The Role Responsibilities The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience o..
The Role Responsibilities The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Technology, Operations and Transformation Officer, the Group CISO serves as the first line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework, Policy and Standard, and for instilling a culture of cyber security within the Bank. The Group CISO is central to ensuring the Bank's ability to meet its ICS commitment to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board, and that is supported by the ICS Risk & Control Function. The Head of Identity and Access Management Risk for the Group CISO function will lead and manage the IAM risk team to manage pan-bank Central IAM risk profile. This includes effective risk and control governance, oversight and assurance, as well as advocating and imparting lessons and good practice to shape the design and implementation of IAM controls. The responsibilities include: Oversee all risk and control activities related to all people, processes and assets within the IAM Risk function. Provide thought leadership in proactive and dynamic risk management, to enable Central IAM and/or Business / Functions to effectively manage IAM risks. Support the timely identification, assessment and prioritsation of potential cyber threats and vulnerabilities to the organisation associated to IAM risks. Lead a team of risk and ICS SMEs to drive to deliver risk focused, timely and re-performable deep dive reviews following ICS Control methodology and ensuring IAM Control Library is well maintained and kept up to date. Provide support the design, build, and implementation of effective processes and controls to effectively mitigate IAM risks. Support the IAM Function to be 'First to Know' of its risks & issues, and to deliver on its commitments. Act as the key confidant to the IAM 'Process Owner(s)' responsible for developing, prioritizing and implementing controls Collaborate with other teams within the organisation to ensure that risk assessments are integrated into overall security strategy Support the delivery of the overall CISO Conduct Risk Management plan. Drive compliance with the Bank's risk framework and policies (e.g. ERMF, ORTF and ICS RTF). Stay informed of current cyber threats and trends and provide recommendations to management on how to mitigate them Strategy The Head of Identity and Access Management is a global role that requires strong risk & control acumen, good organisation, and leadership skills with ability to manage multi-disciplinary group, knowledge of Cyber Security, Risk Management, and process controls. The role requires a strategic mindset and strong execution driven skill to support the Global IAM Function to achieve and deliver on its risk commitments and with alignment to the overall ICS Risk Strategy. Provide SME risk and control advice and guidance, as well providing a feedback loop to Framework, Policies and Standard owner. Business The role will work closely with Global Head of IAM, businesses and functions CISOs and ISROs within the bank to achieve the Group ICS-IAM strategy and objectives. The role will drive the risk agenda for the Global IAM Function through effective risk management framework. Processes IAM Risk Function will: Support liaison with Group Internal Audit and any third party or regulatory inspections. Perform review of the control self-assessment outcomes, monthly control testing results and adequacy of the related remediation actions. Provide thought leadership on control design, assessment, testing processes and drive continuous improvement in OR and ICS RTF. Execute deep dive reviews and consistent, efficient and meaningful CSTs / KCI tests for IAM processes. Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction. Manage and drive continuous improvement of the IAM control environment through proactive risk management (e.g. technical deep dive and issue validation). Provide good technical input and challenge on assignment to steer team member in producing high quality output which address the risk. Build trusted working relationships with other security functional heads, CISOs, ISROs, CISRO, risk counterparts, business unit stakeholders, and Group Internal Audit and , where needed. Support CSS Process owners in the execution of their accountabilities related to: Identification and management of the end to end processes as defined by the Process Universe and associated risks for the activities carried out. Implementing the RCSA to monitor the effectiveness of the controls and standards governing the end to end process. Being accountable to the Group Process Universe Owner, framework and policy owners and implementing the control requirements applicable to the process. Escalating significant risks and issues to the Process Universe Owners, relevant Risk Framework Owners or Policy Owners. People & Talent Build Collaboration: Lead through example and build the appropriate culture and values. Set appropriate tone and expectations for the team, and work in collaboration internally and externally. Develop Talent: Provide strong leadership, management and coaching, strengthen and uplift the skill set of the team, as required, through internal development and training. Facilitate on-the-job learning from current & previous experience by identifying and communicating transferable lessons, helping to embed these lessons and encouraging best practices. Employ, engage and retain high quality people and establish an appropriate team structure and capacity plans Provide leadership guidance to the teams in the department Set and monitor job descriptions and objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectives. Risk Management Work with other Risk and Controls teams to drive efficiency, effectiveness and reduce duplication. Work closely with senior stakeholders to drive an effective security risk management culture and compliance mindset Liaise with Group Internal Audit, where needed Governance Provide timely and accurate reporting to appropriate risk committees and forums. Ensure appropriate oversight and facilitate resolution of high impact risk and issues. Tracking and reporting of risk assessments (e.g. audits, risk assessments etc.) and their outputs to ensure oversight and escalation mechanisms are in place to provide MI on obligations. Work with the CSS Service Lines to identify emerging risks and ensure they are appropriately addressed and subjected to formal governance. Manage and drive continuous improvement of the CSS internal risk profile reporting, issue management processes and supporting tools. Key stakeholders Global Head Identity and Access Management (CISO-IAM) Group Chief Information Security Officer (CISO) Group Chief Information Security Risk Officer (CISRO) Global Head of ICS Risk and Controls ICS Management Team Members Chief Information Security Officers (CISOs) across all businesses and functions Information Security Risk Officers across all businesses and functions COOs/CIOs of different businesses/functions ICS Risk and Control Leadership Team Members Group Internal Audit - Heads of Audit for TTO Other Responsibilities Embed Here for good and Group's brand and values in CISO Function; Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures; Our Ideal Candidate 15+ years of experience in Cyber Security, technology and ICS risk management, with a proven track record of leading successful teams. Strong risk management skills. Ability to assess strategic priorities and to focus on detailed aspects of complex risk remediation activities in order to drive/achieve the desired risk buydown targets. Strong stakeholder management skills. Ability to liaise with all parts of the Bank, including senior security, risk and business stakeholders. Strong leadership, negotiation and collaboration skills, and ability to work effectively in a complex multicultural and multi-time zone organization. Knowledge of the businesses, markets and operations of Standard Chartered Bank and relevant policies, procedures, and processes have an added advantage. Excellent interpersonal skills to foster positive relationships with internal and external stakeholders. Thorough understanding of ICS-IAM business processes, risks, threats, internal controls, and experience with regulators and multi-stakeholder organisations. Ability to collect and analyse data and make recommendations in written and oral form. Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers. Fluency in Business Communication. Bachelor's Degree in Information Technology, Cybersecurity, Business Management, or other related discipline. Professional certifications have an advantage (e.g., CISA, CISSP, CISM, ITIL, PMP, CSM, CPO). Ability to commit up to 10% business travel. Role Specific Technical Competencies Risk and Control Concept & Understanding Identity and Access Management Key Processes Data Analytics Skills Regulatory Environment - Financial Services Security Controls & Methodologies About Standard Chartered We're an international bank, nimble enough to act, big enough for impact. For more than 160 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can't wait to see the talents you can bring us. Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion. Together we: Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum Flexible working options based around home and office locations, with flexible working patterns Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential. Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process. Visit our careers website www.sc.com/careers