Role Responsibilities

Introduction

Standard Chartered Bank is headquartered in London with operations in 50+ with two primary businesses:
• Commercial, Corporate and Investment Banking ("CCIB")
• Consumer, Private and Business Banking ("CPBB")

The CCIB business incorporates the Transaction Banking, Financial Markets, Security Services, Client Coverage and Digital Channels and Data Analytics businesses. The business has ambitious digitisation agenda and is looking to transform its businesses to be digital native organisation.

Banks are built on trust from the key stakeholder groups:
• Clients: trust that they will safeguard client assets (money, securities and commercial data).
• Governments & regulators: trust that they will provide capital for economies and businesses.
• Shareholders: trust they will provide a better return on capital than other banks.
• Communities: trust they will uphold their human rights build and uphold financial inclusion.

Trust is built on security:
• Identification of the priority business risks that are integrated into business strategy and decision making.
• Delivering best practice cybersecurity solutions and protecting data and privacy
• Threat-led approach ensure a security posture that mitigates the priority business risks
• Deliver efficiencies, continuous improvement, maximise risk reduction, resilience, policy and regulatory compliance.

The CCIB Information & Cyber Security Office is made up of thought leaders, who are accountable for the provision of a risk advisory services to continuously improve CCIB's security posture against the evolving cyber security landscape.

Role

Purpose:
• Trusted advisor for business stakeholders for risk identification, assessment and treatment.
• Drive maturity of decision making to incorporate information security and cyber within strategic management and design forums.
• Enable improved Information Security & Cyber knowledge and awareness to enable business leaders to understand the evolving threat and investment trade-offs.

Strategy
• Curate strategic design and integration of risk management across CCIB businesses
• Provide thought leadership, research and report on current organisation exposure to vulnerabilities and emerging threats through periodic management briefings and bulletins and working closely with relevant teams to implement short-gap remediation activities and compensating controls to reduce risk while identified vulnerabilities are being addressed.
• Build shared understanding of risk-based prioritisation of risk investment / activities across CCIB with 1st / 2nd lines of defence (LOD)
• To maintain an expert knowledge within the team of industry trends in relation to business requirements and direction to the Group.
• Support the continuous improvement through process re-engineering, technology transformation, integration and exploitation to deliver optimised yet robust services to mitigate threats.
• Integrate risk plans into all CCIB business / Client Journey strategic Enterprise Risk Management plans

Processes
• Either through leveraging Quarterly/Monthly Performance Review meetings or through the establishment of relevant 1st / 2nd LOD working groups agree, co-ordinate and oversee CCIB business risk mitigation plans to completion
• Collaborate with the control service providers to deliver adoption plans and services that inspire admiration - not desperation.
• Instil 90 days backlog discipline into all risk investment / activity to ensure it is appropriately prioritised against other risk and business investments / activities
• Provide check and challenge on RFO and Business risk plans and deliverables; advise on gaps in coverage for risks and regulatory obligations, with recommendation on how to address these; highlight risk activities that are not aligned to risk or their cost of control
• Support CCIB businesses / client journeys in cataloguing all Technology Risk controls & activities (current and planned) along with their MCE and impact on residual risk
• Institute agile risk management into ways of working handling of risk identification, incident reviews, etc

People and Talent
• Lead through example and build the appropriate culture and values. Set the appropriate tone and expectations for the team and work in collaboration with risk and control partners
• Employ, engage and retain high quality people and establish an appropriate team structure and capacity plans
• Set and monitor job descriptions and objectives for direct reports and provide feedback and recognition in line with their performance against those responsibilities and objectives

Risk Management
• Drive appropriate coverage of DCDA risks and regulatory obligations into control framework
• Advise businesses on evolving threat, industry trends and regulatory environment
• Escalate material gaps in risks coverage identified to NFRCs and/or CCIBRC as appropriate
• Work with Process Owners to ensure suitable incident management, response and recovery processes are in place
• Promote socialisation of lessons learnt across CCIB

Governance
• Maintain and own governance of Risk Treatment actions, Root Cause reviews and other remediation activities across CCIB
• Produce quarterly update to CCIB Business Refinement, NFRC and Control delivery meeting on plan and execution progress
• Overall accountable to manage the communications, reports and escalations to COO, CIO and CISO MT

Regulatory & Business Conduct
• Liaise with Internal Audit / Regulators as required
• Display exemplary conduct and live by the Group's Values and Code of Conduct
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters

Key Stakeholders
• CCIB Business COO
• CCIO Business CIO
• Operational Risk
• CISRO of CCIB Business
• Control Security Services MT
• Security Technology Services MT
• Business Control & Governance Leads
• Internal / external audit
• SCB Clients Visit our careers website