About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It%26#39;s about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We%26#39;re committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.The Role ResponsibilitiesRisk Management
- Engage domain service owners, process owner, service leads, SMEs (Domain Stakeholders) to prepare / conduct risk assessment, risk treatment plan, to seek risk acceptance with appropriate risk officers.
- Manage and drive Risk Treatment Plan, Risk and Control Self-Assessment.
- Onboarding key control indicator (KCI) and key risk indicators (KRI). Advise on the design of key controls, key control indicator (KCI) and key risk indicators (KRI).
- Monitor and report KCI and KRI as per metric defined. Review trend of material exceptions, identify systemic failures, escalate and drive control improvements. Review and agree changes or new KCI / KRI with Second Lines, UORM, T%26amp;I RC, etc
- Identify Potential Failures in processes, advise and drive risk treatment / risk mitigation and risk monitoring
- Conduct control sample testing (CST) on key control to attest the control operating effectiveness (COE).
- Plan and drive risk and control reviews on new and in-flight projects
- Track all material risks and drive remediation actions to reduce the risk
- Provide support and guidance on risk remediation, control design to Domain Stakeholders. Review and approve proposed change in controls
- Represent the Domain as the Single Point of Contact (SPoC) on internal and external audits
- Ensure that the affected Domain (and units within) are sufficiently prepared for upcoming audits
- Stay current of regulatory requirements, threats and leading industry practice and advise ET Head in risk management and control design
- Review the adequacy and effectiveness of policies, standards, guidelines, process. Identify any material gaps, advice on control improvement
- Conduct monthly Domain Risk Forum (DoRF) to drive risk discipline, risk awareness, risk reduction actions. Ensure attendance of Management Team (MT) members. Provide challenge to ensure robust risk management
- Work with Awareness and Communication team to promote staff awareness on risk, compliance, audit support and remediation
- Plan, drive and/or perform control adequacy review to identify risk, non-compliance, control gap, vulnerabilities and advise remediation, preventive, corrective controls to Service Owners
- Ensure that MT (and any other stakeholder as required) is kept aware of the key risk, control %26amp; audit issue of the Domain through periodical risk forum and reporting
- Prepare and provide management report on risk, compliance audit or remediation to MT, Risk Forum
- Ensure that all management information is produced in line with the defined schedule and quality and should support management decision and action
- Ensure integrity of source and the processing of data to deliver accurate representation in management information
- Serve as single point of contact (SPoC) to handle information request from, and provide responses to regulators, external or internal auditors. Attend audit meetings, clarification, review.
- Facilitate the review and verification on audit findings for accuracy, risk rating and remediation management action plans (MAP) with service owners. Review adequacy of management response to audit findings
- Facilitate or mange the audit remediation to provide timely update on process and timely completion. Review remediation to ensure risks are significantly mitigated
- Review progress and timely remediation of audit findings
- Share thematic risk %26amp; audit findings across Domains and Units
- Manage stakeholder expectations and influence stakeholders in understanding risk and impacts, importance and priorities on threat and vulnerabilities of the Bank to be remediated, regulatory compliance gap to be addressed
- Attend to any issue contention and resolve them including remediation ownership contention, remediation scope creep or challenge arising that may delay the remediation closure
- Lead Annual Technology Process Refresh for existing Process in the Domain as per the Bank Technology Governance framework. Drive Process Onboarding for New Process in the Domain
- Advise on RCSA design as part of the Process Refresh. Advise the KCI / KRI required for the Process. Onboarding the KCI / KRI as part of RCSA.
- SPoC for the Domain on major incident review, drive risk and control review and control improvement required on Domain
- Drive implementation and adoption of agreed initiatives across the Domain including communication, control design and control monitoring.
- Global Head, Enterprise Services
- Global Head, Core Infra Services
- Global Head, Network Services
- Head, Storage and Backup
- Head, Service Management
- Head, Data Center Services
- Head, Enterprise Services Risk and Control
- Head, Onsite Technology Services (OTS)
- Head, Regional OTS GCNA, EUA, ASA and AME
- Second Line (Group Operation Risk, CISRO Risk Officers)
- Service Heads and Operation Risk Managers (ORMs) in other Domains (Cyber Security Services, Security Technology Services, Technology Operations, Cloud %26amp; DevOp Services)
- Group Internal Audit and external auditors
Our Ideal Candidate
- Lead and Drive cross domain risk initiative as required
- 5 years and above of experience in IT or Operation risk management in either Banking and Financial services sector, global IT shared service organization, or IT audit organization. In-depth understanding of control design and operation in IT Risk
- Advanced knowledge and experience in Risk and Control Self-Assessment, Risk Monitoring (KCI, KRI) and Control Self Testing
- Experience in writing Risk Assessment Paper, Risk Acceptance paper, Risk Treatment Plan.
- Good understanding of regulatory requirements, IT risk and controls. Knowledge of methods, tools, techniques for anticipating, identifying, assessing and responding to technology risks and issues.
- Experience in engaging auditor and managing technology audit engagement. Experience in writing management response to audit issue. Minimum 2 years of hands-on experience in audit engagement and remediation
- Strong people management capabilities. Confident and self-motivated leader with experience in effectively negotiating with and influencing others in a matrix environment. Ability and confidence to engage and drive risk objectives across a wide range of seniority levels, functional divides, locations and businesses
- Possess a pro-active and resilient posture, stay focus and committed to deliver risk objectives and book of work across complex, global environments
- Ability to gather and analyse facts and data in complex, global environment, provide value-added analysis and recommendation to management, make quality judgement and support critical decision in investment or risk response
- Excellent written and oral English communication skills.
- CRISC or CISA or CISM or CISSP certified is definite advantage
- Bachelor Degree in Computer Science / Information Technology, Engineering, Finance or equivalent
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our . We welcome conversations on flexible working.