Associate Director, ICS Risk

The role is to lead risk and control for selected service lines within Information Cyber Security (ICS) – Cyber Security Operations (CyOPS) department. This Department is composed of Security Monitoring and Analytics, Cyber Defence Center, Endpoint Response Platforms, Data Leakage Protection, Insider Threat, Fusion.
This team provides governance, oversight and assurance, as well as advocating and imparting lessons and good practice to shape the design and implementation of cyber security controls. In addition, determining whether these controls are operating effectively. The person in this role will ensure all risk activities for supported services are completed on time with good quality leading team efforts. This includes risk identification, tracking of remediation as well as risk reporting. The role requires strong stakeholder management and communication skills, self-management, feeling of ownership and responsibility for assigned tasks and ability to tackle obstacles.

Key responsibilities include:

1. Oversee all risk and control activities related to all people, processes and assets within the ICS function.
2. Lead a team of risk and ICS SMEs to drive complex controls transformation agenda.
3. Deliver risk focused, timely and re-performable deep dive reviews.
4. Design and maintain internal processes that allow ICS to dynamically monitor risk and controls including maintenance of controls and corresponding metrics.
5. Provide timely and accurate risk & control MI to the respective risk forums.
6. Drive compliance with the Bank's risk framework and policies.
7. Support the design, build, and implementation of effective processes and controls to effectively mitigate ICS risks.
8. Support stakeholders in defining remediation actions to address identified control weaknesses and issues.
9. Act as the key confidant to Process Owners responsible for developing, prioritizing and implementing controls.
10. Track issue remediation, check and challenge delivery status and escalate delays as well as validate that remediation activities are completed.

Strategy

• Build effective relationships with leaders to facilitate:
o Growing trust with clients and regulators by supporting the ICS Function to be 'First to Know' its risks & issues, and to deliver on its commitments; and
o The provision of timely, expert advice and assurance;
o Partnerships with other functions to provide professional advice and assurance;

• Work closely with the ICS key strategic initiatives to provide delivery assurance and assessments of key deliverables.

People & Talent

• Provide strong leadership, management and coaching over colleague(s).

• Provide proactive self-orienting and self-motivating leadership, and work with limited direction.

• Lead through example and build the appropriate culture and values. Set appropriate tone and expectations, and work in collaboration with risk and control partners.

Risk Management

• Support liaison with Group Internal Audit and any third party or regulatory inspections.

• Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.

• Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.

• Support Process owners in the execution of their accountabilities related to:
o Identification and management of the end to end processes as defined by the Process Universe and associated risks for the activities carried out.
o Implementing the RCSA to monitor the effectiveness of the controls and standards governing the end to end process.
o Being accountable to the Group Process Universe Owner, framework and policy owners and implementing the control requirements applicable to the process.
o Escalating significant risks and issues to the Process Universe Owners, relevant Risk Framework Owners or Policy Owners.

• Perform review of the control self-assessment outcomes, monthly control testing results and adequacy of the related remediation actions.

• Provide thought leadership on control design, assessment, testing processes and drive continuous improvements.

• Execute deep dive reviews.

• Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction.

• Manage and drive continuous improvement of the ICS control environment through proactive risk management (e.g. technical deep dive and issue validation).

• Lead and execute assessments against controls.

• Provide good technical input and challenge on assignment to steer team member in producing high quality output which address the risk.

Governance

• Provide timely and accurate reporting to appropriate committees.

• Ensure appropriate oversight and facilitate resolution of high impact risk and issues.

• Tracking and reporting of risk assessments.

• Work with the ICS Service Lines to identify emerging risks and ensure they are appropriately addressed and subjected to formal governance.

• Manage and drive continuous improvement of the ICS internal risk profile reporting, issue management processes and supporting tools.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group's Values and Code of Conduct.

• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.

• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key stakeholders

• Global Head, Cyber Security Operations

• Service Heads of Cyber Security Operations Services

• ICS MT

• Group Operational, Technology and Cyber Risk (OTCR)

• Group Internal Audit

• Internal Control Testing

• Information Cyber Security
• Cybersecurity Risk Management

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do.
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well.
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term.

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits.
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.