CISA / CRISC / CISM / CISSP (nice to have)
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation.
This in turn helps us to provide better support to our broad client base.
The Role Responsibilites
Support the functional head in leading a team of ICS technical control testing SMEs (Subject Matter Experts) to plan and execute on key controls testing across the bank’s critical IT systems.
Lead the execution of a consistent, sustainable and re-performable control testing framework / methodology for the bank’s critical IT systems.
Provide thought leadership on ICS technical control design, assessment, testing processes and drive continuous improvements in allignment with organisational's risk frameworks.
Work with the Application / Service / Control Owners of critical IT systems to identify emerging ICS risks and ensure they are appropriately addressed by relevant technical controls.
Support the provision of MI (Management Information) to the respective risk forums across business and functions.
Assess compliance with the Bank’s risk frameworks, policies and industry standards (NIST).
Support stakeholders in defining remediation actions to address identified control weaknesses and issues across critical IT systems, and associated processes.
Track issue remediation, check and challenge delivery status and escalate delays.
Identify opportunities for automation of controls testing.
Maintain effective relationships with leaders and stakeholders.
Support the continuous improvement of ICS control testing, risk and control processes, aligning to and avoiding duplication with other assurance functions.
Lead through example and build the appropriate culture and values. Set appropriate tone and expectations, and work in collaboration with risk and control partners.
Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction.
Provide timely and accurate risk & control information to support internal / external (e.g. regulatory) assessments.
Head of ICS Technical Controls Testing.
Global Head of ICS Controls.
Group Operational Risk.
Group ISROs (Information Security Risk Officers).
Group Internal Audit.
The Role Requirements
Educational background in Computer Science, Economics, Law, Risk Management or other relevant areas.
8-15 years in IT / Cyber Audit and / or Cyber Risk Management or similar experience is essential.
Professional qualifications such as CISA / CRISC / CISM / CISSP will be advantageous.
Posess the right mix of leadership, cyber expert and risk & control skills.
Be self motivating and kick starter capable of working with limited direction.
Be capable to execute leadership, management and coaching over colleague(s).