Head, COE Operations

Job Description

The Role ResponsibilitiesStrategyThe Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank s data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function within the Group Chief Operating Officer (COO), Trust, Data & Resilience, the Group CISO serves as the first line of defence for operating ICS controls effectively and in accordance with the ICS Risk Framework and for practicing and promoting a culture of cyber security within the Bank. As such, the Group CISO is central to ensuring the Bank s ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the BoardThe main purpose will be to support the Head of COE Design under Centre of Excellence (COE) Third Party Security Risk (TPSR) function in ensuring Contract Owners and Contract Managers:

• Better understand the status of controls and risk for the Third Party
• Report Third Party status to HICS and NFRCs
• Enforce contractual obligations by the Third Party
• Increase the frequency of Third Party s engagement when the threat environment or status of the Third Party changes
• Utilize insight generated from continuous Monitoring capabilities

Business

• Support the implementation of Phase 1 (Third Party Privacy and Business Resilience) and Phase 2 (rest of the Third Party) for COE and expanding the Operations team to cover the additional phases.
• Create synergy and support to take on additional scope for Third Party Privacy and Business Resilience into the COE function.
• Create a centre point of contact for the stakeholders to ensure they understand their roles and responsibilities across the lifecycle of Third Party Security Assessment.
• Develop and improve the process for engagement of the third party security risk team by the business for all new third party entities across all markets, and for ongoing periodic review requirements.
• Build trusted working relationships with other security functional heads, risk and compliance counterparts, and business unit stakeholders.
• Ensure efficient and effective management of ICS risk for the business lines.
• Work closely with the other supply chain and vendor management functions within the bank (Global Sourcing, Legal, Compliance, etc.) and other risk functions (Cloud, privacy, resiliency, CSS) integrate third party data security risk processes relating to COE into the wider bank vendor management process.

Processes

• Run a process improvement program to review the existing COE service, recommend improvement plan and implement programs of work to improve service across the Bank.
• Ensure compliance to measurement, tracking and reporting third party security risk assurance metrics.
• Provide regular updates on the third party security risk program, including KPIs, KCIs, and metrics status for delivery to relevant operational, Group, and Board committees.
• Ensure the accuracy of KRI s and KCI s and other risk ratings, provide assistance to process designs in order to meet policy requirements.
• Lead the monitoring and reporting of mitigation and remediation actions to track progress against audit and other assessment findings.
• Lead the third party COE Operations team to facilitate the third party risk governance process.
• Ensure sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.
• Work with the relevant Operational Risk Officer to ensure effective management of operational risks within the TPSR field and compliance with applicable internal policies, and external laws and regulations.
• Work with the training team to develop any training and awareness initiatives relating to third party security risk.

People and Talent

• Lead through example and build the appropriate culture and values.
• Set appropriate tone and expectations from team and work in collaboration with internal and external partners.
• Ensure the provision of ongoing training and development of people, and ensure that holders of critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks.
• Train and retain high quality people, with succession planning for critical roles.
• Responsibility to review team structure/capacity plans.
• Uphold and reinforce the independence of the First line ICS Risk function.

Risk Management

• Ensure that this role is managed in accordance with the defined CISO views on policies and standards, and that issues are identified, escalated, and addressed as appropriate.
• Monitor, assess and advise business lines on acceptable risk tolerances based on policy and control environment and the evolving regulatory and threat landscape.
• Ensure team members effectively perform third party security risk assurance and ensure quality and timely execution.
• Manage the Centre of Excellence professionally and efficiently, closely tracking deliverables and commitments.

Governance

• Ensure robust governance over all activities, including maintaining audit trail, escalations and reporting.
• Ensure that Process Owners are escalating risk, control, and process deficiencies appropriately in accordance with the relevant risk frameworks.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Follow the Leadership of Global Head of TPSR to achieve the outcomes set out in the Bank s Conduct Principles: Fair Outcomes for Clients; Effective Operation of Financial Markets, Financial Crime Prevention; Creating the Right Environment.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders

• Global Head TPSR
• Group Supply Chain Management / Global Sourcing
• Business Unit stakeholders
• Group Compliance
• Group Legal

Our Ideal Candidate

• Bachelor s degree from an accredited college/university in an appropriate field
• 10 - 15 years of experience in operational knowledge in information security / IT Service Management, preferably with Big 4 and/or Banking & financial services experience
• Experience in third party audits or risk management is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement
• Familiarity with working in a multi-national company or cross-cultural setting
• Excellent written and interpersonal skills
• Strong time management skills
• Ability to draft reports that clearly communicate observations and risks would be required
• Strong stakeholder engagement skills, and ability to interact at all levels across an organisation
• Strong audit project organisation and management skills
• Ability to multitask and ensure that all key priorities are delivered as per agreed timelines
• Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and regulatory requirements will be a plus
• Competency with Microsoft Office Suite (Word, PowerPoint, Excel, Visio, SharePoint)
• Certifications (CISSP, CISA, CRISC, CCSP) will be a plus

,

Keyskills :
cyber securitysupply chainenvironmental impact assessmentit service managementrisk assurancesecurity riskdata securityaudit trailinternal auditsupply chain managementstatements of work sow