Job Summary

This role could be based in India and Malaysia. When you start the application process you will be presented with a drop down menu showing all countries, Please ensure that you select a country where the role is based.
•    The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Technology, Operations and Transformation Officer, the Group CISO serves as the first line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework, Policy and Standard, and for instilling a culture of cyber security within the Bank.
•    The role will work closely with Country CISOs / ISRO / CISRO / ICS / TTO representatives within the bank to ensure the Banks ICS regulatory obligations are met on time. 
•    This includes supporting the PCI DSS, ICS Legal Regulatory Mandatory compliance and ISO assessments for all markets (wherever applicable)
 

Key Responsibilities

Business
•    The role will work closely with Country CISOs / ISRO / CISRO / ICS / TTO representatives within the bank to ensure the Banks ICS regulatory obligations are met on time. 
Processes:
The role will:
•    The role is responsible to complete regulatory compliance assessments and support all SCB regions in meeting critical and complex ICS regulatory obligations. 
•    Supporting PCI DSS certification/ recertification for various markets and businesses,
•    The role oversees all ICS regulatory compliance assessment activities (design and operating effectiveness), supports issue remediations and ensures these are performed to quality and submitted to regulators on time. 
•    The role requires technical ICS domain knowledge, SME skills in regulatory compliance assessments / audit / risk & control, and strong senior stakeholder management abilities (RCISO, CISO, ISRO, ICS/Technology/CIO Domains). 
•    Regularly identify and implement opportunities for efficiencies across processes, systems, and infrastructure.  
•    Support the PCI DSS attestation process from a project management perspective.
•    Track the milestones of the PCI DSS and ISO progress,
•    Oversee all the regular meetings (i.e., weekly, monthly) to provide update, seek help where needed,
•    Discuss with QSA, CISOs, 2LoD OTCR wherever needed,
•    Escalating wherever there is a potential risk to timelines,
•    Pro-actively track PCI DSS attestation and ensure communications are sent to all stakeholders well in advance.
•    Evaluating application / releases for compliance to eSDLC standards
•    Communicating feedback / improvement areas to stakeholders with ability to document findings in a detailed manner
•    Stakeholder management, publishing monthly/weekly status reports
•    Ensure ISMS Activities are performed in country by CISOs as per ISO Standards. Ex: Circulation of ISMS Policy to country users.
•    To conduct Preparatory Assessment in respective markets to validate all Clauses and Annex controls in ISO 27001:2022 standards.
 

Business
•    Maintain comprehensive and up-to-date documentation of the ISMS, including policies, procedures, and audit records.
•    Ensure necessary support to CISO during GIA Audit, to stay compliant with the internal process and to assist CISOs in gathering necessary evidence. Based on requirement, need to manage GIA Audit by submitting evidence as an exceptional requirement.
•    Ensure standby support to CISOs during External Audit. Need to join the External audit call based on requirement from CISO.

People & Talent Management
•    Working in close collaboration with CISO, PCI & ISO team risk and control partners across all functions to effectively embed a strong culture of risk awareness and good conduct,
•    Track and sustain a continuous improvement and innovation culture,
•    Support a culture of diversity and inclusion to bring the best out of our people,

Risk Management
•    Track the milestones of the PCI and ISO progress,
•    Work closely with AIC LRM cluster leads to drive an effective risk management culture and compliance mindset,
•    Mature the Bank’s ability to proactively identify and manage cyber threats through quality compliance assessments at a Design and Operating level 
•    Update and Maintain the ISMS Calendar for each market through monthly discussion with respective CISOs’

Governance
•    Track and follow up for timely and accurate completion of ICS regulatory compliance assessments and ensure all governance metrics are met
•    Support appropriate oversight and follow-up for resolution of high impact risk and issues

Regulatory & Business Conduct 
•    Display exemplary conduct and live by the Group’s Values and Code of Conduct. Including tracking and remediation of conduct issues 
•    Effectively and collaboratively support to identify, escalate, mitigate, and resolve risk, conduct and compliance matters.

Key Stakeholders
•    VP, RMO
•    AVP / VP, RMO
•    Regional and Country - Chief Information Security Officers (CISOs) and delegate
•    Information Security Risk Officers and delegate
•    ICS Service domains 
•    COOs/CIOs of different businesses/functions
•    Group Internal Audit 

Other Responsibilities
•    Embed Here for good and Group’s brand and values in ICS R&G; Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures; Multiple functions (double hats);

Qualifications

•    Minimum 8 years of experience in Cyber Security, technology and ICS risk management, A proven track record of leading successful teams is priority.
•    Excellent interpersonal skills to foster positive relationships with internal and external stakeholders.
•    Thorough understanding of ICS business processes, risks, threats, internal controls, and experience with regulators and multi-stakeholder organisations.
•    Ability to collect and analyse data and make recommendations in written and oral form.
•    Strong ability to liaise with all parts of the Bank, including senior security, risk and business stakeholders.
•    Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers. Fluency in English.
•    bachelor’s degree in information technology, Cybersecurity, Business Management, or other related discipline. Professional certifications have an advantage (e.g., CISA, CISSP, CISM etc).

•     Have Test Management background and hands on experience in testing / test management
•    Software Delivery Lifecycle or process governance experience

Skills and Experience

•    Business Process Design
•    Process Management
•    Risk Management  
•    Regulatory Environment – Financial Services
•    Program Management

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.