Job Summary

The Group Chief Information Security Risk Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing Information and Cyber Security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Group CISRO team serves as the second line of defence for assuring ICS controls are implemented effectively, in accordance with the ICS Risk Framework, and for instilling a culture of cyber security within the Bank. Group CISRO is responsible for the development of ICS framework, which includes all aspects of end to end risk identification, assessment, management and mitigation to stay with approved risk appetite thresholds; ICS policy, assurance and red team activities, cyber resilience and stress testing, third party security risk, industry partnerships, and regulatory engagement. The team of Information Security Risk Officers (ISRO) have delegated authority for risk approval from the Group CISRO and support the implementation of the ICS risk management strategy, providing oversight, governance, and advisory across the Group’s Business, Regions, and Functions. Group CISRO is central to ensuring the Bank is able to meet its ICS commitments to internal and external stakeholders, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.

Key Responsibilities

• Primarily responsible to effectively lead/perform ICS assurance reviews and issue validation activities.
• Execute and deliver insightful, quality and value-adding assurance reviews to drive proactive risk management.
• Drive and support internal growth initiatives to upskill staff competencies, optimise resources/capacity, enhance digital agility and identification of risk hotspots for assurance work.
• Drive, collaborate and support cross-functional initiatives to drive greater efficiency and effectiveness.
• Building and promote good external partnerships with stakeholders to collaborate effectively.
• Provide timely, regular communication and updates of deliverables (outcomes, recommendations) to key internal and external stakeholders.  
• Responsible and accountable for performing reviews and issue validations in line with the 2LA methodology and ensure that the ICS assurance deliverables meets the quality standards set out in the methodology.
• Ensure timely deliverables, invocation of escalation and clearance of report in alignment with our CISRO Assurance operating model.
• Support the Global Head of ICS Assurance & Testing to set up the annual plan and manage the execution of the plan to achieve the target on quality, timeline and budget.

Skills and Experience

• At least 10+ years’ experience in cyber security testing/assessment, penetration testing, cyber security operations, cyber security audit or information security governance. 
• Thorough understanding of IT security business processes, risks, threats and internal controls.
• Experience working in or with the financial services industry with keen understanding of business and operational environment.   
• Strong knowledge of the cyber security threat landscape, businesses, markets and risk framework. 
• Good understanding of global legal, regulatory and industry regulations, frameworks and standards and the ability to adapt to the changes accordingly. 
• Able to communicate complex ICS risks/issues precisely and effectively. 
• Able to construct recommendations in a factual and persuasive manner. Excellent communication skills in both written and oral form.  
• Ability to empathise and collaborate with stakeholders across functions and at all levels of experience.
• Ability to look beyond individual issues to identify broader themes with wider-reach impact.
• Ability to both assess strategic priorities and to focus on detailed aspects of a function to drive effective delivery. 
• A big-picture thinker who is detail-oriented.
• Experienced in team management & engagement and able to lead, guide, motivate team to meet goals and objectives.
• Ability to perform testing by using data analytics.

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.