CISA / CRISC / CISM / CISSP (nice to have)
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation.
This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
Execute a consistent, sustainable and re-performable control testing for the Bank’s critical IT systems.
Support the provision of MI (Management Information) to the respective risk forums across business and functions.
Assess compliance with the Bank’s risk frameworks, policies and industry standards (NIST).
Work with the Application / Service / Control Owners of critical IT systems to identify emerging ICS risks and ensure they are appropriately addressed by relevant technical controls.
Support stakeholders in defining remediation actions to address identified control weaknesses and issues across critical IT systems, and associated processes.
Track issue remediation, check and challenge delivery status and escalate delays.
Identify opportunities for automation of controls testing.
Maintain effective relationships with stakeholders.
Support the continuous improvement of ICS control testing, risk and control processes, aligning to and avoiding duplication with other assurance functions.
Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction.
Manage and drive continuous improvement of the ICS technical control environment through proactive risk management.
Tracking and reporting of ICS controls to ensure oversight and escalation mechanisms are in place.
Provide timely and accurate risk & control information to support internal / external (e.g. regulatory) assessments.
Head of ICS Technical Controls Testing.
Head of Regulatory Attestations & Central Controls Testing.
Application / Service / Control Owners of critical IT systems.
ISROs (Information Security Risk Officers).
The Role Requirements
Educational background in Computer Science, Economics, Law, Risk Management or other relevant areas.
5-8 years in IT / Cyber Audit and / or Cyber Risk Management or similar experience is essential.
Professional qualifications such as CISA / CRISC / CISM / CISSP will be advantageous.
Technical knowledge on security controls best practices across different platforms, systems and security tools.
Good understanding of security processes, risks and controls, audit and testing methodologies.
Possess the right mix of cyber knowledge and risk & control skills.
Be self motivating and kick starter capable of working with limited direction.