Global Head of Information & Cyber Security Governance, Policy & Risk
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Type Framework and for instilling a culture of cyber security within the Bank. The Group CISO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, control assurance, cyber stress testing, red teaming, third party security risk, industry partnerships, and government engagement. In addition, a team of Information Security Officers (ISO) reports to the CISO and performs a pivotal role as an extension of the CISO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Businesses, Regions, and Functions across the Bank. The Group CISO function is central to assuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including customers and regulators, as well as maintaining an acceptable ICS risk appetite and profile that is regularly reported to the Board. Strategy
The Global Head of ICS Governance, Policy and Risk is a permanent strategic role that requires strong business acumen and a detailed knowledge of ICS risk governance, frameworks, policies, standards, and procedures. The successful candidate will have a finely tuned understanding of the challenges of policy implementation and governance and can respond in a flexible and collaborative manner to evolving business, regulatory and threat requirements. The role reports directly to the Group CISO and is part of the CISO Leadership Team. The Global Head (Managing Director-level) will work closely with the Group CISO and others to address ICS as an identified "top risk" for the Bank and integrate it into the Bank's overall Enterprise Risk Management Framework (ERMF). Business
The primary purpose of this position is to ensure that governance of ICS risk within the Bank is operating effectively and efficiently, and to provide assurance that the risk is appropriately managed. The Global Head will support the CISO in their role as the Bank's executive accountable for ICS risk management, governance and strategy. The successful candidate will work closely with the CISO, Head of Security Technology Services, Head of Operational Risk, Head of Enterprise Risk Management, Head of Operations for Cyber and others to support the Bank's security strategy, drive requirements and set priorities for investment based on acceptable risk tolerance, threat and regulatory landscape, resources, policies, and the technology infrastructure environment. Other key stakeholders include CIO for Technology Services, Business COOs and Region/Country CIOs, as well as Group Internal Audit, and banking regulators. Processes
The major functional activities that the Global Head will lead are: maintaining the Bank's ICS governance framework and ensuring it is aligned against the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) and other global standards; leading a global team to conduct ICS risk analysis, reporting and management activities; reviewing, testing and attestation of the implementation of the policy and control libraries; development and management of KRI, KPI and metrics reporting and presentation; and a range of other governance activities. People and Talent
• Lead through example and build the appropriate culture and values. Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.
• Ensure the provision of ongoing training and development of people and ensure that holders of all critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks.
• Employ, engage and retain high quality people, with succession planning for critical roles.
• Review team structure/capacity plans and ensure alignment with the risk control needs of the Bank.
• Set and monitor job descriptions and objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectives.
• Uphold and reinforce the independence of the Risk function (second line) from those whose primary responsibility is to operate business functions (first line). Risk Management
• Ensure risk metrics are developed and actively reviewed.
• Manage and oversee the implementation of the ICS Risk Type Framework (as part of the ERMF) and the ICS Risk Profiles.
• Implement and actively review the Group ICS Policy and relevant Standards.
• Work with Group Internal Audit, Operational Risk, Compliance and Assurance and outside consultants as appropriate on required security audits and assessments.
• Establish and maintain rigor in monitoring ICS risk governance and management.
• Ensure appropriate internal mechanisms for overseeing and managing delivery, execution, and other risks within the Governance, Policy and Risk team.
• Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.
Regulatory & Business Conduct
• Display exemplary conduct and live by the Group's Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Lead the ICS Governance, Policy and Risk function to achieve the outcomes set out in the Bank's Conduct Principles: Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters. Other Responsibilities
• Discharge the Group CISO function's governance accountabilities over ICS across the Bank.
• Support the development and maintenance of the Bank's ICS strategy to drive requirements and controls, and set priorities for resource investment.
• Monitor, assess and advise the business on acceptable risk tolerances based on policy and control environment and the evolving regulatory and threat landscape.
• Lead the development, refinement, measurement, tracking and reporting of ICS assurance metrics - ensuring business value is included, not only predefined assurance requirements.
• Provide regular updates of the ICS governance framework, including KPIs, KCIs, and metrics status for delivery to relevant Country, Business, Group, and Board committees.
• Perform formal and regular group-wide reviews of the adequacy and completeness of ICS governance framework implementation and adherence.
• Provide reports and recommendations demonstrating a professional and experienced opinion on the adequacy of people, process and technology security initiatives to achieve operational risk and service levels.
• Lead the monitoring and reporting of mitigation and remediation/closure actions to track progress against audit and other assessment findings.
• Monitor the evolution of regulatory requirements and make recommendations to adjust governance framework, policies, controls and/or compliance accordingly.
• Ensure the ICS governance framework recognizes and manages potential security risk conflicts, including for the digital business innovation strategy, in accordance with overall corporate risk appetite.
• Validate the accuracy of KRI's and KCI's and other risk ratings, as well as process designs, to meet policy requirements that are presented to the Group CISO and relevant risk committees.
• Ensure that Process Owners are escalating risk, control and process deficiencies appropriately in accordance with the relevant risk frameworks.
• Participate in and present at relevant risk committees and steering groups, as required.
• Build trusted working relationships with other security functional heads, risk and compliance counterparts, and business unit stakeholders.
• Identify, implement, and/or maintain appropriate risk management tool(s) to appropriately manage, track and monitor ICS risks across the enterprise.
• Recommend or contribute to the continuous improvement of the Control Framework Library to ensure it meets the Bank's objectives and maintains its relevance. Our Ideal Candidate
• Minimum 18 years of experience in a senior ICS governance, risk management, or audit role.
• Bachelor's Degree in Engineering, Computer Science, Information Technology, Cybersecurity, Business Management, or other related discipline.
• Graduate degree (Master's) and/or professional certifications have an advantage (e.g., CISA, CISSP, CISM, ITIL, PMP).
• Thorough understanding of IT security business processes, risks, threats and internal controls.
• Strong leadership, negotiation and collaboration skills, and ability to work effectively in a complex multicultural and multi-timezone organization.
• Strong analytical and program management skills.
• Experience in leading a geographically dispersed organization.
• Ability to collect and analyze data, establish facts and make recommendations in written and oral form.
• Ability to liaise with all parts of the Bank, including senior security, risk and business stakeholders.
• Excellent oral, written and communication skills.
Apply now to join the Bank for those with big career ambitions.