Lead, API Governance, Risk and Control

Job Description

*About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.To us, good performance is about much more than turning a profit. Its about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.Were committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.The Role ResponsibilitiesA specialist role which enables the API governance process: responsibility to ensure that all APIs and their usage follows compliance to Group policy and standards, covering both internal and external APIs. Also including, enforcement and monitoring of related standards as they apply to the API lifecycle. This specialist role will enable the API governance team to shape a fit for purpose process that caters for the various API platforms in the bank.Will require an understanding of API Platforms, Partnerships, Open Banking framework, 3rd Party API s compliance, CI/CD technologies, Technology standards, Security controls & Governance Framework. Requires thorough understanding of strategic direction of the function, combined with a solid conceptual/practical grounding in both the function and/or area of expertise and related subject areas.Excellent communication skills required in order to negotiate internally, often at a senior level. Ability to execute functional strategy for API governance. Responsible for end results, planning, standards implementation, and delivery of future strategy of the area. Be engaged across management responsibility in a deputy capacity for team to include duties such as performance evaluation, team composition, personal developmentResponsible for providing support, best practice and guidance, as well as hands on support on API risk management areas and operating as the interface with T&I and wider Bank stakeholders across all three lines of defence to manage framework and relevant new risk initiatives which T&I are required to adopt. Overall establishment and implementation of a controls standard and design practice to support covering the complete API lifecycle. Strategy

• Operate as a risk and control senior SME for R&C, managing the design of API risk/control activities and supporting domain teams in implementation.
• Deliver the API Governance Framework, which includes controls testing, assurance, reporting, operation of API Governance Council.
• Manage and drive process coverage and alignment to Bank standards and policies to ensure the process universe has demonstratable compliance in relation to APIs.
• Ensure consistency and standardisation across lines of responsibility

Business

• The role faces off to the 1LoD Technology Risk teams, 2LoD functions such as Operational & Technology Risk, Information & Cyber Security and Compliance as well as 3LoD Group Internal Audit to provide consistency across activities performed and ensuring that key regulatory aspects are met.

Processes

• Responsible for the API governance strategic roadmap. Ensuring that a forward horizon is identified and managed. To ensure that governance/risk related items link back to the risk framework and associated processes.

People and Talent

• Coach T&I risk managers to upskill on risk and control knowledge.
• Be the API Risk and Control Governance SME

Risk Management

• Very strong understanding of Technology Risk principles, and how risk management operates as part of the larger Enterprise Risk Management Framework
• Ensure a strategic approach to controls design and implementation which covers the API end to end lifecycle model.
• Support the R&C control testing and assurance model with alignment to RSCA and control library models.
• Strong intra-action engagement for API governance across the three lines of defence and ensure that process engagements are simple and clear, including design related discussions. Challenging where required to ensure best outcome for the Bank

Governance

• Head, API Governance, T&I Governance, Strategy& Change
• Global Head, T&I Governance, Strategy& Change, COO
• Technology & Innovation Management Team
• Group CISO and COO, Trust, Data & Resilience
• CRO, Functions, Technology & Innovation
• Global Head ISRO - T&I, COO Operations & Functions
• Global Head, Risk and Control, Technology
• Trust, Data & Resilience Management Team
• API Development Community and Managers
• Architecture, Cloud, Engr. & Strategy Teams
• Global Head, Integration Services

Other Responsibilities

• Must be able to understand and articulate the API eco system. Familiar with the REST framework, Open API specification 3.0 and related control requirements such as code security review, penetration testing and vulnerability management.
• Manage the governance model to provide assurance over the security and stability of External APIs, prior to exposing sensitive Group and client data to external parties
• Identify, inventorise, assess and validate External APIs to ensure on-going compliance to Group and regulatory standards. Ensure adequate controls for all APIs across the Group, including Internal APIs and those not developed or managed in the Group s API gateways.
• Responsible for managing the overall API Governance end to end, including the API Governance Council and related forums and how they work together to ensure risk oversight. Ensuring compliance to the Bank Risk Framework and driving API lifecycle adherence to the Risk Framework. Establishing new risks and processes as deemed necessary in conjunction with the Head of API Governance.
• Independent review and challenge function, taking a strong view across activities to ensure consistency and best practice across technical aspects of API delivery.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines, and the Group Code of Conduct.
• Drive the team to achieve the outcomes set out in the Bank s Conduct Principles: The Right Environment.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders

• Perform other responsibilities assigned under Group, Country or Functional policies and procedures

Our Ideal Candidate

• This role requires 10+ years of relevant experience in either a 1LoD or 2LoD risk management role, or
• The candidate must have a working knowledge of risk management and the role controls play in the software development lifecycle.
• Technical IT domain and control knowledge is required.
• Senior level involvement in the roll out of large applications in a multinational organisation is preferred.
• Effective communication, presentation, and influencing skills are required.
• Able to articulate problem statement, conceptualize solutions and getting a buy-in are essential skills needed
• Good presentation skills with senior stakeholders is necessary.

Apply now to join the Bank for those with big career ambitions.To view information on our benefits including our flexible working please visit our career pages . We welcome conversations on flexible working.,

Keyskills :
cyber securitytechnology riskpenetration testingpresentation skillsgroup policysecurity controlsrisk managementinternal auditenterprise riskcontrol testingenterprise risk management