Associate Director, Data Protection Risk & Control

Job Description

• Cyber Security Services (CSS) is a critical function within Standard Chartered Bank operating under the overall purview of COO .
• The CSS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products in order to maintain and continuously improve Bank s cyber security posture in today s ever evolving cyber security landscape.
• The CSS team protect the Bank from cyber security threats by delivering effective information security services, managing and responding to security incidents to ensure, and support the continuity and growth of Bank s business operations; and meet the both internal and external stakeholders expectations across 70+ countries and territories, in which SCB operates.
• As part of the Security Transformation activities within SCB, a governance and service function within Access Management and Data Protection is getting strengthened to cover the assurance function globally from access and data protection perspective. This requires a highly skilled and experienced audit, risk and control profession to build the governance model and capability improve Bank s access management risk posture in order protect the Bank from complex cyber threats.
• Associate Director, Data Protection Risk & Control Management sits within the Access Management Risk and Control team and is responsible for and has to execute oversight over Risk Management frameworks, proactive risk and control assessments, as well as internal audit management across Cyber Security Services.
• This role is key and responsible for continuing improvements of the DP control environment via proactive risk assessments and structured risk & control management.
• This role aims to support a constant state of an established control environment, identification of key risks, drive/oversee cross- Access Management risk remediation, audit readiness and continuous improvement across process and risk management.
• The person is also expected to drive control adequacy reviews to self identify operational risks through forward planning of operational reviews, reporting on progress of reviews, analyzing performance and delivery of teams, and maintaining appropriate internal controls. This role will manage and engage stakeholders effectively from regulatory, external and internal audit. Support audit activities and ensure that CSS are meeting their audit and regulatory obligations.

RESPONSIBILITIES: Risk Management:

• Define and maintain approach for domain-internal risk assessments as well as process risk assessments
• Scope and plan thematic risk / control reviews of Data Protection processes (COBIT)
• Govern domain-internal risk assessments. Ensure coverage of key topics and upcoming Internal Audit themes
• Provide guidance on scope and plan risk / control reviews of significant new projects
• Execution of risk / control reviews for DP domains
• Monitor material actions and risks arising from the reviews and ensure they are recorded with treatment plans to drive remediation
• Document all materials risks in risk papers and obtain approvals from risk authorities
• Engage 2LoD for all risk reviews and closure of risk treatment plans
• Provide support and guidance on control design. Review proposed addition of or change in controls and related KRI / KCI metrics.

Internal Audit Management:

• Ensure Access Management adhere to audit process and fully ensure factual accuracy of audit findings and reports
• Review adequacy of management response to audit findings
• Review progress and timely closure of audit findings
• Share thematic risk & audit findings across TS for cross-remediation / review
• As and when required drive cross-CSS remediation / SWAT exercises

Framework:

• Define and maintain Data Protection internal framework / guidelines for risk & control (Overall, assessments, audit management, etc.)
• Define and maintain approach for domain-internal risk assessments as well as process risk assessments
• Drive establishment and maintenance of golden sources for all risk topics

Attestations:

• Support and lead swift attestations for Data Protection domain

KEY STAKEHOLDERS:

• Data Protection Service Head(s)
• CISRO / GOR
• COO TDR Risk and control Teams
• GIA
• Country, External, Regulatory Auditors
• ICS COE team

COMPETENCIES (KNOWLEDGE & SKILLS):

• Minimum 10 years experience in Banking, Information Security with focus on Data Protection
• Minimum 8 years experience as Risk and Controls Expert
• Excellent written and oral and presentation and communication skills
• Experience in writing assurance reports is an added advantage
• Knowledge around industry standard security control frameworks
• Strong sense of personal ownership and responsibility in accomplishing the organisation s goal. Exudes confidence and will roll-up his/her sleeves to drive success
• Able to get things done in a quick-paced environment. Be transparent and open around what doesn t work and what does
• Good understanding of regulatory compliance, information and cyber security risk and controls
• Ability to collect and analyse data, establish facts and make recommendations in written and oral form
• Strong Technical skills and good understanding in access management across platforms/Applications and Data Protection
• Strong interpersonal and team skills.
• Bachelor s Degree in computer science/Information Technology, Engineering, Finance or its equivalent
• CISSP / CISA / CISM /COBIT trained or certified will be a definite advantage
• Good working knowledge of software application: Outlook (advance), Word (advance), PowerPoint (advance), Excel (advance)

,

Keyskills :
financeadvisorycompliancereportingcustomer relationsrisk reviewssecurity riskinternal auditcyber securityrisk managementtechnical skillsaudit management