ICS Controls Specialist

Responsibilities

Strategy

• Support the development and implementation of strategies to mitigate security risks and ensure the confidentiality, integrity, and availability of our systems and data.
• Collaborate with security leadership, engineering, and compliance to execute security strategies
  
  

Business

• Trusted advisor for business stakeholders for risk identification, assessment and treatment for CIB, Core Technology and Functions business units
• Enable improved Information Security & Cyber knowledge and awareness to enable business leaders to understand the evolving threat and investment trade-offs
• Be the focal point for ICS control adoption & strategy. Drive a strong engagement with key businesses stakeholders.
• Collaborate with cross-functional teams to design and implement security controls and best practices.
  
  

Processes

• Collaborate with the control service providers to deliver adoption plans and services
• Provide check and challenge the pre-go live approval requests of SIA process routed for review
• Provide check and challenge on RFO and Business risk plans and deliverables; advise on gaps in coverage for risks and regulatory obligations, with recommendation on how to address these; highlight risk activities that are not aligned to risk or their cost of control
• Support businesses / client journeys in cataloguing all Technology Risk controls & activities (current and planned) along with their MCE and impact on residual risk
• Institute agile risk management into ways of working e.g. handling of risk identification, incident reviews, etc
• Work with Process Owners to ensure suitable incident management, response and recovery processes are in place
• Support Cloud team to design and implement scalable processes to provision cloud access
• Assess current cloud security and propose improvements or solutions
  
  

People & Talent

• Lead through example and build the appropriate culture and values. Work in collaboration with risk and control partners
  
  

Risk Management

• Track and align ICS adoption and execution to the ICS risk reduction initiatives with key enterprise programmes (Obsolescence remediation, Cloud Adoption, Azure DevOPS, etc.)
• Support risk assessments of cloud platforms, infrastructure, and related technologies to identify vulnerabilities and potential threats.
• Provide support to internal teams on security-related matters, including compliance requirements and security architecture design.
• Identify and assess security issues across the cloud infrastructure
• Monitor and analyse security events and incidents and respond to security breaches in a timely manner.
• Stay current with industry trends, emerging threats, and best practices in cloud and infrastructure security.
• Lead Cloud Security Assessments and Control reviews.
• Advise businesses via CISO's on evolving threat, industry trends and regulatory environment
• Escalate material gaps in risks coverage identified to relevant risk committees as appropriate
• Support Operations team to tune security tool configuration to minimize false positives
  
  

Governance

• Drive appropriate coverage of risks and regulatory obligations into control framework
• Ensure key ICS risk and issues are monitored and appropriately addressed by key
  
  

Stakeholders

• Ensure adoption of the ICS controls
• Ensure ICS Controls are being adopted in new technologies and projects
  
  

Regulatory & Business Conduct

• Liaise with Internal Audit / Regulators as required
• Display exemplary conduct and live by the Group's Values and Code of Conduct
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters
  
  

Key Stakeholders

• CIO CIB / ET / GF
• Operational Risk CIB / ET / GF
• CISRO CIB / ET / GF
• Control Security Services MT
• Security Technology Services MT
• CIB / ET / GF Business Control & Governance Leads
• Internal / external audit
  
  

Qualifications

Education

• Bachelor's degree in Computer Science, Information Security, or related field. Advanced degree preferred.
  
  

Training

• Minimum of 5 years of experience in cloud security, infrastructure security, or related field.
• 5 years of Information and Cyber Security Domain experience implementing NIST or ISO 27001 risk framework for 1 or multiple business in Financial Industry.
• 5 years hands on risk assessments for applications (supporting Customer Onboarding, KYC, Lending or similar applications) develop treatment plans and monitor the progress of the treatment plan through governance committees.
• 3 5 years of experience in handling risk assessments and treatment plans for Cloud applications &platforms including IAAS / PAAS / SAAS solutions.
• Strong knowledge of cloud platforms such as AWS, Azure, or Google Cloud Platform.
• Experience with security risk assessment methodologies, tools, and frameworks.
• Deep understanding of network security principles, protocols, and technologies.
• Excellent communication and interpersonal skills, with the ability to effectively communicate technical concepts to teams
• Detailed oriented, Strong deductive reasoning, critical thinking and problem-solving skills.
• Ability to work in a fast-paced team environment.
• Proven ability to manage diverse stakeholder expectations.
  
  

Certifications

• Industry certifications such as CISSP, CISA, or CCSK are highly desirable
  
  

Languages - English

Skills And Experience

• Risk Assessment Framework
• Deep understanding of Threats and their interplay with business risks
• Communication
  
  

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together We

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
  
  

What We Offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.