Head of ICS Contract Support

Job Description

About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.To us, good performance is about much more than turning a profit. Its about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.Were committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank s data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function within the Group Chief Operating Officer (COO), Trust, Data & Resilience, the Group CISO serves as the first line of defence for operating ICS controls effectively and in accordance with the ICS Risk Framework and for practicing and promoting a culture of cyber security within the Bank. As such, the Group CISO is central to ensuring the Bank s ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.The Role Responsibilities:The main purpose will be to support the Head of COE Design under Centre of Excellence (COE) Third Party Security Risk (TPSR) function in ensuring Contract Owners and Contract Managers:

• Ensure Third Party contracts are compliant to cyber security policy and standards
• Better understand the status of controls and risk for the Third Party
• Report Third Party status to HICS and NFRCs
• Enforce contractual obligations by the Third Party
• Increase the frequency of Third Party s engagement when the threat environment or status of the Third-Party
• Support the implementation of Phase 1 (Third Party Privacy and Business Resilience) and Phase 2 (rest of the Third Party) for COE and expanding the Operations team to cover the additional phases.
• Create synergy and support to take on additional scope for Third Party Privacy and Business Resilience into the COE function.
• Review third party contracts to ensure that they are compliant to cyber security policy and standards, regulators requirements and work with legal to make necessary amendment where required
• Manage the BAU contract process from an ICS perspective, providing support to the stakeholders, ensuring controls are maintained and deliver accurate reporting
• Engage globally with internal stakeholders to ensure that the contracts are created/amended in a timely manner to meet programme and regulatory timelines.
• Effectively communicate the Pre-contract / Post contract security risks to internal and external stakeholders globally
• Support centre point of contact for the stakeholders to ensure they understand their roles and responsibilities across the lifecycle of Third Party Security Assessment.
• Ensure robust governance over all contract activities, including maintaining audit trail, escalations and reporting.
• Develop and improve the process for engagement of the third party security risk team by the business for all new third party entities across all markets, and for ongoing periodic review requirements.
• Build trusted working relationships with other security functional heads, risk and compliance counterparts, and business unit stakeholders.
• Work closely with the other supply chain and vendor management functions within the bank (Global Sourcing, Legal, Compliance, etc.) and other risk functions (Cloud, privacy, resiliency, CSS) integrate third party data security risk processes relating to COE into the wider bank vendor management process.
• Run a process improvement program to review the existing COE service, recommend improvement plan and implement programs of work to improve service across the Bank.
• Ensure compliance to measurement, tracking and reporting of contract related third party security risk assurance metrics.
• Provide regular updates on the Pre-contract / Post contract related third party security risk program, including KPIs, KCIs, and metrics status for delivery to relevant operational, Group, and Board committees.
• Ensure the accuracy of KRI s and KCI s and other risk ratings, provide assistance to process designs in order to meet policy requirements on contract related matters.
• Lead the monitoring and reporting of mitigation and remediation actions to track progress against audit and other assessment findings.
• Lead the third party COE Operations team to facilitate the third party risk governance process.

QUALIFICATIONS:

• Bachelor s degree from an accredited college/university in an appropriate field
• 10 - 15 years of experience in operational knowledge in information security / IT Contract & Vendor Management, preferably with Big 4 and/or Banking & financial services experience
• Exposure to contractual documentation and drafting contract documentation is highly desired.
• Experience in third party audits or risk management is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement
• Familiarity with working in a multi-national company or cross-cultural setting
• Excellent written and interpersonal skills
• Strong time management skills
• Ability to draft reports that clearly communicate observations and risks would be required
• Strong stakeholder engagement skills, and ability to interact at all levels across an organisation
• Strong audit project organisation and management skills
• Ability to multitask and ensure that all key priorities are delivered as per agreed timelines
• Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and regulatory requirements will be a plus
• Competency with Microsoft Office Suite (Word, PowerPoint, Excel, Visio, SharePoint)
• Certifications (CISSP, CISA, CRISC, CCSP) will be a plus

Apply now to join the Bank for those with big career ambitions.To view information on our benefits including our flexible working please visit our career pages. We welcome conversations on flexible working.,

Keyskills :
environmental impact assessmentcyber securitysecurity policyrisk assurancedata securitysecurity riskaudit trailrisk managementrisk assessmenttime managementrisk governancesupply chainmicrosoft office