Hiring applicants for CCIB ICS Risk Specialist

Job Description

Role Responsibilities The CCIB business incorporates the Transaction Banking, Financial Markets, Security Services, Client Coverage and Digital Channels and Data Analytics businesses. The business has ambitious digitisation agenda and is looking to transform its businesses to be digital native organisation. Banks are built on trust from the key stakeholder groups
• Clients - Trust that they will safeguard client assets (money, securities and commercial data).
• Governments & Regulators - Trust that they will provide capital for economies and businesses.
• Shareholders - Trust they will provide a better return on capital than other banks.
• Communities - Trust they will uphold their human rights build and uphold financial inclusion.
Trust is built on security
• Identification of the priority business risks that are integrated into business strategy and decision making.
• Delivering best practice cybersecurity solutions and protecting data and privacy.
• Threat-led approach ensure a security posture that mitigates the priority business risks.
• Deliver efficiencies, continuous improvement, maximise risk reduction, resilience, policy and regulatory compliance.
The CCIB Information & Cyber Security Office is made up of thought leaders, who are accountable for the provision of a risk advisory services to continuously improve CCIB s security posture against the evolving cyber security landscape.Role Purpose
• Trusted advisor for business stakeholders for risk identification, assessment and treatment.
• Drive maturity of decision making to incorporate information security and cyber within strategic management and design forums.
• Enable improved Information Security & Cyber knowledge and awareness to enable business leaders to understand the evolving threat and investment trade-offs.
Strategy
• Curate strategic design and integration of risk management across DCDA businesses.
• Provide thought leadership, research and report on current organisation exposure to vulnerabilities and emerging threats through periodic management briefings and bulletins and working closely with relevant teams to implement short-gap remediation activities and compensating controls to reduce risk while identified vulnerabilities are being addressed.
• Build shared understanding of risk-based prioritisation of risk investment / activities across DCDA with 1st / 2nd lines of defence (LOD).
• To maintain an expert knowledge within the team of industry trends in relation to business requirements and direction to the Group.
• Support the continuous improvement through process re-engineering, technology transformation, integration and exploitation to deliver optimised yet robust services to mitigate threats.
• Integrate risk plans into all DCDA business / Client Journey strategic Enterprise Risk Management plans.
Processes
• Either through leveraging Quarterly/Monthly Performance Review meetings or through the establishment of relevant 1st / 2nd LOD working groups agree, co-ordinate and oversee DCDA business risk mitigation plans to completion.
• Collaborate with the control service providers to deliver adoption plans and services that inspire admiration - not desperation.
• Instil 90 days backlog discipline into all risk investment / activity to ensure it is appropriately prioritised against other risk and business investments / activities.
• Provide check and challenge on RFO and Business risk plans and deliverables; advise on gaps in coverage for risks and regulatory obligations, with recommendation on how to address these; highlight risk activities that are not aligned to risk or their cost of control.
• Support DCDA businesses / client journeys in cataloguing all Technology Risk controls & activities (current and planned) along with their MCE and impact on residual risk.
• Institute agile risk management into ways of working e.g. handling of risk identification, incident reviews, etc.
People and Talent
• Lead through example and build the appropriate culture and values. Set the appropriate tone and expectations for the team and work in collaboration with risk and control partners.
• Employ, engage and retain high quality people and establish an appropriate team structure and capacity plans.
• Set and monitor job descriptions and objectives for direct reports and provide feedback and recognition in line with their performance against those responsibilities and objectives.
Risk Management
• Drive appropriate coverage of DCDA risks and regulatory obligations into control framework.
• Advise businesses on evolving threat, industry trends and regulatory environment.
• Escalate material gaps in risks coverage identified to NFRCs and/or CCIBRC as appropriate.
• Work with Process Owners to ensure suitable incident management, response and recovery processes are in place.
• Promote socialisation of lessons learnt across DCDA.
Key Stakeholders
• CCIB Business COO
• CCIO Business CIO
• Operational Risk DCDA
• CISRO DCDA
• Control Security Services MT
• Security Technology Services MT
• Business Control & Governance Leads
• Internal / external audit
• SCB Clients
Our Ideal Candidate
• 12 - 15 of overall experience in IT with 10 - 12 years of experience leading the governance and reporting of Information and Cyber Security Domain for 1 or multiple business in Financial Industry.
• Extensive experience managing compliance to policy and standard and regulatory mandates.
• Manage client risk assessments requests where SCB acts as a service provider or Third Party to assure clients on Banks security posture.
• Review and maintain the cyber hygiene for CCIB business working with the CIO and COO by reviewing the monthly metrics.
• Developing reporting applications in the absence of GRC to maintain and track risk reduction actions for all businesses. Preparation of Risk papers (NFRC, QPR and Sustainability Refinement) for all business.
• Collaborate and maintain highly effective working relationships across Business units and other stakeholders to strategically connect programs and initiatives that support ICS.
• Work with multiple stakeholders to ensure CCIB risk reduction is represented accurately and impediments are escalated timely.
• Good understanding of risk frameworks (NIST, ISO 27001 or Threat Scenario Led Risk Assessment), control testing and various industry attestations.
• Good understanding of fraud use cases associated digital channels and their interplay with ICS.
• Strong working experience of working with 3 lines of defence to articulate and seek approvals or dispensations when working with complex regulatory or internal standards and policies.
• Detailed oriented, Strong deductive reasoning, critical thinking and problem-solving skills.
• Ability to work in a fast-paced team environment.
• Proven ability to manage diverse stakeholder expectations.
• Excellent oral/written communication skills for articulating thoughts clearly with stakeholders ranging from engineers to senior business management.
• Exceptional interpersonal, team building, mentoring and leadership skills with a demonstrated ability to gain the confidence and respect of senior level executives.
Desired
• Experience in working with cross-border teams, preferably in the Financial Services industry.
• Knowledge of Transaction Banking, Financial Markets products, payment eco-system and evolving API, third party market place or white label providers.
• Experience in agile methodology of managing multiple multi-year risk reduction projects involving multiple control owners.
• Fundamental skills of Task prioritization, Time management, Customer focus.
Visit our careers website www.sc.com/careers ,

Keyskills :
root causeenterprise risk managementkeeping things simpleiso 27001use cases