Snr. Mgr. ISRO Asia and Functions - Malaysia, Kuala Lumpur - Standard Chartered Bank Malaysia

    Standard Chartered Bank Malaysia
    Standard Chartered Bank Malaysia Malaysia, Kuala Lumpur

    3 days ago

    Default job background
    Full time Accounting / Finance
    Description

    Role Responsibilities

    The Group Chief Information Security Risk Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing Information and Cyber Security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Group CISRO team serves as the second line of defence for assuring ICS controls are implemented effectively, in accordance with the ICS Risk Framework, and for instilling a culture of cyber security within the Bank. Group CISRO is responsible for the development of ICS framework, which includes all aspects of end-to-end risk identification, assessment, management and mitigation to stay with approved risk appetite thresholds ICS policy, assurance and red team activities, cyber resilience and stress testing, third party security risk, industry partnerships, and regulatory engagement. The team of Information Security Risk Officers (ISRO) have delegated authority for risk approval from the Group CISRO and support the implementation of the ICS risk management strategy, providing oversight, governance, and advisory across the Group's Business, Regions, and Functions. Group CISRO is central to ensuring the Bank is able to meet its ICS commitments to internal and external stakeholders, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board

    Group CISRO is proud to have a diverse workforce with a global presence in over 10 countries. More than a third of our global workforce are women and almost half represent our senior leadership roles. We also have a great ethic and generational balance in our teams and are committed to promote a workplace environment that is consciously inclusive, respects and celebrates the variety of opinions and diverse views, and where every voice is heard and acknowledged. We embrace our differences and know that our diverse and inclusive approach is a strength that drivers our success. We want all applicants to feel able to perform at their best throughout the hiring process and we'll support you with any reasonable adjustments you need. No matter who you are, where you come from, you are welcome to CISRO.

    #breakthebias - Check out the features from the females on our leadership team: and

    The Information Security Risk Officer (ISRO), Asia and Functions is a permanent role based in Malaysia that requires strong business acumen and deep knowledge and experience in the ICS and risk management, along with the ability to liaise directly with Stakeholders at the most senior level in the organization and represent the Bank directly with the lead Regulators in the country. The role will act in the capacity of Risk Framework Owner for Malaysia, Brunei, Indonesia, Philippines, Australia and designated Group Functions to provide oversight and challenge of ICS risk management and control effectiveness and as a risk partner to Senior leadership as defined in the Bank's ICS Risk Type Framework.

    The role has the responsibility to be value-added risk partners by:

    • Providing risk stewardship and ensure efficient and effective management of ICS risk, aligning to risk appetite and strategic goals
    • Displaying a core working knowledge of Information and Cyber Security topics to include the ICS Threat landscape, NIST & Cyber Kill Chain, Cyber Value at Risk, and Emerging technology.
    • Partnering with stakeholders to provide guidance, expertise and oversight of the ICS risk which include communicating through complex topics and challenging constructively.
    • Providing strategic thinking and thought leadership by connecting the dots between Country and Group and providing opinions in key focus areas
    • Becoming threat-led focused and prioritizing high value activities and providing pragmatic and proportionate risk guidance

    Responsibilities

    Strategy

    The successful candidate will have an excellent and demonstrable understanding of operating in a second line capacity within an ICS Risk management organisation and be able to respond flexibly and collaboratively to evolving business, regulatory and threat requirements. The role will focus on strategic thinking and connecting the dots, providing a threat led view which include prioritizing high value activities and embodying pragmatic and proportionate risk guidance. This role reports directly to the Head, ISRO Functions and Asia. The ISRO of Asia and Functions will work closely with the Group CISRO, CISO, CRO, Business Heads, and directly with the lead Regulator to address ICS as a principal risk type for the Bank and support its integration into the Bank's overall Enterprise Risk Management strategy.

    Business

    The primary purpose of this position is to ensure that the management of ICS risk is operating effectively and efficiently and to provide oversight that ICS risk is appropriately managed within Malaysia, Brunei, Indonesia, Philippines, Australia and designated Group Functions. The role will support the Group CISRO in their role as the Bank's executive accountable for ICS risk, along with CROs. The successful candidate will work with the Chief Information Security Processes

    The major functional activities that the role will lead and manage are:

    • Delegation of Authority from the Group CISRO for second line ICS risk management engagement in Malaysia, Brunei, Indonesia, Philippines, Australia and designated Group Functions.
    • Taking full Delegation of Authority (DoA) responsibilities for Group CISRO, provide risk stewardship and ensure efficient and effective management of ICS risk, aligned strategic goal and priorities
    • Oversee and challenge 1st line ICS risk assessment and risk-taking activities.
    • Advise on acceptable risk tolerances based on policy and control environment and the evolving regulatory and threat landscape.
    • Monitoring of ICS risks and associated remediation plans using the CISRO Governance Risk Type Framework.
    • Assuring the 1st lines implement appropriate controls to address risks and to comply with applicable laws and regulations and policies defined by the CISRO Policy team and escalate significant regulatory non-compliance matters and developments to CROs and Group CISRO.

