Head, Information Security Officer for Commercial, Corporate & Institutional Banking (CCIB)
- Recruiter
- Standard Chartered Bank
- Location
- Singapore, SG
- Salary
- Competitive
- Posted
- 21 Apr 2019
- Closes
- 21 Apr 2019
- Ref
- 1130432565
- Job role
- Accountant
- Sector
- Accounting - Public practice
- Contract type
- Permanent
- Hours
- Full time
The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, red teaming, third party security risk, industry partnerships, and regulatory engagement. In addition, a team of Information Security Officers (ISO) reports to the CISO and performs a pivotal role as an extension of the CISO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions. The Office of the CISO is central to ensuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.
Strategy
The Head, Information Security Officer for CCIB is a permanent role that requires strong business acumen and deep knowledge and experience in the ICS field. The successful candidate will have a strong understanding of operating in a second line capacity within an ICS or risk management organisation, and can respond flexibly and collaboratively to evolving business, regulatory and threat requirements.
The role reports directly to the Global Head, Information Security Officer for Client Services and will work closely with the office of the CISO to address ICS as a principal risk type for the Bank and support its integration into the Bank's overall Enterprise Risk Management strategy.
The role will provide oversight and challenge of ICS risk management and control effectiveness as a risk partner to CCIB Businesses as defined in the Bank's ICS Risk Type Framework.
This role can be based in either Singapore or Kuala Lumpur (Malaysia).
Business
The primary purpose of this position is to ensure that the management of ICS risk is operating effectively and efficiently and to provide assurance that ICS risk is appropriately managed within the CCIB business lines. The successful candidate will work closely with the Office of the CISO, the Security Technology Services, and the CCIB business CROs, COOs, CIOs and Operational Risk Officers, as well as other key stakeholders to drive requirements and help set priorities for ICS strategy and investment based on acceptable risk tolerance and taking into account the evolving threat and regulatory landscape, policies and standards, and technology infrastructure.
Key Role and Responsibilities
• Promote a healthy ICS risk culture and good conduct within the CCIB business.
• Establish strong relationships with identified stakeholders across the CCIB business and understand their strategic goals, in order to ensure ICS alignment.
• Articulate the value of ICS controls and their bottom line impact to client-facing business lines security and resiliency.
• Monitor, assess and advise CCIB businesses on acceptable risk tolerances based on policy and control environment and the evolving regulatory and threat landscape.
• Utilise appropriate risk management tool(s) to manage, track and monitor ICS risks across the CCIB business lines.
• Validate the accuracy of KRI's and KCI's and other risk ratings, as well as process designs, to meet policy requirements.
• Oversee and challenge 1st line ICS risk proposal and risk-taking activities for CCIB businesses
• Maintain relationships with key service and product owners within Security Technology Services to keep abreast of changes that may affect CCIB's risk landscape.
• Oversee and challenge to ensure CCIB projects with an ICS element are correctly managed via a formal secure development lifecycle.
• Set appropriate tone and expectations from the ISO CCIB team and work in collaboration with risk and control partners.
• Lead the ISO CCIB team to use the Risk Type Framework (RTF) (including supporting tools, processes and procedures) to ensure ICS-related risks in CCIB are flagged and treatment plans are in place.
• Identify root causes for common risks and work with Security Technology Services to ensure sustainable improvements are proposed and actioned.
• Ensure the team reports risks and risk summaries accurately to various stakeholders using available MI
• Support the Third-Party Security Assessment team during CCIB's 3rd party reviews.
Qualifications & Skills:
• Proven experience in an information security office, senior governance and policy, risk management, or audit role, preferably in the IT security field.
• Strong knowledge of security frameworks (COBIT, ISF, COSO), standards (ISO, NIST, CIS), information security principles and security architecture.
• Keen understanding of IT security business process risks, threats and internal controls
in the Banking and Financial services sector.
• Strong leadership, negotiation and collaboration skills, and ability to work effectively in a complex multicultural and multi-time zone organization.
• Ability to liaise with all parts of the Bank, including senior security, risk and business stakeholders
• Excellent written, oral communication and reporting skills.
