Information Security Risk Officer, Germany (SCB AG)
The Information Security Officer,Standard Chartered Bank AG
position which will act as the appointed Information Security Officer for SCB AG incl. its subsidiary branches (currently France and Sweden). It is a permanent role that requires strong business acumen and deep knowledge and experience in the ICS field. The successful candidate will have a strong understanding of operating in a second line capacity within an ICS or risk management organisation, and can respond flexibly and collaboratively to evolving business, regulatory and threat requirements. The role reports directly to the SCB AG Chief Risk Officer. The ISO SCB AG will work closely locally and with the Standard Chartered Bank Group CISO's Office and others to address ICS as a principal risk type for SCB AG and support its integration into the Bank's overall Enterprise Risk Management strategy to ensure compliance with local regulatory requirements. The role will provide oversight and challenge of ICS risk management and control effectiveness as a risk partner to the covered entities' leadership as defined in the relevant Standard Chartered's ICS Risk Type Frameworks.
The Standard Chartered Bank Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, red teaming, third party security risk, industry partnerships, and regulatory engagement.
In addition, a team of Information Security Officers (ISO) reports to the CISO and performs a pivotal role as an extension of the CISO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions. The Office of the CISO is central to ensuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board. The ISO SCB AG role will provide 'in house' similar level of support to SCB AG in line with the policies and processes utilised across SCB Group by the Group CISOs office whilst maintaining operational independence for SCB AG entities. The holder will, additionally, provide support on an ad-hoc basis to wider Group CISO priorities and projects of work for the SCB Europe region as requested by Group CISO in agreement with SCB AG Chief Risk Officer (CRO). Business
The primary purpose of this position to ensure that the management of ICS risk is operating effectively and efficiently and to provide assurance that ICS risk is appropriately managed within SCB AG and the other covered entities. The role will support the SCB AG Chief Risk Officer (CRO) in their role as the Bank's executive accountable for risk and as the executive accountable for wider ICS risk. The successful candidate will work closely with the SCB Group as the IT service provider, notably the Head, ISO - UK & Europe, the Security Technology Services team, and Countries' CRO, CIO, and Compliance Officers, as well as other key stakeholders to drive requirements and help set priorities for ICS strategy and investment based on acceptable risk tolerance and taking into account the evolving threat and regulatory landscape, policies and standards, and technology infrastructure.
In addition, given the rapidly evolving ICS regulatory environment, successful candidate will have a strong acumen for working with regulators and understanding ICS policy with an ability to articulate new requirements into ICS risk management assessments and processes. The holder will be responsible for building and maintaining relationships with local relevant Regulators and ensuring that the ICS strategy and delivery within SCB AG is in line with regulatory requirements. Processes
The major functional activities that the role will lead and manage are:
Monitoring local authorities concerning regulatory change and ensure timely addressing required changes to relevant parties, in particular Group, to stay compliant with regulatory requirements
Act as appointed Information Security Officer for SCB AG with responsibility for managing all information security issues within the institution and with regard to third parties;
Report to the SCB AG management board on the status of information security on a regular, at least quarterly, basis as well as on an ad hoc basis.
Overseeing and challenging 1st line ICS risk proposals and risk-taking activities;
Contribute required 2nd line requirements for relevant countries to wider Group CISO ICS risk management meetings and commitments
Intervening in 1st line activities if they are not in line Monitoring of ICS risks and associated remediation plans across SCB AG and its Branches using the CISO Governance Risk Type Framework set out by Group and accepted by SCB AG Board;
Assuring the 1st line implements controls to comply with applicable laws and regulations as defined by the CISO Policy team and related SCB AG Country Addendas and escalate significant regulatory non-compliance matters and developments to the appropriate SCB AG risk committees and Group CISO;
Promoting a healthy ICS risk culture and good conduct within SCB AG.
People & Talent
• Lead through example and operate with the appropriate culture and values.
• Uphold and reinforce the independence of the second line ICS Risk function. Risk Management
• Deliver the defined aspects of the SCB AG ISO role to support the SCB AG & Group's ICS risk management approach and objectives.
Ensure risks are managed in accordance with the defined CISO Governance Risk Type Framework and associated Policy and Standards, mainly those that are specific to SCB Europe; and that issues are identified, escalated, and addressed as appropriate
• Establish strong ties into the relevant country leadership, governance, risk and control committees to ensure adequate monitoring, tracking and governance of ICS risk.
• Drive integration of ICS Risk Type Framework into SCB AG and utilise for the ongoing governance of country risk. Regulatory & Business Conduct
Display exemplary conduct and live by the Bank's Values and Code of Conduct.
Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the countries. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Bank' Code of Conduct.
Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Exercise authorities delegated by the Board of Directors and act in accordance with Articles of Association
- Country CROs
- Country CIOs
- Country Compliance Officers
- Country Data Protection Officers
- Country Technology Managers
- Country CEOs
- Banking Regulators
- Head, ISO, UK & Europe
- Global Head, Security Technology Services
- Head of ICS Governance
- Head of ICS Policy
- Country Head Internal Audit
- Head of ICS Assurance and Testing
- Head of ICS Training, Awareness & Exercises
Establish strong relationships with identified stakeholders across SCB AG and Group and understand their strategic goals, in order to ensure ICS alignment.
Articulate the value of ICS controls and their bottom line impact to the covered countries' security and resiliency.
Prepare, present and challenge in a 2nd line capacity at relevant risk committees, steering groups and cross-business opportunities for both SCB AG and Group CISO requirements
Perform Delegation of Authority (DoA) responsibilities for CISO as defined for the countries.
Measure efficient and effective management of ICS risk for the countries.
Validate the accuracy of KRI's and KCI's and other risk ratings, as well as process designs, to meet policy requirements.
Ensure that Process Owners are escalating risk, control, and process deficiencies appropriately in accordance with the relevant risk frameworks.
Build trusted working relationships with other security functional heads, risk and compliance counterparts, and country stakeholders
Utilise appropriate risk management tool(s) to manage, track and monitor ICS risks across the countries.
Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.
Monitor, assess and advise countries on acceptable risk tolerances based on policy and control environment and the evolving regulatory and threat landscape
Our Valued Behaviours Do the right thing:
Be brave, be the change; Think client; Live with integrity Never Settle:
Continuously improve and innovate; Simplify; Learn from your successes and failures Better together:
See more in others; How can I help?; Build for the long term
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
Apply now to join the Bank for those with big career ambitions.