Director, Third Party Security Risk

Director, Third Party Security Risk

Standard Chartered
10-15 years
Not Specified

Job Description


About Standard Chartered 
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.  
To us, good performance is about much more than turning a profit.  It%26#39;s about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good. 
We%26#39;re committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
Make an impact every day with Trust, Data and Resilience (TDR)
Our TDR team sits within the Group Operations function and is responsible for mission-critical areas including cyber, information, data, privacy and resilience.  These are challenges that impact our clients globally. Our TDR team develops the platforms, drives the processes and builds partnerships to benefit millions of people every day. They thrive in providing solutions to complex issues, devote time and energy to designing new and innovative solutions, and all in an environment that demands being risk-aware, not risk-averse. TDR chooses progress over perfection and aims to always participate with a constructive purpose.  The team makes an impact wherever they are based, be it in our offices around the world, our Global Business Solution centres in China, India, Malaysia and Poland, or even from our home.
Now you have an opportunity to make a meaningful impact with a diverse and passionate team of creators, innovators and achievers. With us, you%26rsquo;ll learn, be inspired, and make an impact every day. The success of our work hinges on how we use the unique diversity of our people to realise the effects we seek to achieve: Always on. Always safe. Always Simple.
The Role Responsibilities
Strategy

  • The successful candidate will have strong experience leading and implementing information security programme in a large international institution.

  • The TPSR program plays a central role across the Bank in managing vendor risk by implementing a standardized end to end data risk security assessment to third parties.

  • The key responsibilities of this role is to perform the thirty party security assessments and lead process improvement initiatives.


Business

  • The primary purpose of this position is to perform critical third-party security risk assessment program for the Bank.

  • The successful candidate will assist with the Head of Risk Identification TPSR; other supply chain and vendor management functions within the bank (Global Sourcing, Legal, Compliance, etc..) and other risk functions (Cloud, privacy, resiliency, CSS ) and integrate third party data security risk processes into the wider bank vendor management process.

  • The role will assist the Head of Risk Identification TPSR to develop and improve the process for engagement of the TPSR team by the business for all new third party entities across all markets, and for ongoing periodic review requirements.

  • The successful candidate will have a deep understanding of technical knowledge related to cloud platforms, and IT general controls, information security, third party risk management and supply chain management.

  • In addition, the successful candidate will assist the Head of Risk Identification TPSR to work closely with the Head of Policy and Governance to ensure policies and procedures related to TPSR are compliant with current regulations and with the Operational Risk Officer to ensure effective management of operational risks within the TPSR field and compliance with applicable internal policies, and external laws and regulations. The successful candidate will have strong senior stakeholder engagement skills.


Processes
The major functional activities are to support the Head of Risk Identification TPSR to deliver the following:

  • Run a process improvement function to review the existing third party risk service line and implement programs of work to improve and expand coverage of the service across the Bank;

  • Work closely with the other supply chain and vendor management functions within the bank (Global Sourcing, Legal, Compliance, etc.) and other risk functions (Cloud, privacy, resiliency, CSS) integrate third party data security risk processes into the wider bank vendor management process;

  • Develop and improve the process for engagement of the third party security risk team by the business for all new third party entities across all markets, and for ongoing periodic review requirements;

  • Ensure compliance to measurement, tracking and reporting third party security risk assurance metrics.

  • Provide regular updates on the third party security risk program, including KPIs, KCIs, and metrics status for delivery to relevant operational, Group, and Board committees.

  • Move the %26lsquo;one fits all%26rsquo; vendor security assessment checklist to a more mature assessment framework that is tailored to common third party services (i.e., check printing, card embossing, etc);

  • Lead the monitoring and reporting of mitigation and remediation actions to track progress against audit and other assessment findings.

  • Develop relationships with multiple local consultancies in different markets to supply onsite and offsite  third party security assessment services;

  • Lead the third party assessor team to facilitate the third party risk governance process.

  • Build trusted working relationships with other security functional heads, risk and compliance counterparts, and business unit stakeholders.

  • Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.

  • Work with the relevant Operational Risk Officer to ensure effective management of operational risks within the TPSR field and compliance with applicable internal policies, and external laws and regulations


People and Talent

  • Lead through example and build the appropriate culture and values.

  • Set appropriate tone and expectations from team and work in collaboration with internal and external partners.

  • Ensure the provision of ongoing training and development of people, and ensure that holders of critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks.

  • Train and retain high quality people, with succession planning for critical roles.

  • Responsibility to review team structure/capacity plans.

  • Uphold and reinforce the independence of the second line ICS Risk function.


Risk Management

  • Ensure that this role is managed in accordance with the defined CISO views on policies and standards, and that issues are identified, escalated, and addressed as appropriate.

  • Manage the Third Party Security Risk professionally and efficiently, closely tracking deliverables and commitments.


Governance

  • Establish strong ties into the relevant business lines governance, risk and control committees to ensure adequate monitoring, tracking and governance of Third Party Security Risk

  • Work with CISO Policy team to coordinate, integrate and represent the Bank%26rsquo;s views on evolving regulations, policies and standards related to Third Party Security Risk.

  • Drive integration of ICS Risk Type Framework into Third Party Security Risk Program


Regulatory %26amp; Business Conduct

  • Display exemplary conduct and live by the Group%26rsquo;s Values and Code of Conduct.

  • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.

  • Lead to achieve the outcomes set out in the Bank%26rsquo;s Conduct Principles: [Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment.] *

  • Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.


Key Stakeholders

  • Global Head TPSR

  • Group Supply Chain Management / Global Sourcing

  • Business Unit stakeholders

  • Group Compliance

  • Group Legal

  • Head of ICS Policy

  • Head of Cyber Partnership

  • Other Risk Pillars required to review third party onboarding


Other Responsibilities

  • Establish strong relationships with identified stakeholders across the regions and countries and understand their strategic goals, in order to ensure ICS alignment.

  • Articulate the views of the Bank on ICS TPSR regulatory and resiliency matters in various organisations and with regulators.

  • Prepare, present and challenge in a 2nd line capacity at relevant risk committees, steering groups and cross-business opportunities.

  • Measure efficient and effective management of ICS risk for the business lines.

  • Validate the accuracy of KRI%26rsquo;s and KCI%26rsquo;s and other risk ratings, as well as process designs, to meet policy requirements.

  • Ensure that Process Owners are escalating risk, control, and process deficiencies appropriately in accordance with the relevant risk frameworks.

  • Build trusted working relationships with other security functional heads, risk and compliance counterparts, and business unit stakeholders.

  • Utilise appropriate risk management tool(s) to manage, track and monitor ICS risks across the client facing business lines.

  • Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.

  • Monitor, assess and advise business lines on acceptable risk tolerances based on policy and control environment and the evolving regulatory and threat landscape.


Our Ideal Candidate

  • Bachelor degree or above from an accredited college/university in an appropriate field.

  • Strong communication skills in English

  • Ideally 10-15 years of experience in information security / IT auditing / ICS Risk, with Big 4 and/or Banking %26amp; Financial services experience

  • Experience in third party audits is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement.

  • Familiarity with working in a MNC or cross-cultural setting.

  • Excellent written and interpersonal skills.

  • Strong time management skills.

  • Ability to draft reports that clearly communicate observations and risks would be required.

  • Strong stakeholder engagement skills, and ability to interact at all levels across an organisation.

  • Strong audit project organisation and management skills.

  • Ability to multitask and ensure that all key priorities are delivered as per agreed timelines.

  • Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and regulatory requirements will be a plus.

  • Competency with Microsoft Office Suite (Word, PowerPoint, Excel, Visio, SharePoint).

  • Certifications (CISSP, CISA, CRISC, CCSP) will be a plus


Apply now to join the Bank for those with big career ambitions. 
To view information on our benefits including our flexible working please visit our . We welcome conversations on flexible working.

Job Details

Similar Jobs

Career Advice to Find Better