CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
Advise the Technology Service Head in driving and directing effective risk management and compliance with the prescribed operational risk management framework and info security risk sub-type framework, policies, standards and processes of the Bank
Ensure proactive and adequate management of risk and timely risk mitigation. Support the implementation of controls to mitigate the risk
Report risk, compliance, audit and remediation performance and metrics to senior management to facilitate informed investment decisions and risk treatment decisions
Promote risk awareness and compliance culture within the domain for all staff to proactively identify risk, assess risk and mitigate risk
Manage stakeholders' expectations and influence stakeholders in understanding risk and impacts, threat and vulnerabilities of the Bank and priorities in remediation
Drive the resolution of any contention including risk ownership, remediation issue or action ownership, scope creep that may arise.
Plan and drive thematic risk and control review aligning to the domain's objectives, audit themes and key risk areas (include suppliers where appropriate)
Plan and drive risk and control reviews on new and in-flight projects
Provide advice to Domain Owners and Service Leads on risk remediation
Track all material risks arising from the reviews and remediation action to reduce the risk
Provide support and guidance on control design to Domain Owners, Process Owner and Service Leads.
Review and agree changes and / or new KRI with T&I R&C and UORM
Represent the Domain as the Single Point of Contact (SPoC) on internal and external audits
Ensure that the affected Domain (and units within) are sufficiently prepared for upcoming audits
Review adequacy of management response to audit findings
Review progress and timely closure of audit findings
Share thematic risk & audit findings across Domains and Units
Stay current of regulatory requirements, threats and leading industry practice and advise Technology Service Head in risk management and control design
Identify potential failure in process, advise and support risk treatment / mitigation.
Provide support and guidance on control design to Process Owner, Domain Heads. Review and approve proposed addition of or change in controls
Review and agree changes and /or new KRI with T&I R&C and UORM Advise on the design of key controls, key control indicator (KCI) and key risk indicators (KRI). Monitor and report on KCI and KRI as per metric defined
Conduct control sample testing (CST) on key control to attest the control operating effectiveness (COE). Review trend analysis of exceptions and identify systemic failures. Identify material exceptions and escalate
Review the adequacy and effectiveness of policies, standards, guidelines, process. Identify any material gaps, advice on control improvement
Ensure Domain Risk Forum (DoRF) are conducted per Terms of Reference (ToR) including delivering the risk objectives, attendance of core members, agenda, frequency. Drive domain risk forum meetings. Provide challenge to ensure robust risk management
Work with Awareness and Communication service unit to promote staff awareness on risk, compliance, audit support and remediation.
Plan, drive and/or perform control adequacy review to identify risk, non-compliance, control gap, vulnerabilities and advise remediation, preventive, corrective controls to Service Head.
Ensure that Management Team (MT) (and any other stakeholder as required) is kept aware of the key risk, control & audit issue of the Domain through periodical risk forum and reporting
Prepare and provide management report on risk, compliance audit or remediation to MT, Risk Forum
Ensure that all management information is produced in line with the defined schedule and quality and should support management decision and action
Ensure integrity of source and the processing of data to deliver accurate representation in management information
Serve as single point of contact to handle information request from, and provide responses to regulators, external or internal auditors. Attend audit meetings, clarification, review.
Facilitate the review and verification on audit findings for accuracy, risk rating and remediation management action plans (MAP) with service owners
Facilitate or manage the audit remediation to provide timely update on process and timely completion. Review remediation to ensure risks are significantly mitigated.
Manage stakeholder expectations and influence stakeholders in understanding risk and impacts, importance and priorities on threat and vulnerabilities of the Bank to be remediated, regulatory compliance gap to be addressed
Attend to any issue contention and resolve them including remediation ownership contention, remediation scope screep or challenge arising that may delay the remediation closure
SPoC for the Domain on any Risk, Control or Audit change initiatives from Group or Technology Governance
Drive implementation and adoption of agreed initiatives across the Domain including communication, awareness and training
Our Ideal Candidate
Excellent written and oral communication skills.
5 years and above of experience in Operation or IT risk management in either Banking and Financial services sector, global IT shared service organization, or IT audit organization
In-depth understanding of controls in Technology Risk and experience with tools in the industry on core infrastructure services
Good understanding of regulatory compliance, IT risk and controls, cyber security. Knowledge of methods, tools, techniques for recognising, anticipating, and resolving operational or process problems
Experience in engaging auditor and managing technology audit engagement. Experience in writing management response to audit issue
Minimum 2 years of hands-on experience in audit engagement and remediation
Strong people management capabilities. Confident and self-motivated leader with experience in effectively negotiating with and influencing others in a matrix environment
Ability and confidence to engage and drive risk objectives across a wide range of seniority levels, functional divides, locations and businesses
Ability to gather and analyse facts and data in complex, global environment, provide value-added management analyse, visualisation and recommendation to management, make quality judgement and support critical decision such as investment or risk response / treatment
Possess a pro-active posture and committed to continuous improvement
CRISC or CISA or CISM or CISSP certified is definite advantage
Knowledge and experience with core infrastructure, info and cyber security such as vulnerability management, identify and access management, commissioning and decommissioning, security monitoring are key advantage
Bachelor Degree in Computer Science/Information Technology, Engineering, Finance or equivalent
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages .