Global Head, Third Party Security Risk

  • Competitive
  • Kuala Lumpur, Malaysia Kuala Lumpur Kuala Lumpur MY
  • Permanent, Full time
  • Standard Chartered Bank Malaysia Berhad
  • 19 May 18 2018-05-19

Global Head, Third Party Security Risk

Leading the way in International Banking. With more than 86,000 employees in 68 countries, and a 150-year history in some of the world's most dynamic markets, Standard Chartered is listed on the London and Hong Kong Stock Exchanges as well as the Bombay and National Stock Exchanges in India. See our history

The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, red teaming, third party security risk, industry partnerships, and regulatory engagement. In addition, a team of Information Security Officers (ISO) reports to the CISO and performs a pivotal role as an extension of the CISO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions. The Office of the CISO is central to ensuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.

Strategy
The Global Head, Third Party Security Risk (TPSR) is a permanent role that requires strong business acumen and knowledge of risk management and process controls in the ICS field. The successful candidate will have strong experience leading and implementing information security programmes in a large international institution. The Global Head of TPSR will lead the third-party security risk assessment program within the Bank. The program plays a central role across the Bank in managing vendor risk by implementing a standardized data risk security assessment to third parties. A key responsibility is collaborating with different areas of the bank that are responsible for vendor management to build integration of third party data security risk into the wider bank vendor management process. The role is expected to lead the coverage of third party security reviews to include all vendors, outsourced service providers, joint ventures, and alliance partners across all of the Bank's markets. Key outcomes are to drive continuous process improvements and efficiency of the program while maintaining regulatory and Bank compliance. The Global Head of TPSR will report directly to the CISO and is part of the CISO Leadership Team.

Business
The primary purpose of this position is to lead the third party security risk assessment programme within the Bank. The successful candidate will work closely with the CISO and the supply chain and vendor management functions within the bank (Global Sourcing, Legal, Compliance, Business Contract Managers, etc..) and integrate third party data security risk processes into the wider bank risk and vendor management processes. In addition, the role will lead improvements in the process for engagement of the TPSR team by the business for all new third party entities across all markets, and for ongoing periodic review requirements. The successful candidate will have a solid understanding of information security, third party risk management and supply chain management. In addition, the successful candidate will work closely with the Global Head of ICS Governance and Risk to ensure policies and procedures related to TPSR meet internal and regulatory policy requirements. The individual will also work with the Operational Risk Officer to ensure effective management of operational risks within the TPSR function, as well as with Group Internal Audit. The successful candidate will have exemplary senior stakeholder engagement skills.

Processes
The major functional activities that the Global Head, Third Party Security Risk will lead and manage are:
• Manage the TPSR function end-to-end within the Bank and ensure continuous improvements and efficiencies are gained.
• Lead a review of the existing TPSR function, in collaboration with the Business Efficiency and Vendor Management teams, to implement initiatives to improve and simplify processes across the Bank.
• Work closely with the other supply chain and vendor management functions within the bank (Global Sourcing, Legal, Compliance, Business Contract Managers, etc.) and integrate third party data security risk processes into the wider bank vendor management process.
• Improve the process for engagement of the third party security risk team by the business for all new third party entities across all markets, and for ongoing periodic review requirements.
• Lead the measurement, tracking, and reporting of third party security risk assurance metrics.
• Provide regular updates on the third party security risk program, including KPIs, KCIs, and metrics status for delivery to relevant Operational, Group, and Board Risk committees.
• Lead the maturation of the TPSR assessment framework to be a more dynamic process that can more easily accommodate common third party financial services (i.e., check printing, card embossing, etc).
• Lead the monitoring and reporting of mitigation and remediation actions to track progress against audit and other assessment findings.
• Maintain relationships with multiple local consultancies in different markets to supply onsite third party security assessment services.
• Lead a team to facilitate the third party risk governance and due diligence process.
• Build trusted working relationships with other security functional heads, risk and compliance counterparts, and business unit stakeholders.
• Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.
• Work with the relevant Operational Risk Officer to ensure effective management of operational risks within the TPSR function and compliance with applicable internal policies, and external laws and regulations.

