Director, Risk and Control - Access Management
Ready to take the next step in your career with us?
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base. The Role Responsibilities & Our Ideal Candidate Trust, Data & Resilience
- Significant transformation is underway within the Operations function to rapidly improve the Group's Cyber, Data, Privacy and Automation control environment, along with digitisation and innovation. With this, the first line of defence is being strengthened to:
- Grow trust with clients and regulators by delivering best practice cybersecurity solutions and protecting data and privacy;
- Provide cutting-edge technology for Artificial Intelligence, Robotics and Automation to improving Scalability, Efficiency and Time to Market;
- Contribute to Client Journeys, by providing insights and analytics to steer the Bank and supply real time information for actionable measures; and
- Deliver efficiencies, continuous improvement, maximise risk reduction, resilience, policy and regulatory compliance.
- To support the Operations transformation agenda in growing trust with clients and regulators and maximising risk reduction, resilience, policy and regulatory compliance, the Director role will act as the SPOC to manage the end to end process for internal, external, third-party and regulatory audits/ review for Cyber Security Services (CSS) with the option to expand the role, where needed.
People and Talent
- Drive the continuous engagement of the internal, external, third-party and regulatory audits RFI and issues management process with 2 nd LoD and Internal Audit.
- Provide proactive self-orienting and self-motivating leadership, and work with limited direction
- Lead through example and build the appropriate culture and values. Set appropriate tone and expectations, and work in collaboration with risk and control partner
- Support liaison with Group Internal Audit and any third party or regulatory inspections.
- Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
- Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.
- Support CSS Process owners in the execution of their accountabilities related to:
- Identification and management of the end to end processes as defined by the Process Universe and associated risks for the activities carried out.
- Implementing the RCSA to monitor the effectiveness of the controls and standards governing the end to end process.
- Being accountable to the Group Process Universe Owner, framework and policy owners and implementing the control requirements applicable to the process.
- Escalating significant risks and issues to the Process Universe Owners, relevant Risk Framework Owners or Policy Owners.
- Perform review of the control self-assessment outcomes, monthly control testing results and adequacy of the related remediation actions.
- Support activities related to control design, assessment, testing processes and drive continuous improvement in ORFT and ICS RTF.
- Execute deep dive reviews and consistent, efficient and meaningful CSTs / KCI tests for CSS processes.
- Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction.
- Manage and drive continuous improvement of the CSS control environment through proactive risk management (e.g. technical deep dive and issue validation).
- Execute assessments against controls that underpin an organisation's Cyber/Information Security Management System primary for Access Management and Data Protection.
- Provide good technical input and challenge on assignment to steer team member in producing high quality output which address the risk.
Regulatory & Business Conduct
- Provide timely and accurate reporting to appropriate committees.
- Ensure appropriate oversight and facilitate resolution of high impact risk and issues.
- Tracking and reporting of risk assessments (e.g. audits, risk assessments etc) and their outputs to ensure oversight and escalation mechanisms are in place to provide MI on obligations.
- Work with the CSS Service Lines to identify emerging risks and ensure they are appropriately addressed and subjected to formal governance.
- Support continuous improvement of the CSS internal risk profile reporting, issue management processes and supporting tools
- Display exemplary conduct and live by the Group's Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Lead the COO Trust, Data and Resilience team to achieve the outcomes set out in the Bank's Conduct Principles: The Right Environment.
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters
- Global Head Operations - Trust, Data and Resilience
- Global Head Cyber Security Services
- Service Heads Cyber Security Services
- Trust, Data & Resilience MT
- Cyber Security Services MT
- Group Operational Risk
- Group CISRO
- Group Internal Audit - T&I and Operations and Cyber
Requirements: Skills and Experience
- Perform other responsibilities as assigned by the Service Director.
- Bachelor / Honours Degree in Information Technology, Computer Science, Cyber Security or other technology related qualifications
- 10-15 years of experience in cyber/IT security, technology audit or assurance, which must include some element of experience in a 'first line' security or assurance team.
- Risk & control, assurance or audit experience.
- Experience in Access Management
- Demonstrated ability to support a 'first line' function in responding to external/regulatory audits.
- Background in the information and cyber security domain within international financial services organisations.
- Up to date with key regulation / developments in Information and Cyber Security Management Framework (including Technology Risk Management), Data, Privacy and Automation.
- Risk and control related certification in security domain (i.e. CISA, CRISC).
- Ability to challenge the status quo.
- Excellent organisation skills with ability to manage multiple deadlines and effectively prioritise workload.
- Strong interpersonal skills to foster positive relationships with internal and external stakeholders.
- Highly effective oral and written communication skills, with an ability to influence
- Ability to exercise good judgment and objectivity.
- Demonstrates ability to work with limited direction and multi-task without loss of quality.
- Confident and courageous to raise/escalate issues in a pro-active, professional and timely manner
- Relevant professional qualifications to information security (CISSP, etc.) will be advantageous but not mandatory.
If you're ready to take on your next challenge, apply now.