• Ability to collect and analyse data, establish facts, and make recommendations in written and oral form
• Good knowledge of hardening guidelines for Operating Systems, Databases, Web Services and Network devices.
• Bachelor's Degree in Engineering, Computer Science, Information Technology, Cybersecurity, Business Management, or other related discipline.
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
Strategy
The Head, Information Security Officer for CCIB is a permanent role that requires strong business acumen and deep knowledge and experience in the ICS field. The successful candidate will have a strong understanding of operating in a second line capacity within an ICS or risk management organisation, and can respond flexibly and collaboratively to evolving business, regulatory and threat requirements.
The role reports directly to the Global Head, Information Security Officer for Client Services and will work closely with the office of the CISO to address ICS as a principal risk type for the Bank and support its integration into the Bank's overall Enterprise Risk Management strategy.
The role will provide oversight and challenge of ICS risk management and control effectiveness as a risk partner to CCIB Businesses as defined in the Bank's ICS Risk Type Framework.
This role can be based in either Singapore or Kuala Lumpur (Malaysia).
Business
The primary purpose of this position is to ensure that the management of ICS risk is operating effectively and efficiently and to provide assurance that ICS risk is appropriately managed within the CCIB business lines. The successful candidate will work closely with the Office of the CISO, the Security Technology Services, and the CCIB business CROs, COOs, CIOs and Operational Risk Officers, as well as other key stakeholders to drive requirements and help set priorities for ICS strategy and investment based on acceptable risk tolerance and taking into account the evolving threat and regulatory landscape, policies and standards, and technology infrastructure.
Key Role and Responsibilities
• Promote a healthy ICS risk culture and good conduct within the CCIB business.
• Establish strong relationships with identified stakeholders across the CCIB business and understand their strategic goals, in order to ensure ICS alignment.
• Articulate the value of ICS controls and their bottom line impact to client-facing business lines security and resiliency.
• Monitor, assess and advise CCIB businesses on acceptable risk tolerances based on policy and control environment and the evolving regulatory and threat landscape.
• Utilise appropriate risk management tool(s) to manage, track and monitor ICS risks across the CCIB business lines.
• Validate the accuracy of KRI's and KCI's and other risk ratings, as well as process designs, to meet policy requirements.
• Oversee and challenge 1st line ICS risk proposal and risk-taking activities for CCIB businesses
• Maintain relationships with key service and product owners within Security Technology Services to keep abreast of changes that may affect CCIB's risk landscape.
• Oversee and challenge to ensure CCIB projects with an ICS element are correctly managed via a formal secure development lifecycle.
• Set appropriate tone and expectations from the ISO CCIB team and work in collaboration with risk and control partners.
• Lead the ISO CCIB team to use the Risk Type Framework (RTF) (including supporting tools, processes and procedures) to ensure ICS-related risks in CCIB are flagged and treatment plans are in place.
• Identify root causes for common risks and work with Security Technology Services to ensure sustainable improvements are proposed and actioned.
• Ensure the team reports risks and risk summaries accurately to various stakeholders using available MI
• Support the Third-Party Security Assessment team during CCIB's 3rd party reviews.
Qualifications & Skills:
• Proven experience in an information security office, senior governance and policy, risk management, or audit role, preferably in the IT security field.
• Strong knowledge of security frameworks (COBIT, ISF, COSO), standards (ISO, NIST, CIS), information security principles and security architecture.
• Keen understanding of IT security business process risks, threats and internal controls
in the Banking and Financial services sector.
• Strong leadership, negotiation and collaboration skills, and ability to work effectively in a complex multicultural and multi-time zone organization.
• Ability to liaise with all parts of the Bank, including senior security, risk and business stakeholders
• Excellent written, oral communication and reporting skills.
• Ability to collect and analyse data, establish facts, and make recommendations in written and oral form
• Good knowledge of hardening guidelines for Operating Systems, Databases, Web Services and Network devices.
• Bachelor's Degree in Engineering, Computer Science, Information Technology, Cybersecurity, Business Management, or other related discipline.
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
Similar jobs
-
New
-
New
-
New
Similar jobs
-
New
-
New
-
New