Job Summary

The Global Head of Testing and Assurance for Technology and Operations (T&O) Risk Management is responsible for establishing, scaling, and driving key assurance capabilities that strengthen risk management and control effectiveness across T&O. This role ensures that these capabilities provide transparent, independent assurance over critical risk areas, technology functions, and regulatory obligations.

This role owns and leads the development and execution of the following core capabilities:

• Project Delivery Assurance – Establishing a new capability to provide assurance over key transformation programs within T&O, ensuring risks are identified and managed effectively.
• ICS and Technical Controls Testing – Delivering comprehensive testing to validate the effectiveness of key process and technical controls across Information & Cyber Security, Technology, Data & Resilience.
• Technology Assurance (SDLC) – Driving structured assurance across the software development lifecycle (SDLC) to mitigate risks in technology change initiatives.
• Application and Infrastructure Compliance – Developing a new capability to strengthen compliance oversight across applications and infrastructure. 
• Attestation Management – Leading assurance activities for critical regulatory and industry attestations, such as SWIFT and PCI DSS.

This role works across Technology and Operations to embed and enhance these assurance capabilities, ensuring they are scalable, risk-aligned, and effective. The position requires strong leadership, strategic oversight, and hands-on execution to drive a proactive and integrated approach to risk management—enhancing compliance, resilience, and operational performance across T&O.

Key Responsibilities

Strategy

• Develop and execute a best-in-class global Testing and Assurance Strategy that enhances the effectiveness, efficiency, and consistency of control testing across T&O.
• Establish and embed standardized assurance methodologies that provide a transparent view of control effectiveness across key functions, including ICS, Data, Resilience, and Technology and Architecture.
• Drive focused and prioritized assurance and control testing capabilities that enable the organization to successfully meet its strategic objectives and proactively address control weaknesses.
• Ensure testing and assurance frameworks support business growth, transformation initiatives, and evolving regulatory requirements, embedding a risk-informed approach to decision-making.
• Embed modernized testing approaches, leveraging automation, analytics, and real-time control monitoring where possible to enhance accuracy, timeliness, and scalability.

Business

• Drive better integration of assurance capabilities across key functions such as ICS Controls Testing, Technology Assurance, SDLC Testing, Application and Infrastructure Compliance, and Attestation Management (e.g., SWIFT, PCI DSS).
• Strengthen the Bank’s ability to assess and manage technology and operational risks by delivering clear, data-driven insights on control effectiveness to senior stakeholders.
• Act as a strategic partner to senior business leaders, ensuring that assurance outcomes inform business and technology decisions while embedding a culture of continuous control improvement.
• Support the development of risk-based assurance plans, aligning testing activities with the most critical risks and regulatory priorities impacting T&O.
• Enhance operational effectiveness by ensuring testing and assurance frameworks evolve in tandem with emerging risks and new business models.

Processes

• Develop, standardise, and implement repeatable, high-quality control testing and assurance processes that are aligned with regulatory expectations, industry standards, and internal policies.
• Embed structured, risk-based control testing methodologies to improve effectiveness and scalability across multiple assurance functions.
• Oversee attestation management for critical compliance frameworks such as SWIFT, PCI DSS, ensuring transparency and accuracy in external reporting.
• Ensure control testing and assurance methodologies remain efficient, cost-effective, and fit for purpose, continuously refining and optimizing processes as required.

People & Talent

• Build, lead, and develop a high-performing global team, fostering a culture of excellence, accountability, and continuous improvement.
• Develop and execute a talent strategy that attracts, retains, and nurtures top assurance and control testing professionals, ensuring the team remains at the forefront of industry best practices.
• Promote collaboration and knowledge-sharing across assurance teams, ensuring alignment on methodologies, risk themes, and testing priorities.
• Lead and mentor the next generation of risk and assurance leaders, supporting their professional development and career progression.

Risk Management

• Establish a testing and assurance function that proactively identifies control weaknesses, emerging vulnerabilities, and areas of heightened operational and technology risk.
• Ensure timely escalation of risks identified through control testing and assurance activities, driving clear accountability for issue resolution.
• Strengthen the link between assurance findings and remediation programs, ensuring that control deficiencies are addressed effectively and sustainably.
• Partner with key T&O leaders to embed assurance-driven risk management practices into operational processes, technology programs, and business transformation initiatives.
• Establish capability to provide best in class assurance over strategic T&O projects and programmes.

Governance

• Define and oversee the governance framework for testing and assurance, ensuring alignment with the Group’s risk management framework and regulatory expectations.
• Provide transparent, data-driven reporting to governance committees, regulators, and senior leadership, ensuring risks and control effectiveness are well understood.
• Represent the testing and assurance function in key risk and governance forums, ensuring that assurance outcomes are factored into risk appetite discussions and decision-making.
• Establish a structured reporting cadence to deliver meaningful insights into assurance performance, control weaknesses, and remediation effectiveness.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Lead the Enablement Team to achieve the outcomes set out in the Bank’s Conduct Principles: [Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment.] 
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key stakeholders

• Group Chief Information Officer (interim) and Group Chief Operating Officer (interim)
• Group Chief Risk Officer (GCRO)
• Global Head of T&O Risk and Control and Management Team
• Global Head of OTCR and Management Team
• T&O Management Team (MT) Members and their teams
• Risk Officers across all businesses and functions
• Group Internal Audit (GIA)
• Regulatory Liaison Team

Skills and Experience

• Risk Management
• Analytical Thinking    
• Planning: Tactical, Strategic    
• Project Management    

Experience

• 20+ years in technology risk, assurance, cyber security, or internal audit within a large financial institution.
• Experience leading global-scale assurance/testing functions across multiple regions.
• Proven track record of building and executing control testing and assurance strategies at an enterprise level.
• Strong knowledge of financial services technology landscapes, including cloud, DevSecOps, AI, and automation.
• Experience in executive reporting to board committees and senior management on technology risk posture.
• Background in regulatory engagements, audit findings remediation, and control effectiveness assessments.

Qualifications

• Education - Bachelor’s or Master’s degree in Information Security, Computer Science, Risk Management, or a related field.
• Training - Standards as per the role
• Licenses - Standards as per the role
• Membership - Standards as per the role
• Certifications
  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CRISC (Certified in Risk and Information Systems Control)
  • CISA (Certified Information Systems Auditor)
  • ITIL, COBIT, or other IT governance frameworks
• Languages - Standards as per the role
• Strong understanding of cloud security, application security, and infrastructure risk assurance.

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.