Risk and Controls Manager – Cloud

  • Competitive
  • Kuala Lumpur, Malaysia
  • Permanent, Full time
  • Standard Chartered Bank Malaysia Berhad
  • 19 Oct 18

Risk and Controls Manager – Cloud

About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

The Role Responsibilities
The Manager Risk & Control role is responsible for and has oversight over Operational Risk management, control management and audit management across the Portfolio (i.e. multiple domains) that has been assigned to the role. This role is key and responsible for continuing improvements in the Cloud Infrastructure Services Portfolio (i.e. multiple domains) approach to risk identification and mitigation, control management and audit engagement within the framework set out by the relevant authorities.

This risk and controls role ensures a constant state of preparation, readiness and continuous improvement across process, risk management and reduction, audit success, documentation, MIS systems and reporting


§ Guide and integrate the Cloud team in strategic planning and implementation of agreed policy

§ Monitor and report on compliance and non-compliance to this framework, working across the business unit to ensure that all risks are identified, tracked and closed in a timely manner.

§ Ensure that management reports tracking these activities are delivered in a timely manner.

§ Participate in and drive the internal risk committee and attend Group risk committee (where relevant) representing the function.


§ Awareness and understanding of the wider business, economic and market environment in which the group operates.

§ Forge deep relationships with key stakeholders to understand their requirements and where applicable factor into the strategic roadmap.

Risk Reviews

§ Scope and plan thematic risk / control reviews aligning with the Portfolio's key objectives, Group Internal Audit themes and key risk areas (may include suppliers where appropriate)

§ Provide guidance on scope and plan risk / control reviews of significant new projects

§ Provide guidance to SRMs / RMs (ORMs) on execution of risk / control reviews

§ Monitor material actions and risks arising from the reviews (Unit risk forums/TSRCF)

§ Provide support and guidance on control design to SRM / RM (ORMs) and Process Owner. Review proposed addition of or change in controls.

§ Review and propose changes and / or new Control indicators (KCI, KRI, CST etc) with 2nd Line (GOR)

§ Represent the Portfolio (i.e. multiple domains) as the Single Point of Contact (SPoC) on internal and external audits and Subject Matter Expert (SME) on the audit working practices

- Ensure that the affected Portfolio i.e. multiple domains (and units within) and SRM / RM (ORMs) are sufficiently prepared for upcoming audits

- Review adequacy of management response to audit findings

- Review progress and timely closure of audit findings

- Share thematic risk & audit findings across Portfolio i.e. multiple domains and units.

Risk Forums

§ Provide support and guidance to SRM / RM (ORMs) and Process Owner to deliver all risk forums within the Portfolio (i.e. multiple domains) and operates within the approved Terms of Reference (ToR), including membership, agenda, frequency.etc.

§ Facilitation of and pack production for the Portfolio (i.e. multiple domains) risk forums. Provide challenge to ensure robust Risk Management practice

§ Provide governance support to the RM / SRM at the unit risk forums

§ Submission of risk and control related details to Technology Services Risk Forum (TSRCF), within schedule and at the required quality. To be approved by R&C - Function Head

Process Risk Analysis (PRA)

§ Provide support and guidance to SRM / RM (ORMs) and Process Owner for PRAs as needed to support efforts in reviewing process and control effectiveness and risk identification

§ Review and endorse outcomes of PRA and track material actions and risks that arise from it

§ Provide support and guidance on control design to SRM / RM and Process Owner. Review and approve proposed addition of or change in controls

§ Review and agree changes and / or new Control indicators (KCI, KRI, CST etc) with R&C - Function Head

People and Talent

§ Lead through example and build the appropriate culture and values. Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.

§ Ensure the provision of ongoing training and development of people, and ensure that holders of all critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks.

§ Employ, engage and retain high quality people.

§ Set and monitor job descriptions and objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectives

Risk Management

§ Work across the unit to develop a strong Risk and compliance culture liaising with the unit heads to build a robust Risk and Compliance framework and ensure that this its requirements are fulfilled.

§ Monitoring and reporting on compliance and non-compliance to this framework, working across the business unit to ensure that all risks identified but the framework are identified, tracked and closed in a timely manner

§ Ensure that management reports tracking these activities are delivered in a timely manner. Run the internal risk committee and attend Group risk committee representing the function.

§ The ability to interpret the Group's financial information, identify key issues based on this information and put in place appropriate controls and measures.

§ Take personal responsibility for understanding the risk and compliance requirements of the role

§ Embed the Group's values and code of conduct to ensure that adherence with the highest standards of ethics, and compliance with relevant policies, processes and regulations among employees form part of the culture.

Management Information

·Ensure that management (and any other stakeholder as required) is kept aware of the risk, control & audit profile of the Portfolio i.e. multiple domains through periodical reporting

·Ensure that all management information is produced in line with the defined schedule and quality and should support management decision and action

·Ensure integrity of source and the processing of data to deliver accurate representation in management information

Validation of Controls: (KCI, KRI, CST,)

·Review trend analysis of exceptions and identify systemic failures

·Identify material exceptions and escalate

Issue Management (records in TRMF, EORP & Riskwise)

·Review and endorse new and changed records (including treatment plans and risk ratings)

·Oversight of completeness and integrity of data

·Prepare the issue closure pack and provide for Group Internal Audit for cases cutting across multiple domains (where appropriate)

Change Management

·Drive implementation and adoption of agreed initiatives across the Portfolio i.e. multiple domains including training, communication and awareness.


§ Responsible for assessing the effectiveness of the Group's arrangements to deliver effective governance, oversight and controls in the business and, if necessary, oversee changes in these areas

§ Awareness and understanding of the regulatory framework, in which the Group operates, and the regulatory requirements and expectations relevant to the role.

§ Responsible for delivering 'effective governance'; capability to challenge fellow executives effectively; and

§ Willingness to work with any local regulators in an open and cooperative manner.

Regulatory & Business Conduct

· Display exemplary conduct and live by the Group's Values and Code of Conduct.

· Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.

· Lead the Cloud Risk & Compliance team to achieve the outcomes set out in the Bank's Conduct Principles: Fair Outcomes for Clients; Financial Crime Compliance; The Right Environment.

· Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders

§ CIO, Group Chief Information Officer

§ Global Head, Technology Services

§ Global Head, ITO Governance & Change

§ Group Compliance

§ Global Head, Operations & Countries

§ Global Head, Cloud Infrastructure Services

§ Management Team, Cloud Infrastructure Services

Other Responsibilities

§ Embed Here for good and Group's brand and values in Cloud Infrastructure Services team.

§ Perform other responsibilities assigned under Group, Country or Functional policies and procedures.

Apply now to join the Bank for those with big career ambitions.