Portfolio Lead- Asset Risk Assessment

  • Competitive
  • Kuala Lumpur, Malaysia Kuala Lumpur Kuala Lumpur MY
  • Permanent, Full time
  • Standard Chartered Bank Malaysia Berhad
  • 14 Aug 18 2018-08-14

Portfolio Lead- Asset Risk Assessment

Security Technology Services - Security & Trust Solution Center

Business Title: Portfolio Lead- Asset Risk Assessment
Location: Kuala Lumpur, Malaysia
Job Grade: Grade H

Group Information Security (GIS) is a critical function within Standard Chartered Bank. It is the GIS mission to protect the Bank from information security threats by delivering effective information security services, responding to security incidents and educating staff. The GIS team, which comprises the CISO and Security Technology Services (STS) functions, is instrumental in ensuring the Bank soundly meets its commitments to internal and external stakeholders and maintains an appropriate cyber security defence posture. Furthermore, the GIS team plays a significant part in the Bank's 'Here for Good' vision and brand promise.
The importance of our mission has strengthened over time and is a principle concern for shareholders, clients, regulators and the communities we operate in. Our Banks success depends on the Group Information Security Function to maintain the correct balance of security capabilities and risk management across the all businesses and functions across our global footprint.

Main Purpose of Job:
The role is a Global Information security risk management position reporting to Asset Risk Assessment Head. The role is expected to perform risk assessments of all classes/types of bank's technology assets.The role require the ability to communicate and build relationships with technology product owners and support teams across geographies.
Key Roles & Responsibilities:
· Evaluate the design and effectiveness of technology controls for applications, infrastructure systems and end user computing tools
· Act as security liaison for all key business and IT projects
· Perform risk reviews based on regulatory requirements.
· Provide advice and support to developers and other relevant support teams in designing and implementing risk mitigation/remediation measures
· Review risks and Identify root causes for common risks and provide recommendations for sustainable improvements
· Review evidences for risk closure and document the evidences
· Perform periodic reviews of controls and assessments to provide assurance
· Report risks and risk summaries accurately to various stakeholders
· Experience in managing teams, along with train & mentor junior staffs

Qualifications & Skills:
· Minimum 12 years experience in Information security, preferably in Banking and Financial services sector
· At least 5 years or more hands-on experience on application/ infrastructure risk assessments
· At least 3 years of experience in implementation or management of security tools/ projects
· At least 2 years in managing people and interacting with senior stakeholder
· Bachelors Degree in Engineering, Computer Science/Information Technology or its equivalent.

Standard Chartered is committed to diversity and inclusion. We believe that a work environment which embraces diversity will enable us to get the best out of the broadest spectrum of people to sustain strong business performance and competitive advantage. By building an inclusive culture, each employee can develop a sense of belonging, and have the opportunity to maximise their personal potential.
· Hands on experience in working on Risk Assessment and performing Control Assessments
· Knowledge on latest security technologies, Cloud, DevOps, Blockchain,etc is a plus.
· Experience in review of the SDLC process and understanding on application architecture and development concepts.
· Experience in performing technical audits and assurance is a plus
· Industry certifications, viz: CISA, CISSP, CRISC or CISM is a must.
· Strong knowledge of security frameworks ( COBIT, ISF) , standards (ISO, NIST, CIS) information security principles and security architecture
· Exhibit leadership skills and strong knowledge on Information Security domain.
· Good knowledge of firewalls, Access Management process and security solutions
· Excellent written, oral communication, stakeholder management and reporting skills