Security Technology Services-Risk Manager Security Technology Services-Risk Manager …

Standard Chartered Global Business Services Sdn Bhd
in Kuala Lumpur, Kuala Lumpur, Malaysia
Permanent, Full time
Be the first to apply
Standard Chartered Global Business Services Sdn Bhd
in Kuala Lumpur, Kuala Lumpur, Malaysia
Permanent, Full time
Be the first to apply
Security Technology Services-Risk Manager
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

Security Technology Services (STS) is a critical function within Standard Chartered Bank operating under the overall purview of "Technology Services" .

The STS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products in order to maintain and continuously improve Bank's cyber security posture in today's ever evolving cyber security landscape.

The STS team protect the Bank from cyber security threats by delivering effective information security technology services, managing and responding to security incidents to ensure, and support the continuity and growth of Bank's business operations; and meet the both internal and external stakeholders' expectations across 70+ countries and territories, in which SCB operates.

As part of the Security Transformation activities within SCB, a governance function within Identity and Access management is getting strengthened to cover the assurance function globally from access management perspective. This requires a highly skilled and experienced risk and assurance profession to build the governance model and capability improve Bank's access management risk posture in order protect the Bank from complex cyber threats.
Job Overview:
  • The Lead Risk & Control - Assessments, Framework & Audit Management sits within the Identity Access Management (IAM) - Risk and Control team and is responsible for and has to execute oversight over Risk Management frameworks, proactive risk and control assessments, as well as internal audit management across Technology Services.

  • This role is key and responsible for continuing improvements of the IAM control environment via proactive risk assessments and structured risk & control management.

  • This role aims to support a constant state of an established control environment, identification of key risks, drive/oversee cross-IAM risk remediation, audit readiness and continuous improvement across process and risk management.

Job Purpose
  • Drive, govern, guide and perform pro-active internal control self-assessment activities across IAM

  • Support implementation of effective and efficient controls to minimise / mitigate operational impact

  • Ensure proper management of internal audits across the audit lifecycle; timely responses to and validation of draft reports; govern / oversee the timely remediation of internal audit actions and issues; ensure remediation is in accordance with defined action plan

  • Issue and maintain the banks risk management frameworks and guidance

Key Responsibilities
1. Pro-active Risk Assessments
  • Define and maintain approach for domain-internal risk assessments as well as process risk assessments

  • Scope and plan thematic risk / control reviews of IAM processes (COBIT)

  • Govern domain-internal risk assessments. Ensure coverage of key topics and upcoming Internal Audit themes

  • Provide guidance on scope and plan risk / control reviews of significant new projects

  • Provide guidance to IAM domain risk teams on execution of risk / control reviews

  • Monitor material actions and risks arising from the reviews

  • Provide support and guidance on control design. Review proposed addition of or change in controls and related KRI / KCI metrics.

2. Internal Audit Management
  • Ensure IAM adhere to audit process and fully ensure factual accuracy of audit findings and reports

  • Review adequacy of management response to audit findings

  • Review progress and timely closure of audit findings

  • Share thematic risk & audit findings across TS for cross-remediation / review

  • As and when required drive cross-STS remediation / SWAT exercises

3. Framework
  • Define and maintain IAM-internal framework / guidelines for risk & control (Overall, assessments, audit management, etc.)

  • Define and maintain approach for domain-internal risk assessments as well as process risk assessments

  • Drive establishment and maintenance of golden sources for all risk topics

Key Relationships
  • STS and TS Domain Heads and Process Owners

  • Domain Risk Managers and teams

  • ITO Risk & Control for advice and guidance and steering with regards to group initiatives

  • Group Operational Risk (GOR) for interpretation and effective implementation of its Policy and Procedures

  • Legal & Compliance for interpretation of and consultations on regulatory requirements

  • Process Governance team for process and control metrics

  • Group Internal Audit (GIA)

  • TS External Audit Compliance Team for external and regulatory audits

Key Success Criteria
  • Driving / supporting improvements in IAM control environment adhering to the guidance from STS and TS

  • Completion of internal risk assessments / reviews as per plan

  • Satisfactory results on audits undertaken by Group Internal Audit, FSA, regulators and external auditors

  • Timely reporting and escalation of all operational risk exposures and control failures

  • Cross team collaboration and leadership - proactive engagement with stakeholders

Our Ideal Candidate
  • At least 10 years of work experience in Technology Risk and / or Technology Audit disciplines

  • An in-depth understanding of controls required to manage Technology Risk and preferable experience with tools that have been used in the industry to do so

  • An understanding of Technology Infrastructure / Applications / Project Lifecycle and the associated controls required through project delivery to manage and mitigate risk

  • Knowledge of approaches, tools, techniques for recognising, anticipating, and resolving operational or process problems

  • Confident and self-motivated leader with experience in effectively negotiating with and influencing others in a matrix environment

  • Ability and confidence to operate across a wide range of seniority levels, Portfolio (i.e. multiple domains) operational divides, locations and businesses

  • Be able to create and tailor clear and concise verbal and written communications to different audiences, fluent written and spoken English language skills

  • Possess a pro-active posture and committed to continuous improvement

  • Good presentation skills

  • Demonstrable analytical thinking

  • Data analysis and reporting skills

  • A team player who enjoys working with people on all levels as well as being able to work independently and under pressure to meet tight deadlines.

The following skills are not a pre-requisite, but will be advantageous:
  • Practical experience in engaging / managing technology audit engagement or being a member of a technology audit team

  • Experience in implementing ITIL or COBIT

  • Organizational Change Management experience. Plan for and overcome the issues encountered with change, deliver sustainable change

  • Project management experience / background, ideally with distributed teams

  • Experience in any Operational risk management discipline

  • Experience working in a financial institution

  • Tertiary qualifications in IT, Business Administration or Commerce

The following qualifications are not a pre-requisites, but will be advantageous:
  • ITIL Foundation certification

  • Certification in CRISC (Certified in Risk and Information Systems Control certification),

  • Certification in CISA (Certified Information System Auditor) or any other related qualification

  • Any COBIT related certification

Apply now to join the Bank for those with big career ambitions.