About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It%27s about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We%27re committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
of this role is a single point of contact (‘SPOC’) within the Second-Line Group
Operational Risk Function for all Technology Risk matters, collaborating as
appropriate with other Business and Function-aligned Group Operational Risk
teams, Subject Matter Experts that set Technology-related Standards, Process
Owners that govern technology processes, First-Line Risk %26amp; Control staff,
and CIO teams delivering build and run technology services.
is a Second Line of Defence challenge role under the Group Operational Risk
umbrella of non-financial risk-types, responsible for monitoring and ensuring
that the Technology %26amp; Innovation Function meets their obligations under the
Group Technology Risk Policy using a risk management approach consistent with
the Operational Risk Type Framework and Standard.
ownership of Second-Line Risk Framework Owner ( SME) responsibilities for
activities performed under the Operational Risk Type Framework and Standard as
they related to Technology Risk matters. The role will be focused on a specific
area of attention (i.e. one or more T%26amp;I Processes, CIO Domains, OR
activities) as directed by the Head of Operational Risk, Technology. For the
area of attention, the role will cut across one or more of the following
Risk Appetite - Provide
support for monitoring risk outcomes are within Technology Risk appetite
and challenge the appropriateness of treatment actions. Provide subject
matter expertise in improving risk information in support of Risk Appetite.
Scenario Analysis - Provide
support for selecting appropriate scenarios, help drive workshop outcomes
with other members of an expert panel and challenge appropriateness of the
analysis outcomes in support of the OR-led ICAAP.
Risk %26amp; Control
Self-Assessments (RCSA) - Challenge key RCSA steps including
Risk Assessments, Control Designs against Standards, Treatment Plans,
Annual Reviews and Top Down Reviews. Ensure assessments are completed
timely and final approvals are obtained within the required approval
authorities for Elevated Risks and Treatment Plans.
Response Framework - Challenge
the 1st Line of Defence assessment of impact and treatment
actions for materialised operational risk events (OREs). Challenge the
appropriateness of Root Cause Reviews (RCRs) for Material Risk Events
(MREs). Ensure OREs and RCRs are completed timely and final
approvals are obtained within the required approval authorities for MREs.
Provide support to Group Operational Risk Heads on actionable insight into
Technology Risk matters that would benefit from escalation to Business and
Function Non-Financial Risk Committees.
Keep informed of regulatory developments in Technology Risk matters.
Provide support for information requests on an as-needed basis.
Challenge the 1st Line of Defence assessment of change
delivery risks and the appropriateness of go-live readiness checks for
Perform thematic and targeted assurance reviews for prioritised areas.
Risk-Type Effectiveness Reviews - Provide support in monitoring
effectiveness activities, including any independent reviews as required,
for the Technology Risk Policy and Technology Risk OR sub-risk type.
Horizon Risk - Contribute
to horizon risk scanning activities performed by Group Operational Risk
and support if needed the 1st Line of Defence equivalent
support or act as an advocate for the wider Group Operational Risk activities:
OR Systems and
Help to ensure the data quality of risk information held in the OR
supporting systems(s). Get involved as needed in user acceptance testing
and contribute to ideas for feature enhancements.
Help promote the wider training available via the Group Operational Risk
function and contribute as required to development of materials. Get
involved as needed in developing or running training for Technology Risk.
AskOR - Support
AskOR colleagues in resolving any queries directed to the Technology Risk
OR sub-risk type Risk Framework Owner delegate.
Accountability (Behavioural Feedback Surveys) - Provide
support on an as-needed basis for Event Reviews (i.e. Conduct
accountability) for Materialised Risk Events and Behavioural Feedback for
Material Risk Takers.
Innovation Process Owners and Teams
Innovation Risk %26amp; Control Teams
Innovation CIO Domain Teams
Operational Risk Teams
Framework Owner delegates for risk types relevant to Technology Risk
(Compliance, Information %26amp; Cyber Security, Operational Risk Sub-Types
- Vendor Service, Change Management, Client Service Resilience).
Our Ideal Candidate
working in a single contributor role and/or small team challenging
risk-decisions made by more senior staff.
demonstrate a risk-based approach to focus attention on the key risks and
sound judgement on matters that can be dealt with autonomously versus
matters that require escalation.
looking beyond a purely task-driven approach and able to take ownership of
the wider objective, while seeking for support when required.
keeping abreast of industry developments in technology risk and keen to
advance their own subject matter expertise by seeking personal growth
demonstrate Advanced (Band 5a) level of competency in Critical Thinking,
Non-Financial Risk Management including Operational Risk, Managing Change
and Stakeholder Management.
demonstrate previous experience in technology risk roles (1st,
2nd or 3rd line of defence) and/or practical
hands-on experience in delivering technology solutions or technology
support with a view to make a career move into a risk role. Candidates
with experience in other non-financial risk disciplines are also
encouraged to apply if able to demonstrate a strong interest and
understanding of technology risk.
Minimum 15 (Band
5a) years’ experience in financial institutions and/or highly regulated
technology dependent industries.
advisory, audit, or consulting roles that require strong stakeholder management
Certifications related to technology risk (e.g. ISACA CRISC, CGEIT, CISA)
Certifications related to project management, software delivery
lifecycles, technology processes (e.g. ITIL) an advantage or equivalent
practical on the job experience.
Familiarity with modern and emerging technology
techniques and an interest to stay abreast of industry developments (e.g. Agile
development, DevOps, Cloud, APIs, service-orientated architectures etc).
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our . We welcome conversations on flexible working.