Standard Chartered Bank is headquartered in London with operations in 50+ with two primary businesses:
- Commercial, Corporate and Investment Banking (&ldquoCCIB).
- Consumer, Private and Business Banking (&ldquoCPBB).
The CCIB business incorporates the Transaction Banking, Financial Markets, Security Services, Client Coverage and Digital Channels and Data Analytics businesses. The business has ambitious digitisation agenda and is looking to transform its businesses to be digital native organisation.Banks are built on trust from the key stakeholder groups:
Trust is built on security:
- Clients: trust that they will safeguard client assets (money, securities and commercial data).
- Governments & regulators: trust that they will provide capital for economies and businesses.
- Shareholders: trust they will provide a better return on capital than other banks.
- Communities: trust they will uphold their human rights build and uphold financial inclusion.
- Identification of the priority business risks that are integrated into business strategy and decision making.
- Delivering best practice cybersecurity solutions and protecting data and privacy
- Threat-led approach ensure a security posture that mitigates the priority business risks
- Deliver efficiencies, continuous improvement, maximise risk reduction, resilience, policy and regulatory compliance.
The CCIB Information & Cyber Security Office is made up of thought leaders, who are accountable for the provision of a risk advisory services to continuously improve CCIB&rsquos security posture against the evolving cyber security landscape.Role
- Trusted advisor for business stakeholders for risk identification, assessment and treatment.
- Drive maturity of decision making to incorporate information security and cyber within strategic management and design forums.
- Enable improved Information Security & Cyber knowledge and awareness to enable business leaders to understand the evolving threat and investment trade-offs.
- Curate strategic design and integration of risk management across DCDA businesses.
- Provide thought leadership, research and report on current organisation exposure to vulnerabilities and emerging threats through periodic management briefings and bulletins and working closely with relevant teams to implement short-gap remediation activities and compensating controls to reduce risk while identified vulnerabilities are being addressed.
- Build shared understanding of risk-based prioritisation of risk investment / activities across DCDA with 1st / 2nd lines of defence (LOD).
- To maintain an expert knowledge within the team of industry trends in relation to business requirements and direction to the Group.
- Support the continuous improvement through process re-engineering, technology transformation, integration and exploitation to deliver optimised yet robust services to mitigate threats.
- Integrate risk plans into all DCDA business / Client Journey strategic Enterprise Risk Management plans.
People and Talent
- Either through leveraging Quarterly/Monthly Performance Review meetings or through the establishment of relevant 1st / 2nd LOD working groups agree, co-ordinate and oversee DCDA business risk mitigation plans to completion.
- Collaborate with the control service providers to deliver adoption plans and services that inspire admiration - not desperation.
- Instil 90 days backlog discipline into all risk investment / activity to ensure it is appropriately prioritised against other risk and business investments / activities.
- Provide check and challenge on RFO and Business risk plans and deliverables advise on gaps in coverage for risks and regulatory obligations, with recommendation on how to address these highlight risk activities that are not aligned to risk or their cost of control.
- Support DCDA businesses / client journeys in cataloguing all Technology Risk controls & activities (current and planned) along with their MCE and impact on residual risk.
- Institute agile risk management into ways of working e.g., handling of risk identification, incident reviews, etc.
- Lead through example and build the appropriate culture and values. Set the appropriate tone and expectations for the team and work in collaboration with risk and control partners.
- Employ, engage and retain high quality people and establish an appropriate team structure and capacity plans.
- Set and monitor job descriptions and objectives for direct reports and provide feedback and recognition in line with their performance against those responsibilities and objectives.
- Complete the yearly SOC2 Type2 assessment and attestation for Channels and TB Cash.
- Drive appropriate coverage of DCDA risks and regulatory obligations into control framework.
- Advise businesses on evolving threat, industry trends and regulatory environment.
- Escalate material gaps in risks coverage identified to NFRCs and/or CCIBRC as appropriate.
- Work with Process Owners to ensure suitable incident management, response and recovery processes are in place.
- Promote socialisation of lessons learnt across DCDA.
Regulatory & Business Conduct
- Maintain oversight of Risk Treatment actions, Root Cause reviews and other remediation activities across DCDA.
- Produce quarterly update to DCDA Refinement meeting on plan and execution progress.
- Liaise with Internal Audit / Regulators as required.
- Display exemplary conduct and live by the Group&rsquos Values and Code of Conduct.
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Our Ideal CandidateRequired:
- TB DCDA COO
- CIO DCDA
- Operational Risk DCDA
- CISRO DCDA
- Control Security Services MT
- Security Technology Services MT
- DCDA Business Control & Governance Leads
- Internal / external audit
- SCB Clients
- 10-15 of overall experience with 6-10 years of Information and Cyber Security Domain experience implementing NIST or ISO 27001 risk framework for 1 or multiple business in Financial Industry.
- 6 8 years hands on risk assessments for applications (supporting Digital Channels Web, Mobile applications, blockchain, API, Host2Host, SaaS, cloud) develop treatment plans and monitor the progress of the treatment plan through governance committees.
- 2-4 years of experience with SOC2 Type2 assessment and attestation for financial institution with Channels and Transaction Banking business.
- Must be able to critically examine systems through the perspective of a threat actor and articulate risk in clear, precise terms to Business - non-technical or non-ICS members.
- Advice and complete the security impact assessment, Threat Scenario Led Risk Assessments (TSRA) to support digital channels products of current and future platform modernisation, cloud migration etc.
- Good understanding of financial industry working, payment eco-system involving domestic and cross-border payments with SWIFT, SEPA, FED, RTGS, ACH, PCI/PCD will be advantage.
- Manage client risk assessments requests where SCB acts as a service provider or Third Party to assure clients on Banks security posture.
- Strong working experience of working with 3 lines of defence to articulate and seek approvals or dispensations when working with complex regulatory or internal standards and policies.
- Deep understanding of threat actor profiles, the typical indicators associated with those profiles, and be able to synthe the two to develop innovative techniques to detect threat actor activity.
- Good understanding of:
- Threat and vulnerability landscape including malware, emerging threats, attacks and vulnerability management.
- Security penetration testing and Red Team processes, technologies and industry frameworks (e.g., CREST).
- Tactics, techniques, and procedures that could be used for recon, persistence, lateral movement, and ex-filtration
- Detailed oriented, Strong deductive reasoning, critical thinking and problem-solving skills.
- Ability to work in a fast-paced team environment.
- Proven ability to manage diverse stakeholder expectations.
- Excellent oral/written communication skills for articulating thoughts clearly with stakeholders ranging from engineers to senior business management and
- Exceptional interpersonal, team building, mentoring and leadership skills with a demonstrated ability to gain the confidence and respect of senior level executives.
About Standard Chartered
- Experience in working with cross-border teams, preferably in the Financial Services industry.
- Broad understanding of security related regulatory requirements.
- Knowledge of Transaction Banking, Financial Markets products, payment eco-system and evolving API, third party marketplace or white label providers.
- Experience in agile methodology of managing multiple multi-year risk reduction projects involving multiple control owners.
- Fundamental skills of Task prioritization, Time management, Customer focus.
We're an international bank, nimble enough to act, big enough for impact. For more than 160 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion. Together we:
Recruitment assessments -
- Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do.
- Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well.
- Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term.
- In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
- Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
- Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along withminimum global standards for annual and public holiday, which is combined to 30 days minimum.
- Flexible working options based around home and office locations, with flexible working patterns.
- Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills,global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits.
- A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
- Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.
Visit our careers website