VP, TSRA Assessment - Bengaluru, India - Standard Chartered Bank

    Standard Chartered Bank
    Standard Chartered Bank Bengaluru, India

    2 weeks ago

    Standard Chartered Bank background
    Description
    Role Responsibilities


    The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise.

    As a critical function reporting into the Group Chief Technology, Operations and Transformation Officer, the Group CISO serves as the first line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework, Policy and Standard, and for instilling a culture of cyber security within the Bank.

    The Group CISO is central to ensuring the Bank's ability to meet its ICS commitment to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board, and that is supported by the ICS Risk & Control Function.

    The VP, TSRA Assessment & Reporting will support the Threat Scenario-led Risk Assessment (TSRA) team.

    This includes handling the TSRA Assessment and Reporting methodologies; Designing and implementing and maintaining TSRA metrics and methodology based on ICS RTF framework.

    driving digitisation, automation, and innovation; collaborating with different stakeholders, ICS MT, Control Owners, Risk Managers, Cyber Functions and Board engagement, where needed.

    This role reports directly to the Head of TSRA and is part of the TSRA Leadership Team.

    StrategyThe VP, TSRA Assessment & Reporting is a global role that requires strong business acumen, good organisation, and leadership skills with ability to manage multi-disciplinary group, knowledge of Cyber Security, Risk Management, and process controls.

    The role requires a strategic mindset and strong execution driven skill to support the pan-bank roadmap for the Threat Scenario-led Risk Assessment with alignment to the ICS Risk Strategy.

    It is to provide SME risk and control advice and guidance, as well providing a feedback loop to Head, Risk Management Ops – Business, Markets and Functions and Head TSRA and to do the followingLeverage Artificial Intelligence and Machine Learning to automate day to day processes, and management reporting,Laser focus on Customer centricity (including Client, Regulator and internal) to create long term value proposition for them,BusinessThe role will work closely with Group CISO, businesses and functions CISOs and ISROs within the bank to achieve the Group ICS strategy and objectives.

    The role will develop and support a pan-bank Cyber risk assessment based on TSRA and operate an TSRA operations function as part of Risk Management, by leveraging and driving digital solutions, including automation and data analytics, while eliminating manual attestations.

    The role will effectively identify, assess, and manage the ICS risk by helping in establishing robust treatment plans to achieve risk reduction.


    Processes:


    VP, TSRA Assessment & Reporting will:Own the TSRA Reporting process and support pan-bank ICS Risk Assessment,Improve and optimise the TSRA methodology by leveraging and driving digital solutions, including automation and data analytics, while eliminating manual processes,Build trusted working relationships with other security functional heads, CISOs, ISROs, CISRO, risk counterparts, business unit stakeholders, and Group Internal Audit and , where needed.

    Collaborate with the relevant assurance artefacts/data between the control owners, testing team, second line team etc for their review, challenge, and approval, as needed,Provide opportunities to build the right mindsets, nurture our talent and develop capabilities as we adopt the New Ways of Working (NWOW) through QPRs/MPRs and agile delivery approach,Regularly identify and implement opportunities for efficiency (via A3s) across processes, systems, and infrastructure,Ensure standardisation and best practice migration across regions, segments, and functions by working closely with the CISO,People & Talent ManagementWorking in close collaboration with CISO, risk and control partners across all functions to effectively embed a strong culture of risk awareness and good conduct,Improve client centricity through increased delivery velocity,Spread and sustain a continuous improvement and innovation culture,Support a culture of diversity and inclusion to bring the best out of our people,Risk ManagementWork with other Risk and Governance teams to drive efficiency, effectiveness and reduce duplication,Work closely with senior stakeholders to drive an effective security risk management culture and compliance mindset,Mature the Bank's ability to proactively identify and manage cyber threats through implementation of robust, integrated risk framework (the ICS RTF and Threat Scenario Risk Assessment (TSRA) Standard),Support establishing governance to enable "Secure & Resilient by Design" solutions, supporting the Group's cloud first and digital transformation agenda.

    GovernanceProvide timely and accurate reporting to appropriate committees (risk governance committees, QPR/MPR and associated Refinement Forums, where applicable)Support appropriate oversight and facilitate resolution of high impact risk and issuesRegulatory & Business ConductDisplay exemplary conduct and live by the Group's Values and Code of Conduct.

    Including tracking and remediation of conduct issuesEffectively and collaboratively support to identify, escalate, mitigate, and resolve risk, conduct and compliance matters.

    OthersIn collaboration with Bank and ICS teams, define and maintain CISO, ICS and Cyber Security team communications strategy and implement plans to ensure engaging and impactful communications and delivery of key messages to respective internal audiences.

    Build and maintain easy to access information and support material for the organisation to leverage and self-service wherever feasible to enable efficiency.

    Key StakeholdersGlobal Head of ICS Risk and GovernanceHead, ICS Risk Management Ops – Business, Markets and FunctionsChief Information Security Officers (CISOs) across all businesses and functionsInformation Security Risk Officers across all businesses and functionsCOOs/CIOs of different businesses/functionsICS Risk and Control Leadership Team MembersGroup Internal Audit – Heads of Audit for TTOOther ResponsibilitiesEmbed Here for good and Group's brand and values in ICS R&G; Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures; Multiple functions (double hats)Our Ideal CandidateMinimum 15 years of experience in Cyber Security, technology and ICS risk management, A proven track record of leading successful teams is priority.

    Strong analytical and program management skills.

    Ability to assess strategic priorities and to focus on detailed aspects of a program in order to drive effective delivery.

    Strong leadership, negotiation and collaboration skills, and ability to work effectively in a complex multicultural and multi-time zone organization.

    Knowledge of the businesses, markets and operations of Standard Chartered Bank and relevant policies, procedures, and processes have an added advantage.

    Excellent interpersonal skills to foster positive relationships with internal and external stakeholders.
    Thorough understanding of ICS business processes, risks, threats, internal controls, and experience with regulators and multi-stakeholder organisations.
    Ability to collect and analyse data and make recommendations in written and oral form.
    Strong ability to liaise with all parts of the Bank, including senior security, risk and business stakeholders.

    Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers.

    Fluency in English.
    Bachelor's Degree in Information Technology, Cybersecurity, Business Management, or other related discipline. Professional certifications have an advantage (, CISA, CISSP, CISM, ITIL, PMP, CSM, CPO).Role Specific Technical CompetenciesBusiness Process DesignProcess ManagementRisk ManagementRegulatory Environment – Financial ServicesProgram Management