Risk and Governance Lead - Security Monitoring & Analytics
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
Security Technology Services (STS) is a critical function within Standard Chartered Bank operating under the overall purview of "Technology Services" .
The STS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products in order to maintain and continuously improve Bank's cyber security posture in today's ever evolving cyber security landscape.
The STS team protect the Bank from cyber security threats by delivering effective information security technology services, managing and responding to security incidents to ensure, and support the continuity and growth of Bank's business operations; and meet the both internal and external stakeholders' expectations across 70+ countries and territories, in which SCB operates.
This role is within the Security Monitoring and Analytics Service line and will be responsible for managing all risk, governance, and audit engagement for the service . The individual will work closely with the service lead and sub-service leads to proactively identify gaps in processes, adherence to policy and regulatory requirements, and audit findings. The individual will be responsible for developing relevant treatment plans and proactively manage and address risks identified for the service. This is a great opportunity for a risk manager that has security operations exposure and/or experience managing risk associated with an operations function. Responsibilities:
Competencies (knowledge & skills):
- Proactively anticipate and manage all audit, risk, and regulatory commitments related to the Security Monitoring and Analytics service line
- Perform regular reviews of existing processes, policies, and documentation to identify gaps in the service and develop treatment plans for remediation
- Proactive engagement with 2nd and 3rd line of defense to ensure the service governance, metrics, and identified risks are being managed appropriately
- Run monthly governance forums for the service to ensure it is operating as intended and any issues or risks are raised in a transparent manner and actions are being taken to remediate any gaps
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters
- Coordinate remediation of risk and control gaps via governance and engagement with 2nd and 3rd line of defense by providing and monitoring resolution actions (e.g. controls, issues, actions, key indicators)
- Develop risk assessment papers and treatment plans to address any risks identified through internal control reviews and/or audit/regulatory gaps
- Lead engagdement and proactively manage external/internal audit requests as well as issue closure and treatment plans
The ideal candidate has experience and strong domain knowledge/expertise audit, risk, and compliance. The candidate should proactively engage and manage risks and internal/external audit issues identified and develop appropriate treatment plan(s) to get them resolved.
- 7+ years experience in a risk and controls function, ideally in Finance & Banking segment
- Familiarity and experience with security operations and security monitoring functions
- Experience engaging and managing risk and assurance, governance, and audit and compliance across 2nd and 3rd line of defense
- Strong skills in developing and presenting engaging presentations around risk and compliance
- Experience with supporting audits for MAS and TRM guidelines and/or other regulatory authorities (e.g., HKMA, PRA)
- Relevant certification in CISA, CISM, CISSP, CIPP would be preferred
- Demonstrated experience in tracking and remediating regulatory compliance as well as audit issues
- Analytical and detailed oriented individual that takes a proactive approach to managing risk across the service
- Able to manage senior stakeholder expectations with a keen sense of what is realistic and achievable in a large complex environment
- Ability to work across service to incorporate and identify risks that could impact SMA service
- Proactive self-starter, takes ownership for issues and drives remediation with excellent problem analysis skills and solution synthesis
- Stays abreast of latest happenings in technology and relation to cyber security
Apply now to join the Bank for those with big career ambitions.