure that risk considerations are embedded into transformation initiatives and operational decision-making.
 

Key Responsibilities

Strategy

• Define and execute a holistic risk management strategy for CISO, ensuring risks are identified, assessed, mitigated, and governed effectively.
• Ensure the effective embedding of the Enterprise Risk Management Framework (ERMF) and Principle Risk Type Frameworks, ensuring risk practices align with the Group’s risk appetite, policy requirements, and governance standards.
• Drive the proactive identification and assessment of emerging and horizon risks, ensuring timely escalation and effective risk mitigation strategies.
• Ensure that risk oversight and assurance activities support key transformation and modernization efforts, embedding risk management into T&O strategic initiatives.
• Advocate for risk-driven decision-making by ensuring that risk insights, metrics, and data analytics are leveraged to enhance risk awareness, predictability, and responsiveness.

Business

• Work closely with business leaders across CISO to embed a strong risk culture, ensuring that risk considerations are incorporated into day-to-day operations and strategic projects.
• Oversee risk assessments and control testing processes, ensuring that risks are appropriately identified, evaluated, and addressed:
  • Risk and Control Self-Assessments (RCSAs): Ensure timely completion of annual RCSA reviews and top-down risk assessments, ensuring an accurate reflection of the risk landscape.
  • Threat Scenario Led Risk Assessments (TSRAs): Drive structured TSRAs to evaluate risks across cybersecurity, technology, and operational domains.
• Ensure risk-based advisory is provided to senior stakeholders, enabling effective risk mitigation across business lines.
• Partner with first- and second-line risk functions to ensure a coordinated approach to risk management, risk mitigation, and remediation.
• Lead and oversee regulatory and audit engagements, ensuring timely and high-quality responses to internal audit, external assurance reviews, and regulatory inquiries.
• Oversee the risk-driven management of transformation programs, ensuring that change risk is effectively governed and mitigated across major initiatives.

Processes

• Ensure adherence to ERMF and Principle Risk Type Frameworks, ensuring compliance with risk governance expectations.
• Oversee and drive the timely completion of annual RCSAs, including top-down reviews, ensuring a structured and comprehensive assessment of risks.
• Ensure risk data is updated accurately and in a timely manner in key risk repositories, such as M7 and iTrack, including: Metric results, Issue statuses and risk remediation progress, Key risk indicator (KRI) updates etc
• Establish robust mechanisms for ensuring risk governance inputs are delivered into the Technology and Operations Non-Financial Risk Committees (T&O NFRCs), while also overseeing and running function-specific risk forums as required.

People & Talent

• Build and lead a high-performing global team, ensuring best-in-class risk expertise and capabilities.
• Drive a culture of accountability, risk awareness, and continuous improvement across risk teams, ensuring alignment with Group risk expectations.
• Develop a strong talent pipeline, ensuring that team members receive the necessary development, mentoring, and opportunities to grow within the risk function.
• Champion diversity and inclusion, ensuring that risk teams reflect a broad range of perspectives and experiences.

Risk Management

• Embed proactive risk identification and mitigation practices, ensuring risk is managed at both a structural and operational level.
• Ensure risk frameworks and risk appetite parameters are well understood and applied within CISO risk management activities.
• Drive the zero overdue mandate for risk remediation, ensuring that all high-risk issues are addressed and closed within agreed timelines.
• Partner with key leaders across Technology and Operations (T&O) to ensure that risk considerations are embedded into all business decisions.
• Ensure that key risks are monitored, measured, and reported in a structured, transparent manner, enabling senior leadership and governance bodies to take appropriate risk-based decisions.

Governance

• Oversee risk governance structures, ensuring that CISO risk exposure is well-managed within governance forums.
• Provide transparent and high-quality risk reporting to governance committees, senior leadership, and regulatory bodies, ensuring clear visibility into the risk landscape.
• Ensure that risk forums and governance activities align with the Group’s broader risk governance framework
• Lead and oversee function-specific risk governance forums, ensuring risk issues, control gaps, and remediation plans are actively monitored and actioned.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct. 
• Lead the function to achieve the outcomes set out in the Bank’s Conduct Principles: [Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment.] 
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters
• Provide timely and accurate risk & control information to support regulatory meetings and RFIs.

Key stakeholders

• Group Chief Information Officer (interim) and Group Chief Operating Officer (interim)
• Group Chief Risk Officer (GCRO)
• Global Head of T&O Risk and Control and Management Team
• Global Head of OTCR and Management Team
• T&O Management Team (MT) Members and their teams
• Risk Officers across all businesses and functions
• Group Internal Audit (GIA)
• Regulatory Liaison Team

Skills and Experience

• Business Process Design    
• Process Management
• Risk Management      
• Assurance & Governance 
• Regulatory Environment    
• Data & Reporting    
• Stakeholder Management    

Qualifications

• Minimum 15 years of experience in risk management, compliance, assurance or equivalent field, preferably in Banking or Financial Services. A proven track record of leading successful teams is priority.
• Strong analytical and program management skills. Ability to assess strategic priorities and to focus on detailed aspects of a program in order to drive effective delivery.
• Strong leadership, negotiation and collaboration skills, and ability to work effectively in a complex multicultural and multi-time zone organization. 
• Knowledge of the businesses, markets and operations of Standard Chartered Bank and relevant policies, procedures, and processes have an added advantage. 
• Excellent interpersonal skills to foster positive relationships with internal and external stakeholders.
• Thorough understanding of ICS, Technology, Resilience and Data business processes, risks, threats, internal controls, and experience with regulators and multi-stakeholder organisations.
• Ability to collect and analyse data and make recommendations in written and oral form.
• Strong ability to liaise with all parts of the Bank, including senior security, risk and business stakeholders.
• Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers. Fluency in English.
• Bachelor’s Degree in Information Technology, Cybersecurity, Business Management, or other related discipline. Professional certifications have an advantage (e.g., CISA, CISSP, CISM, ITIL, PMP, CSM, CPO).

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.