    People & Talent

    • Strong analytical skills and ability to priorities, make decisions, and work to tight timeframes.
    • Ability to articulate residual risk with specific ability to communicate complex technology and process risk clearly to non-technical stakeholders.
    • Strong communication skills - oral, written and presentation.
    • Proven ability to lead highly complex activities through influence and credibility rather than command and control.
    • Strong interpersonal and stakeholder management and influencing skills, across various levels in the organization including senior leadership teams,
    • Must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision.
    • Strong integrity, independent and resilience.
    • Sound knowledge of MS-Excel, PPT, and Word.
    • Lead through example and help to create appropriate culture and values
    • Work in collaboration with risk and control partner and act as their trusted advisor.
    • Uphold and reinforce independence of second line ICS Risk function.

    Risk Management

    • Deliver the defined aspects of the ISRO role to support the Group's ICS risk management approach and objectives.
    • Ensure that the ISRO role is managed in accordance with the defined CISRO Governance Risk Type Framework and associated Policy and Standards in line with country governance framework and practices and issues are identified, escalated, and addressed as appropriate.
    • Closely track deliverables and commitments, raising concerns at the appropriate Governance forums
    • Support the business in their identification of ICS Risk and provide risk stewardship to advise on appropriate Risk Management activities.
    • Fulfill all responsibilities as the ICS second line Risk Framework Owner for Brunei, Indonesia, Philippines, Australia and designated Group Functions.

    Governance

    • Establish strong ties into the relevant leadership, governance, risk and control committees to ensure adequate monitoring and governance of ICS risk.
    • Attend the Risk Committees and Forum as a Permanent Invitee (or Member) as required, to ensure the responsibilities of the risk committees are appropriate fulfilled.
    • the Governance forums to challenge constructively and effectively the first line in their responsibilities of ICS Risk Management.
    • .Drive integration of ICS Risk Type Framework into respective countries.

    Regulatory & Business Conduct

    • Display exemplary conduct and live by the .
    • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
    • Lead the Asia and designated function, CISRO team to achieve the outcomes set out in the Bank's Conduct Principles: [Fair Outcomes for Clients Effective Financial Markets Financial Crime Compliance The Right Environment.] .
    • Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

    Key stakeholders

    • CEO
    • CRO
    • CIO / CTO
    • CISRO
    • CISO
    • Compliance Officer
    • Business Heads
    • Group Internal Audit
    • Banking Regulators

    Qualifications

    Training, licenses, memberships and certifications

    • Proven experience as an information security risk officer, governance, policy, risk management, or audit role, preferably in the IT security field.
    • Strong knowledge of security frameworks (COBIT, ISF, COSO), standards (ISO, NIST, CIS), Cyber Attack Surface, Cyber Kill Chain, and information security principles and security architecture.
    • Strong technical knowledge on risks associated with Cloud and emerging technologies.
    • Keen understanding of IT security business process risks, threats, and internal controls in the Banking and Financial services sector.
    • Strong leadership, negotiation and collaboration skills, and ability to work effectively in a complex multicultural and multi-time zone organization.
    • Ability to liaise with all parts of the Bank, including senior security, risk, and business stakeholders.
    • Excellent written, oral communication and reporting skills.
    • Ability to collect and analyse data, establish facts, and make recommendations in written and oral form.
    • Good knowledge of Information Cyber Security controls, including identity and access management, network security, information protection, secure logging and monitoring, security incident management, security awareness, secure configuration, system lifecycle security, and third security party management.
    • Bachelor's Degree in Engineering, Computer Science, Information Technology, Cybersecurity, Business Management, or other related discipline

    Our Ideal Candidate

    • Cyber Risk Management
    • Analytical Thinking
    • IT Standards, Procedures & Policies
    • Oral communications
    • Written Communications
    • Emerging Technologies

    About Standard Chartered

    We're an international bank, nimble enough to act, big enough for impact. For more than 160 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can't wait to see the talents you can bring us.

    Our purpose, to , together with our brand promise, to be are achieved by how we each live our . When you work with us, you'll see how we value difference and advocate inclusion. Together we:

    Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do

    Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well

    Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

    In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

    Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations

    Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum

    Flexible working options based around home and office locations, with flexible working patterns

    Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits

    A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning

    Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

    Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.