People and Talent
• Lead through example and build the appropriate culture and values.
• Set appropriate tone and expectations for team and work in collaboration with internal and external partners.
• Ensure the provision of ongoing training and development of people, and ensure that holders of critical functions are suitably skilled and qualified for their roles and that they have effective supervision in place to mitigate risks.
• Employ, engage and retain high quality people, with succession planning for critical roles.
• Responsibility to review team structure/capacity plans.
• Manage team of six direct reports and overall team of approximately 50.
• Set and monitor job descriptions and objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectives.
• Uphold and reinforce the independence of the second line ICS Risk function.

Risk Management
• Deliver the defined aspects of the Global Head, Third Party Security Risk.
• Ensure that the Global Head, TPSR role is managed in accordance with the defined CISO views on policies and standards, and that issues are identified, escalated, and addressed as appropriate.
• Manage the TPSR team professionally and efficiently, closely tracking deliverables and commitments.


Governance

• Establish strong ties into the relevant business lines governance, risk and control committees to ensure adequate monitoring, tracking and governance of the TPSR function.
• Work with the CISO Cyber Partnerships & Government Strategy team to coordinate, integrate and represent the Bank's views on evolving regulations, policies and standards related to Third Party Security Risk.
• Drive integration of ICS Risk Type Framework into Third Party Security Risk Program

Regulatory & Business Conduct
• Display exemplary conduct and live by the Group's Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Lead the TPSR team to achieve the outcomes set out in the Bank's Conduct Principles: [Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment].
• Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.
• Exercise authorities delegated by the Board of Directors and act in accordance with Articles of Association.

Key Stakeholders
• Group CISO
• Group Supply Chain Management / Global Sourcing
• Business Unit stakeholders
• Group Compliance
• Group Legal
• Group Internal Audit
• Group Operational Risk
• Business, Functions, and Regional ISOs
• Global Head of ICS Governance, Risk & Policy
• Global Head of Cyber Partnerships & Government Strategy

Other Responsibilities
• Establish strong relationships with identified stakeholders across the regions and countries and understand their strategic goals, to ensure TPSR alignment and engagement.
• Measure efficient and effective management of TPSR risk across the Bank.
• Validate the accuracy of KRI's and KCI's and other risk ratings, as well as process designs, to meet TPSR requirements.
• Build trusted working relationships with other security functional heads, risk and compliance counterparts, and business unit stakeholders.
• Lead implementation of appropriate risk management tool(s) and technology to manage, track and monitor TPSR risks across the Bank.
• Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.

QUALIFICATIONS
• Experience in third party risk is a plus, but solid information security experience and a proven track record of leading successful information security programs and teams is priority. Minimum 18 years experience in information security, risk management, or equivalent field, preferably in Banking or Financial Services.
• Strong leadership, negotiation and collaboration skills, and ability to work effectively in a complex multicultural and multi-time zone organization.
• Strong senior stakeholder engagement skills.
• Thorough understanding of IT security business processes, risks, threats and internal controls.
• Experience working in or with the financial services industry, or an ICS policy organisation in another industry, with keen understanding of business and operational environments.
• Thorough understanding and experience with regulators, multi-stakeholder organisations, trade associations, and information sharing partnerships.
• Strong analytical and program management skills.
• Experience in leading a geographically dispersed organization.
• Strong ability to collect and analyse data and make recommendations in written and oral form.
• Strong ability to liaise with all parts of the Bank, including senior security, risk and business stakeholders.
• Excellent communication skills
• Bachelor's Degree in Information Technology, Cybersecurity, Business Management, or other related discipline.
• Graduate degree (Master's) and/or professional certifications have an advantage (e.g., CISA, CISSP, CISM, ITIL, PMP).

VALUED BEHAVIOURS
Do the right thing: Be brave, be the change; Think client; Live with integrity
Never Settle: Continuously improve and innovate; Simplify; Learn from your successes and failures
Better together: See more in others; How can I help?; Build for the long term

If you're a bright mind with big ambitions, we'll actively encourage you to fulfil your potential. Thanks to our rich and varied international footprint, we can offer exciting opportunities working across different countries and cultures. Apply Now and take the next step in fulfilling your potential.