The Role Responsibilities
- The purpose of the Technology Risk Governance role is to help deliver an independent, effective and lean second line of defence for Technology Risk. The role brings together all the required activities under our parent Risk Type Framework and will ensure effective prioritisation and delivery through strong governance.
- The role is part of a wider Group Operational Risk Function which oversees a number of different non-financial risk types. Group Operational Risk is positioned within the bank's Risk Function which is led by the Group's Chief Risk Officer.
- The candidate would be joining at an exciting time, as the team looks to continually strengthen our second line approach, help the organisation safely adopt new technologies safely and support first line risk management and transformation activities. The nature of the role delivers at a Group level, positioning the candidate to have an outsized impact on risk management.
- Join a growing team that is recently empowered to deliver full independent second line technology risk coverage and challenge. Help shape the future of the new team and provide support for teammates who are performing the complementary second line technology risk-coverage roles for each line of business and function.
The role will focus on planning and backlog management for the following activities, in supporting the Governance Lead:
- Group Risk Committees - Analyse and collate themes and escalations, write report(s) as required to document risk insight and challenge, ensure risk committees have appropriate attendance and challenge for technology risk. Challenge submissions made by first line colleagues by providing an OR opinion.
- Risk Appetite - Challenge Risk Appetite for Technology Risk and monitor Risk Appetite exceptions and breaches escalation.
- Scenario Analysis - Provide support for the wider Operational Risk ICAAP Scenario Analysis activities, if they relate to technology risk.
- Risk Management Information - Enrich existing OR risk information reports to support teammates performing coverage roles and drive remediation of data quality exceptions for technology risk information.
- Policy and Standard(s) - Perform the annual Policy Effectiveness Review for the Technology Policy, maintain Policy change control, Challenge-Approve dispensations, plan and execute policy communication and education.
- Control Requirements - Challenge first line control requirements to ensure traceability back to the second line owned policy and monitor conformance through the outputs of risk activities performed by teammates.
- Regulatory - Review first line inputs for the policy and standard backlog, perform regulatory change management through existing Group workflows and where feasible maintain traceability of regulatory requirements to controls, monitor material first line identified gaps.
- Horizon Scanning - Perform or arrange for the delivery of horizon risk research.
- Backlog Management - Maintain a prioritised backlog of commitments across the range of risk management activities, appropriately prioritised for delivery either by the Governance team or by teammates performing Coverage roles for each line of business and function.
- Other: Provide support or act as an advocate for the wider Group Operational Risk activities.
- Awareness and understanding of the Group's and Function's business strategy and model appropriate to the role
- Awareness and understanding of the wider business, economic and market environment in which the Group operates
People and Talent
- Responsible for executing risk management responsibilities of the second line of defence as defined within the Operational Risk Policy and Standard, and Group Technology Policy
- Responsible for individual training and familiarisation of knowledge relevant to the role and subject matter areas of work that is assigned
- Understanding the role's responsibilities with respect to the relevant risk policies/standards, risk framework owner role, and second line operational risk role.
Regulatory and Business Conduct
- Responsible for supporting the maintenance of the Group Technology Policy and relevant documents owned by the CRO Technology team. Responsible for executing activities associated with assessing the effectiveness of the Group Technology Policy. Awareness and understanding of the technology regulations for key markets in in which the Group operates.
- Display exemplary conduct and live by the Group's Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Our Ideal Candidate
- Team colleagues - Coverage officers in our team and roles performing dedicate assurance.
- Enterprise Risk Management and the wider Group and Country Operational Risk Teams
- First Line Technology Process Owners and Teams
- First Line Technology Risk Management
- CIO Domain teams (via coverage officers)
- Control Owners
- Owners of technical standards
- Risk Framework Owners, Policy Owners and SMEs for other risk types (Compliance, Information & Cyber Security, Third Party, Change Management, Resilience).
Role Specific Competencies
- Relevant Professional Certifications (e.g. CRISC, CISA, CGEIT, CISM, ITIL) an advantage.
- 3+ years of experience in financial institutions and/or highly regulated technology dependent industries.
- Previous experience in technology risk roles (First or Second Line) or technology audit (Third Line of Defence). Candidates from technology-related disciplines (e.g. project management, software delivery lifecycles, technology operations) are welcome to apply if they can demonstrate transferable skills and a passion to become a risk professional
- Experience in advisory, audit, or consulting roles that require strong stakeholder management an advantage.
- Profession Certifications related to project management, software delivery lifecycles, technology processes (e.g. ITIL) an advantage or equivalent practical "on the job" experience.
- Familiarity with modern and emerging technology techniques and an interest to stay abreast of industry developments (e.g. Agile development, DevOps, Cloud, APIs, etc).
- Comfortable working in a small team challenging risk-decisions made by more senior staff.
- Able to demonstrate a risk-based approach to focus attention on the key risks and sound judgement on matters that can be dealt with autonomously versus matters that require escalation.
- Comfortable looking beyond a purely task-driven approach and able to take ownership of the wider objective, while seeking for support when required.
- Passionate about keeping abreast of industry developments in technology risk and keen to advance their own subject matter expertise by seeking personal growth opportunities.
- Demonstrates competency in Critical Thinking, Non-Financial Risk Management, managing change and Stakeholder Management.
- Strong business writing skills
About Standard Chartered
- Operational Risk
- Business Partnering
- Manage Risk
- Business Writing
- IT Audit and Control
We're an international bank, nimble enough to act, big enough for impact. For more than 160 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion. Together we:
In line with our Fair Pay Charter,
- Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
- Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
- Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
Recruitment assessments -
- Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations
- Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum
- Flexible working options based around home and office locations, with flexible working patterns
- Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
- A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning
- Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.
Visit our careers website www.sc.com/careers