CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
Business Title: Global Head of Information & Cyber Security Governance (Band 3) Function: Risk & Compliance - Group Chief Information Security Officer (CISO) Location: Singapore or Kuala Lumpur Preferred, will consider UK-based.
Position to be advertised in UK, SNG, KL, but preference is for candidate to be based in SNG or KL. Group Information Security (GIS) is instrumental in protecting the Bank from Information and Cyber security risk and is a critical function within Standard Chartered Bank. The GIS team is central to ensuring the Bank's ability to soundly meet its commitments to multiple internal and external stakeholders, as well as to maintain an appropriate risk profile for the business we conduct. The need for this capacity has strengthened over time and is a principle concern for regulators and the communities in which we operate. Our data resilience as a Bank is highly dependent on managing our security risk and associated capabilities to position the Bank for success. GIS has two functional components: the Group Chief Information Security Officer (CISO) and the Head of Technology Information Security (TIS). The CISO is responsible for security governance, strategy, policy, awareness, training, assessments, red teaming, third party risk, partnerships, regulatory engagement, and the Business Information Security officers. The TIS organization is responsible for information protection, threat assessment, monitoring, incident response, security testing, and identity and access management. Main Purpose of Job: The Global Head of Information & Cyber Security Governance is a permanent strategic role that requires strong business acumen and a detailed knowledge of information security policies and procedures. The successful candidate will have a finely tuned understanding of the challenges of policy implementation and governance and can respond in a flexible and collaborative manner to evolving business, regulatory and threat requirements. The role reports directly to the Group CISO and is part of the CISO Leadership Team. The Global Head will work closely with the CISO and others to address information and cyber security as an identified "top risk" for the Bank, and integrate it into the Bank's overall Enterprise Risk Management Framework.
The primary purpose of this position is to ensure that governance of information and cyber security risk within the Bank is operating effectively and efficiently, and to provide assurance that the risk is appropriately managed. The Global Head will support the CISO in their role as the Bank's executive accountable for the information and cyber security strategy. The successful candidate will work closely with the CISO, Head of TIS, Head of Security Engineering, and other key stakeholders to support the development of the Bank's security strategy, drive requirements and set priorities for investment based on acceptable risk tolerance, threat and regulatory landscape, resources, policies, and the technology infrastructure environment. Key stakeholders include CIO for Technology Services, Business COOs and Region/Country CIOs, as well as Group Internal Audit, Operational Risk and banking regulators.
The major functional activities that the Global Head will build and lead are: ensuring the Bank's information and cybersecurity governance framework is aligned against the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF); conducting operational risk reporting and management for information and cyber security; reviewing, testing and attestation of the implementation of the policy and control libraries; development and management of KRI, KPI and metrics reporting and presentation; and a range of other governance activities.
Key Roles and Responsibilities
Discharge the CISO function's governance accountabilities over information and cyber security across the Bank.
Support the development and maintenance of the Bank's information and cyber security strategy to drive requirements and controls, and set priorities for resource investment.
Monitor, assess and advise the business on acceptable risk tolerances based on policy and control environment and the evolving regulatory and threat landscape.
Lead the development, refinement, measurement, tracking and reporting of information and cybersecurity assurance metrics - ensuring business value is included, not only predefined assurance requirements.
Provide regular updates of the information and cybersecurity governance framework, including KPIs, KCIs, and metrics status for delivery to relevant operational, Group, and Board committees.
Perform formal and regular group wide reviews of the adequacy and completeness of information and cyber security governance framework implementation and adherence.
Provide reports and recommendations demonstrating a professional and experienced opinion on the adequacy of people, process and technology security initiatives to achieve operational risk and service levels.
Lead the monitoring and reporting of mitigation and remediation/closure actions to track progress against audit and other assessment findings.
Monitor the evolution of regulatory requirements and make recommendations to adjust governance framework, controls and/or compliance accordingly.
Ensure the information and cyber security risk governance framework recognizes and manages potential security risk conflicts, including for the digital business innovation strategy, in accordance with overall corporate risk appetite.
Validate the accuracy of KRI's and KCI's and other risk ratings, as well as process designs, to meet policy requirements that are presented to the CISO and relevant risk committees.
Ensure that Process Owners are escalating risk, control and process deficiencies appropriately in accordance with the relevant risk frameworks.
Participate in and present at relevant risk committees and steering groups, as required.
Build trusted working relationships with other security functional heads, risk and compliance counterparts, and business unit stakeholders.
Identify, implement, and/or maintain appropriate risk management tool(s) to appropriately manage, track and monitor information and cyber security risks across the enterprise.
Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.
Recommend or contribute to the continuous improvement of the Control Framework Library to ensure it meets the Bank's objectives and maintains its relevance.
Qualifications and Skills
Minimum 18 years of experience in a senior governance, risk management, or audit role, preference in the IT or IT security field.
Bachelor's Degree in Engineering, Computer Science, Information Technology, Cybersecurity, Business Management, or other related discipline.
Graduate degree (Master's) and/or professional certifications have an advantage (e.g., CISA, CISSP, CISM, ITIL, PMP).
Thorough understanding of IT security business processes, risks, threats and internal controls.
Strong leadership, negotiation and collaboration skills, and ability to work effectively in a complex multicultural and multi-timezone organization.
Thorough understanding of IT security business process risks, threats and internal controls.
Strong analytical and program management skills.
Experience in leading a geographically dispersed organization.
Ability to collect and analyze data, establish facts and make recommendations in written and oral form.
Ability to liaise with all parts of the Bank, including senior security, risk and business stakeholders.
Excellent oral, written and communication skills.
How To Apply
You can search and view current opportunities across our organisation and apply immediately by visiting www.standardchartered.com and selecting Careers. To help speed up your application, please note the following:
- You will need to log in (or register if you are visiting our careers site for the first time) before you can apply for a specific role
- Some roles may require you to undertake an online talent assessment in addition to completing the application form (to facilitate this process it is preferable that you provide us with an email address as part of your contact information) - We will ask you about your education, career history and skills and experience, it may be helpful to have this information at hand when completing your application
It usually takes 15 - 20 minutes to complete the application form; you can save your application at any time and return to complete it at your convenience.
The closing date for applications is 26/06/2017. Please note all closing dates are given in Hong Kong time (GMT + 8 hours). We aim to respond to successful applicants within four weeks and will keep a record or your application in our database so that we can contact you when suitable vacancies arise in future.
Diversity and Inclusion
Standard Chartered is committed to diversity and inclusion. We believe that a work environment which embraces diversity will enable us to get the best out of the broadest spectrum of people to sustain strong business performance and competitive advantage. By building an inclusive culture, each employee can develop a sense of belonging, and have the opportunity to maximise their personal potential.