The Group Operational, Technology and Cybersecurity Risk (OTCR) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing technological, information and cyber security (OTCR) risks across the enterprise. 

As a critical function reporting into the Group Chief Risk Officer (CRO), Group OTCR serves as the second line of defence for assuring Operational, Technology and OTCR controls are implemented effectively and in accordance with the Operational Risk Type Framework (ORTF) for instilling a positive culture of Operational, Technology and Cybersecurity risk management within the Bank. 

As part of the function, the team of OTCR, TPRM and TPSR performs a pivotal role as an extension of the OTCR in supporting the Tech and OTCR risk management strategy, governance, advisory and assurance roles that face off to the Client Businesses, Regions, and Functions. 

OTCR for T&O CISO & COO will work with other OTCR Coverage and SME teams to address Tech and OTCR as a principal risk type for the Bank and support its integration into the Bank's overall Enterprise Risk Management strategy. The role will provide oversight and challenge of Tech and OTCR risk management and control effectiveness as a risk partner to T&O as defined in the Bank’s OTCR Risk Type Framework and Operational Risk Type Framework (ORTF) under delegation from the Global Head of OTCR.

Key Responsibilities

• Overseeing and challenging 1st line ICS and OTCR risk proposals and risk-taking activities Third Party Security Risk and other key OTCR domains.
• Intervening in 1st line activities if they are not in line with existing or adjusted Risk Appetite.
• Monitoring of Tech and OTCR risks and associated remediation plans across business lines using the OTCR Governance Risk Type Framework.
• Assuring the 1st line implements controls to comply with applicable laws and regulations as defined by the OTCR Policy, Standards Third Party Security Risk [TPSR] and OTCR Policy Third Party Risk Management, [TPRM] team and escalate significant regulatory non-compliance matters and developments to the Global Head, OTCR, T&O.
• Overseeing implementation of the controls to mitigate risks related to Third Party Risk Management and Third-Party Security Assessments.
• Promoting a healthy OTCR & TPRM risk culture and good conduct within Technology & Operations of key OTCR & T&O domains.
• Support the assessment of OTCR TPRM and OTCR [TPSR] risk and reporting by T&O 1st line teams.
• Support the OTCR T&O team in the use of the OTCR risk frameworks and other techniques from a 2nd line perspective.
• Raise visibility of TPRM & TPSR weaknesses to drive improvements and upliftment.
• Highlight gaps or control weaknesses against security standards and regulations in the key T&O domains.
• Oversee RCSA process across Third Party Risk [vendor] management. 
• Oversight on cloud infrastructure and DevSecOps to ensure compliance to Tech and OTCR standards

Our Ideal Candidate

• Degree in Information and Cyber Security, Technology or equivalent
• Minimum of 10 years of experience in security risk management with a focus on vendor / third-party risk.
• Financial Institutions / Outsourcing / Vendor Management with experience in supporting Third Party Risk Management or within Third Party Management or Third-Party Security 1st line or 2nd line.
• Understanding of vendor lifecycle, including onboarding, ongoing compliance, and offboarding.
• Excellent understanding of Non-Financial Risk Management (Operational risk management) and Risk and Control Self Assessment framework [RCSA]
• Conduct due diligence and risk assessments, including financial, operational, and cybersecurity risks.
• Monitor and report on third-party compliance with security requirements.
• Strong communications skills verbal and written.
• Good negotiating and stakeholder management
• Strong knowledge of regulations related to Outsourcing

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.