Job Summary

This role could be based in India and Malaysia. When you start the application process you will be presented with a drop down menu showing all countries, Please ensure that you select a country where the role is based.

Significant transformation is underway within the Operations function to rapidly improve the Cyber, Data, Privacy and Automation control environment, along with digitization and innovation. A new function, T&O (Technology & Operations), has been formed by pulling together Cyber Security Services, TPSR, ICS Operations, Data Management & Privacy, Automation and Resilience into one function to:
•    Grow trust with clients and regulators
•    Best practice cyber security solutions; protection of data and privacy; improve resilience; reduce risk
•    Leverage analytics and insights to enable data monetisation
•    Real time analytics; process automation; customer insights; eco-system partnerships; disruptive business practices
•    Be an enabler to journeys
•    Steer the Bank using trust, innovation and data; supply real time information for actionable measures

•     To help grow trust with clients and regulators and maximize risk reduction, a Senior Manager of ICS Technical Controls Testing role has been created to execute the testing of key ICS controls across the bank’s critical IT systems and infrastructure.

•     This new team will provide planning, execution, reporting, governance, as well as advocating and imparting lessons and good practice to shape the design and implementation of ICS key controls testing across all of the bank’s critical IT systems. In addition, determining whether these key controls are operating effectively via an evidence-based testing process.

Key Responsibilities

•    Identify, Analyse ,determine in preparing (Cyber Security) controls for periodic Control Testing plan and for execution
•    Oversee the execution of technical (Cyber Security) control testing framework/methodology for the bank’s critical IT systems and infrastructure as per the periodic testing plan
•    Coordinate with various departments and stakeholders to gather necessary information and ensure their availability and confirmation for periodic Control testing Plans.
•    Support in preparation of annual and sprint/quarter plans for ICS controls testing 
•    Support the provision of timely and accurate control testing reporting to the respective risk forums across business and functions.
•    Support in leading the periodic ICS Controls testing update meetings 
•    Experience in testing cloud controls on platforms such as AWS and Azure.
•    Good knowledge of various cyber security domains such as, IAM, Network Security, Vulnerability management, logging and monitoring controls, Information Protection, Configuration management, etc.
•    Promote compliance with the Bank’s risk framework and policies (e.g. UKACGR, SWIFT ERMF, ORTF, MCAP Cloud and ICS RTF)
•    Track issue remediation, check and challenge delivery status and escalate delays.
•    Experience in Project Management is added preference

Strategy
•    Maintain effective relationships with stakeholders to facilitate:
•    Effective ICS key controls testing;
•    The provision of timely, expert advice and assurance; and
•    Partnerships with other functions to provide professional advice and assurance;

Processes
•    Support the continuous improvement of risk and control processes, aligning to and avoiding duplication with other assurance functions.

People & Talent 
•    Provide proactive self-orienting and self-motivating leadership, and work with limited direction
•    Lead through example and build the appropriate culture and values. Set appropriate tone and expectations, and work in collaboration with risk and control partners.
•    Cultivate the right mix of SME and risk & control skills.
 
Risk Management
•    Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
•    Work with other control assurance teams to drive efficiency, effectiveness and reduce duplication.
•    Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction.
•    Manage and drive continuous improvement of the ICS technical control environment through proactive risk management.

Governance 
•    Tracking and reporting of risk assessments (e.g. audits, risk assessments etc) and their outputs to ensure oversight and escalation mechanisms are in place to provide MI on obligations.
•    Work with the Application/Service Owners of critical IT systems to identify emerging ICS risks and ensure they are appropriately addressed by relevant technical controls.

Regulatory & Business Conduct 
•    Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
•    Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
•    Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
•    Provide timely and accurate risk & control information to support regulatory meetings and RFIs.

Key stakeholders
•    Head of ICS Technical Controls Testing 
•    Global Head, Technology Assurance
•    Group Operational Risk
•    Group CISRO/ OTCR
•    Group Internal Audit

Qualifications

•    Tertiary qualifications in Computer Science or other relevant areas.
•    7 - 9 years in IT/Cyber Audit and/or Cyber Risk Management.
•    Experience in testing cloud control environment (AWS and Azure)
•    Professional qualifications such as CISA / CRISC / CISM / CISSP/ Cloud Certification will be advantageous.
•    Technical knowledge on security controls best practices across different platforms, systems and security tools
•    Good understanding of security processes, risks and controls, audit and testing methodologies

Skills and Experience

•    Business Process Design
•    Process Management
•    Regulatory Environment – Financial Services
•    Risk Management (Technology and Cyber) 
•    Cloud Risk
•    Controls Testing

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.