Mgr, Ctrl, Process - Malaysia - Standard Chartered Bank Malaysia

    Standard Chartered Bank Malaysia
    Standard Chartered Bank Malaysia Malaysia

    3 days ago

    Default job background
    Full time Accounting / Finance
    Description

    Role Responsibilities

    Job Summary

    • Oversee all risk and control activities related to processes and assets within the ICS-IAM-Onboarding function.
    • Deliver risk focused, timely and re-performable deep dive reviews following ICS Control methodology.
    • Design and maintain internal processes that allow ICS to dynamically monitor risk and controls.
    • Maintain all ORTF based ICS controls and corresponding CSTs, KCIs and KRIs.
    • Support the delivery of the overall TTO Conduct Risk Management plan.
    • Provide timely and accurate risk & control MI to the respective risk forums.
    • Drive compliance with the Bank's risk framework and policies (e.g. ERMF, ORTF and ICS RTF).
    • Support the design, build, and implementation of effective processes and controls to effectively mitigate ICS risks.
    • Support the ICS Function to be 'First to Know' its risks & issues, and to deliver on its commitments.
    • Support stakeholders in defining remediation actions to address identified control weaknesses and issues.
    • Act as the key confidant to the ICS 'Process Owner(s)' responsible for developing, prioritizing and implementing controls
    • Maintain accurate and timely data within EORP and any other agreed repositories for risk & control data and issues.
    • Track issue remediation, check and challenge delivery status and escalate delays.
    • Validate that remediation activities completed by CSS address the risk in the issues (e.g. Audit issues and deep dive findings).

    Responsibilities

    Strategy

    • Significant transformation is underway within the Information & Cyber Security (ICS) function to rapidly improve the Group's Cyber Security, Identity Access Management and Threat Management control environment, along with digitisation and innovation.

    Business

    • This role is to perform risk and control activities for the ICS Service under Identity and Access Management (IAM) - Onboarding domain. This team will provide governance, oversight and assurance, as well as advocating and imparting lessons and good practice to shape the design and implementation of IAM minimum controls when onboarding systems onto the Centralised IAM Tools / Systems. In addition, determining whether these controls are operating effectively.

    Processes

    Support Onboarding Process owners in the execution of their accountabilities by:

    • Acting as the confidant to the ICS 'Process Owner(s)' responsible for developing, prioritizing and implementing controls.
    • Implementing the Risk & Controls Security Assessment (RCSA) to monitor the effectiveness of the controls and standards governing the end-to-end process.
    • Being accountable to the ICS 'Process Owner(s)', framework and policy owners and implementing the control requirements applicable to the process.
    • Escalating significant risks and issues to line manager

    Risk Management

    • Perform risk assessment and liaise with respective stakeholder to write elevated residual risk papers with treatment plan.
    • Support liaison with Group Internal Audit and any third party or regulatory inspections.
    • Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
    • Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.
    • Support Process owners in the execution of their accountabilities related to:
      • Identification and management of the end-to-end processes as defined by the Process Universe and associated risks for the activities carried out.
      • Implementing the RCSA to monitor the effectiveness of the controls and standards governing the end-to-end process.
      • Being accountable to the Group Process Universe Owner, framework and policy owners and implementing the control requirements applicable to the process.
      • Escalating significant risks and issues to the Process Universe Owners, relevant Risk Framework Owners or Policy Owners.
      • Perform review of the control self-assessment outcomes, monthly control testing results and adequacy of the related remediation actions.
    • Support activities related to control design, assessment, testing processes and drive continuous improvement in ICS RTF.
    • Execute deep dive reviews and consistent, efficient and meaningful CSTs / KCI tests for ICS processes.
    • Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction.
    • Manage and drive continuous improvement of the ICS control environment through proactive risk management (e.g. technical deep dive and issue validation).
    • Execute assessments against controls that underpin an organisation's Cyber/Information Security Management System primary for IAM Onboarding.
    • Provide good technical input and challenge on assignment to steer team member in producing high quality output which address the risk

    Governance

    • Provide timely and accurate reporting to appropriate committees.
    • Ensure appropriate oversight and facilitate resolution of high impact risk and issues.
    • Tracking and reporting of risk assessments (e.g. audits, risk assessments etc) and their outputs to ensure oversight and escalation mechanisms are in place to provide MI on obligations.
    • Work with the CSS Service Lines to identify emerging risks and ensure they are appropriately addressed and subjected to formal governance.
    • Support continuous improvement of the CSS internal risk profile reporting, issue management processes and supporting tools.

    Regulatory & Business Conduct

    • Display exemplary conduct and live by the Group's Values and Code of Conduct.
    • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
    • Lead the ICS Risk & Control Function team to achieve the outcomes set out in the Bank's Conduct Principles: The Right Environment.
    • Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

    Key stakeholders

    • Global Head Identity Access Management (IAM)
    • Service Heads, ICS - IAM, Onboarding
    • Information & Cyber Security MT
    • ICS Control Testing
    • Legal & Regulatory Management Centre of Excellence (CoE)
    • Group Operational Risk
    • Group CISRO
    • Group Internal Audit

    Other Responsibilities

    • Embed Here for good and Group's brand and values in ICS Risk & Control Function Team.
    • Perform other responsibilities assigned by the Head, ICS Risk and Controls, IAM

    Our Ideal Candidate

    Required:

    • Bachelor / Honours Degree in Information Technology, Computer Science, Cyber Security or other technology related qualifications
    • 10 years of experience in one of the following areas:
      • IT Support or
      • Cyber/IT security or
      • IT Technology audit or assurance which must include some element of experience in a 'first line' security or assurance team.
    • Fluency in English

    Preferred (but not essential):

    • Background in the information and cyber security domain within international financial services organisations.
    • Demonstrated ability to support a 'first line' function in responding to external/regulatory audits.
    • Professional Qualifications (i.e. CISSP, CCNA and CCNP).
    • Risk and control related certification in security domain (i.e. CISA, CRISC).
    • Risk & control, assurance or audit experience.
    • Ability to challenge the status quo.
    • Excellent organisation skills with ability to manage multiple deadlines and effectively prioritise workload.
    • Strong interpersonal skills to foster positive relationships with internal and external stakeholders.
    • Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers.
    • Ability to exercise good judgment and objectivity.
    • Demonstrates ability to work with limited direction and multi-task without loss of quality.
    • Confident and courageous to raise/escalate issues in a pro-active, professional and timely manner.

    Role Specific Competencies

    • Risk and Control Concept & Understanding
    • Identity and Access Management Key Processes
    • Data Analytics Skills
    • Control Testing Skills (DE / OE Testing)
    • Regulatory Environment - Financial Services
    • Security Concepts & Methodologies

    About Standard Chartered

    We're an international bank, nimble enough to act, big enough for impact. For more than 160 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can't wait to see the talents you can bring us.

    Our purpose, to , together with our brand promise, to be are achieved by how we each live our . When you work with us, you'll see how we value difference and advocate inclusion. Together we:

    • Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
    • Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
    • Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

    In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

    • Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations
    • Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum
    • Flexible working options based around home and office locations, with flexible working patterns
    • Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
    • A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning
    • Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

    Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.