(ML)VP, TSRA Assessment & Reporting-2400005377

The Role Responsibilities

The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Technology, Operations and Transformation Officer, the Group CISO serves as the first line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework, Policy and Standard, and for instilling a culture of cyber security within the Bank.

The Group CISO is central to ensuring the Bank’s ability to meet its ICS commitment to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board, and that is supported by the ICS Risk & Control Function.

The VP, TSRA Assessment & Reporting will support the Threat Scenario-led Risk Assessment (TSRA) team. This includes handling the TSRA Assessment and Reporting methodologies; Designing and implementing and maintaining TSRA metrics and methodology based on ICS RTF framework. driving digitisation, automation, and innovation; collaborating with different stakeholders, ICS MT, Control Owners, Risk Managers, Cyber Functions and Board engagement, where needed.

This role reports directly to the Head of TSRA and is part of the TSRA Leadership Team.

Strategy

The VP, TSRA Assessment & Reporting is a global role that requires strong business acumen, good organisation, and leadership skills with ability to manage multi-disciplinary group, knowledge of Cyber Security, Risk Management, and process controls. The role requires a strategic mindset and strong execution driven skill to support the pan-bank roadmap for the Threat Scenario-led Risk Assessment with alignment to the ICS Risk Strategy. It is to provide SME risk and control advice and guidance, as well providing a feedback loop to Head, Risk Management Ops – Business, Markets and Functions and Head TSRA and to do the following

• Leverage Artificial Intelligence and Machine Learning to automate day to day processes, and management reporting,
• Laser focus on Customer centricity (including Client, Regulator and internal) to create long term value proposition for them,

Business

• The role will work closely with Group CISO, businesses and functions CISOs and ISROs within the bank to achieve the Group ICS strategy and objectives. The role will develop and support a pan-bank Cyber risk assessment based on TSRA and operate an TSRA operations function as part of Risk Management, by leveraging and driving digital solutions, including automation and data analytics, while eliminating manual attestations. The role will effectively identify, assess, and manage the ICS risk by helping in establishing robust treatment plans to achieve risk reduction.

Processes:

VP, TSRA Assessment & Reporting will:

• Own the TSRA Reporting process and support pan-bank ICS Risk Assessment,
• Improve and optimise the TSRA methodology by leveraging and driving digital solutions, including automation and data analytics, while eliminating manual processes,
• Build trusted working relationships with other security functional heads, CISOs, ISROs, CISRO, risk counterparts, business unit stakeholders, and Group Internal Audit and , where needed.
• Collaborate with the relevant assurance artefacts/data between the control owners, testing team, second line team etc for their review, challenge, and approval, as needed,
• Provide opportunities to build the right mindsets, nurture our talent and develop capabilities as we adopt the New Ways of Working (NWOW) through QPRs/MPRs and agile delivery approach,
• Regularly identify and implement opportunities for efficiency (via A3s) across processes, systems, and infrastructure,
• Ensure standardisation and best practice migration across regions, segments, and functions by working closely with the CISO,

People & Talent Management

• Working in close collaboration with CISO, risk and control partners across all functions to effectively embed a strong culture of risk awareness and good conduct,
• Improve client centricity through increased delivery velocity,
• Spread and sustain a continuous improvement and innovation culture,
• Support a culture of diversity and inclusion to bring the best out of our people,

Risk Management

• Work with other Risk and Governance teams to drive efficiency, effectiveness and reduce duplication,
• Work closely with senior stakeholders to drive an effective security risk management culture and compliance mindset,
• Mature the Bank’s ability to proactively identify and manage cyber threats through implementation of robust, integrated risk framework (the ICS RTF and Threat Scenario Risk Assessment (TSRA) Standard),
• Support establishing governance to enable “Secure & Resilient by Design” solutions, supporting the Group’s cloud first and digital transformation agenda.

Governance

• Provide timely and accurate reporting to appropriate committees (risk governance committees, QPR/MPR and associated Refinement Forums, where applicable)
• Support appropriate oversight and facilitate resolution of high impact risk and issues

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct. Including tracking and remediation of conduct issues
• Effectively and collaboratively support to identify, escalate, mitigate, and resolve risk, conduct and compliance matters.

Others

• In collaboration with Bank and ICS teams, define and maintain CISO, ICS and Cyber Security team communications strategy and implement plans to ensure engaging and impactful communications and delivery of key messages to respective internal audiences.
• Build and maintain easy to access information and support material for the organisation to leverage and self-service wherever feasible to enable efficiency.

Key Stakeholders

• Global Head of ICS Risk and Governance
• Head, ICS Risk Management Ops – Business, Markets and Functions
• Chief Information Security Officers (CISOs) across all businesses and functions
• Information Security Risk Officers across all businesses and functions
• COOs/CIOs of different businesses/functions
• ICS Risk and Control Leadership Team Members
• Group Internal Audit – Heads of Audit for TTO

Other Responsibilities

• Embed Here for good and Group’s brand and values in ICS R&G; Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures; Multiple functions (double hats)

Our Ideal Candidate

• Minimum 15 years of experience in Cyber Security, technology and ICS risk management, A proven track record of leading successful teams is priority.
• Strong a