Business ICS Risk Manager

About Standard Chartered

We’re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we’ve worked to make a positive difference for our clients, communities and each other. And we’re on a journey to innovate and transform, with the employee experience at the heart of our evolution. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before.  

To us, good performance is about much more than turning a profit.  It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.  We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base. The Role Responsibilities

This role is aligned to Consumer, Private and Business Banking (CPBB) business and works closely with the designated technology delivery teams to holistically address Information Cyber Security (ICS) risk. The Business ICS Risk Manager – Threat, Risk and Strategy is a non-people leader role which requires to be adaptive and respond to a wide and deep scope. The positions is reporting to the Director of ICS Risk – Threat, Risk and Strategy and supports the execution of team’s objectives, by collaborating with stakeholders across business and technology, as well as other pillars within the team. In support of CPBB ICS Risk strategy, areas of responsibility may include:

• Identification and Management of CPBB ICS Risks and Threats.
• Support the Threat Security Risk Assessment (TSRA) and Risk and Control Self Assessment (RCSA) for CPBB.
• ICS Risk tracking and coordination, by providing regular status updates including progress, top risks and issues to the respective business forums for the relevant domains. Track RAG status, key milestones, risks, dependencies and issues.
• Board Risk Committee, Regional Risk Committee and Cyber Advisory Forum reporting.
• Oversight on Board Risk Metrics and remediation plans.
• Support the identification, assessment and rating of information assets with the business.
• Collaborate and work with various stakeholders including Cyber Information Security Risk teams (L2).
• Audit Management.
• Third Party Security Assessment oversight.
• ICS Business Recovery and Respond oversight, by coordinating with SMEs for cyber crisis management exercises, build response and recovery capabilities and workarounds.
• Assist with other cyber activities underway.
• Ensure that ICS Key Controls are implemented effectively with appropriate coverage.
• Identify changes to plan required in terms of additional components, reprioritisation to anticipate and respond to changes
• Maintain strong stakeholder engagement with other COO ICS teams, Chief Information Security Office teams, ICS RTF Implementation Programme teams and Security Technology teams
• Escalate appropriately to ensure the Director of ICS Risk – Threat, Risk and Strategy, CPBB is briefed and necessary decisions are made in a timely manner
• Manage the rollout of the ICS RTF professionally and efficiently, closely tracking timeline commitments for provision of information and action plans, and for validation of actions taken
• Address and adopt response and recover capabilities and assist with cyber crisis management exercises, playbooks etc.
• Support the business in the management of TPSA metrics.

Key Stakeholders

• Risk, Governance and Control Heads for CPBB
• ICS RTF Implementation Programme - Accountable Executive and teams
• Chief Information Security Office and teams
• Chief information Security Risk Office and teams
• Security Technology Services and Cyber Security Services teams
• Operational Risk
• Compliance Risk

 The Role Requirements

• Experience in risk and governance of key ICS Controls – Data Protection, Vulnerability and Compliance Management, Network security, Security Incident Management, etc.
• Experience in the identification and assessment of Cyber Risks.
• Experience in third party oversight and risk management.
• Experience working across multiple security frameworks (e.g. NIST, ISO 27001, PCI-DSS).
• Good organisation and stakeholder management skills with ability to manage multiple deadlines and effectively prioritise.
• Ability to work collaboratively with stakeholders and execute independently to effect change across the business lines and manage multiple deliverables simultaneously.
• Proven ability to deliver complex, global, pan-bank initiatives by driving collaboration and participation across diverse set of stakeholders.
• Possess one or more security certifications such as CISSP, CISA, CISM, CRISC, PCI-QSA, CSX etc. would be an asset.

 Apply now to join the Bank for those with big career ambitions.  To view information on our benefits including our flexible working please visit our career pages. We welcome conversations on flexible working.