Search by job, company or skills

Standard Chartered India

Information Security Risk Officer, COO

Standard Chartered India
Early Applicant
  • 29 days ago
  • Be among the first 50 applicants
Exp: 5-10 Years
Chennai, India
Login to check your skill match score

Job Description

Job Summary

The Group Operational, Technology and Cybersecurity Risk (OTCR) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing technological, information and cyber security (ICS) risks across the enterprise.

As a critical function reporting into the Group Chief Risk Officer (CRO), Group OTCR serves as the second line of defence for assuring Operational, Technology and ICS controls are implemented effectively and in accordance with the Operational Risk Type Framework (ORTF) and the ICS Risk Type Framework and for instilling a positive culture of Operational, Technology and Cybersecurity risk management within the Bank.

As part of the function, the team of OTCR, CISO & COO performs a pivotal role as an extension of the OTCR in supporting the Tech and ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Businesses, Regions, and Functions.

Strong technical knowledge in ICS controls domains Network Security Management, End-point Security, Security Incident Management and Cyber Forensic, Cyber Intelligence, Cloud Computing, Identity Access Management (IAM), AI/ML, DevSecOps

Key Responsibilities

Strategy

  • The Operational, Tech and Cybersecurity Risk Officer for Group Transformation, Technology & Operations (TTO) is a permanent strategic role that requires strong business acumen and deep knowledge and in-depth experience of Technology and Information and Cyber Security (ICS), in particular in Cloud Computing, DevSecOps, Artificial Intelligence and Machine Learning domains complimented by the general knowledge in other ICS areas like Data Security and Privacy, Identity and Access Management, Application Security. The successful candidate will have a strong understanding of operating in a second line capacity within an ICS or risk management organisation, and can respond flexibly and collaboratively to evolving business, regulatory and threat requirements. The role reports directly to the Global Head, OTCR, CISO & COO. The OTCR for TTO CISO & COO will work with other OTCR Coverage and SME teams to address Tech and ICS as a principal risk types for the Bank and support its integration into the Bank's overall Enterprise Risk Management strategy. The role will provide oversight and challenge of Tech and ICS risk management and control effectiveness as a risk partner to TTO as defined in the Bank's ICS Risk Type Framework and Operational Risk Type Framework (ORTF) under delegation from the Global Head of OTCR.

Business

  • The role delivers services that continually monitor the Tech and ICS threat landscape, undertake constructive and robust oversight of the effectiveness of Tech and ICS controls and risk remediation strategies, and ensure accurate, insightful, and transparent Tech and ICS risk reporting is provided to senior management to provide them appropriate assurance and confidence on the TTO CISO & COO risk profile.
  • We are seeking an information and cyber security risk specialist to deliver a range of activities associated with the discharging of OTCR second line responsibilities. This role will have considerable engagement with all business units, risk committees, and other stakeholders across the bank, but especially those in TTO covering Cloud, DevSecOps and AI/ML domains.

Processes

The major functional activities that the OTCR, CISO & COO will lead and manage are:

  • Overseeing and challenging 1st line Tech and ICS risk proposals and risk-taking activities for Cloud, DevSecOps, AI/ML, Network Security, and other key ICS domains.
  • Intervening in 1st line activities if they are not in line with existing or adjusted Risk Appetite.
  • Monitoring of Tech and ICS risks and associated remediation plans across business lines using the CISRO Governance Risk Type Framework.
  • Assuring the 1st line implements controls to comply with applicable laws and regulations as defined by the ICS Policy, Standards, LRM team and escalate significant regulatory non-compliance matters and developments to the Global Head, OTCR, TTO.
  • Overseeing implementation of the controls to mitigate risks related to Cloud Computing, DevSecOps, and ML Ops lifecycle and data handling.
  • Promoting a healthy Tech and ICS risk culture and good conduct within Transformation, Technology & Operations of key ICS domains.

People & Talent

  • Lead through example and build the appropriate culture and values.
  • Employ, engage, and retain high quality people, with succession planning for critical roles.
  • Uphold and reinforce the independence of the second line OTCR function.
  • Provide guidance and training for businesses and functions on managing risks associated with Cloud, AI/ML, and other key ICS domains.

Risk Management

  • Support the assessment of Tech and ICS risk and reporting by TTO 1st line teams.
  • Support the OTCR TTO team in the use of the Tech and ICS risk frameworks and other techniques from a 2nd line perspective.
  • Raise visibility of Tech and ICS weaknesses to drive improvements and upliftment.
  • Highlight gaps or control weaknesses against security standards and regulations in the key ICS domains.
  • Oversee the validation and monitoring of AI/ML models used in business processes.
  • Oversight on cloud infrastructure and DevSecOps to ensure compliance to Tech and ICS standards.
  • Create risk mitigation plans calling out where these are ineffective or insufficiently followed.
  • Perform thematic reviews as required by the OTCR TTO team.

Governance

  • Work with teams within TTO and participate in work groups and other meetings to understand, advise, and challenge on Tech and ICS matters, specifically for Cloud, DevSecOps and AI/ML risk management.
  • Report any Tech and ICS risks/issues during TTO NFRC which require attention and support.
  • Ensure consistency of reporting and production of high-quality documentation and materials.
  • Provide recommendations and feedback to OTCR teams based on experience with TTO.

Regulatory & Business Conduct

  • Display exemplary conduct and live by the Group's Values and Code of Conduct.
  • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
  • Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.

Key stakeholders

  • Group OTCR Leadership Team
  • Group OTCR TTO Leadership Team
  • Group TTO Risk Management and Cloud Governance Heads and teams
  • Group CISO
  • OTCR for Functions, Businesses and Regions
  • Other OTCR teams
  • Group Internal Audit
  • Identified business stakeholders

Other Responsibilities

  • Embed Here for good and Group's brand and values in OTCR, CISO & COO team; Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures within OTCR TTO covering other domains beyond main domains of responsibility.

Skills And Experience

  • Cyber Security frameworks, standards, and principles
  • Cloud and Container Security
  • Data Science and Analytics
  • ML Ops
  • DevSecOps

Qualifications

Education

  • A degree in Information and Cyber Security or Technology or equivalent

Training

  • Minimum 10 years experience in information security or risk management, preferably in Banking and Financial sector, with 5 years hands-on experience in information security risk assessments
  • Strong knowledge of cybersecurity frameworks, standards and principles, familiarity with Cloud Computing, DevSecOps and emerging AI/ML regulations and guidelines (e.g., EU AI Act, NIST AI Risk Management Framework)
  • Strong knowledge of cloud security best practices and frameworks (e.g., CIS Benchmarks, NIST Cybersecurity Framework)
  • Strong technical knowledge of cloud, DevSecOps and AI/ML technologies, including model lifecycle management, ethical AI practices, and data privacy.

Certifications

  • Professional Certifications such as CRISC, CCSK/CCSP, CISSP, CISA, CISM or equivalent is desirable

Languages

  • Excellent written and oral communication and reporting skills in English, ability to present complex AI/ML risk concepts to non-technical stakeholders

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together We

  • Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
  • Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
  • Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What We Offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

  • Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
  • Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
  • Flexible working options based around home and office locations, with flexible working patterns.
  • Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
  • A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
  • Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

More Info

Industry:Other

Job Type:Permanent Job

Skills Required

Privacy
Identity Access Management
Cyber Security
Cloud Computing
DevSecOps
Data Security
Network Security Management

Login to check your skill match score

Login

Date Posted: 30/10/2024

Job ID: 98659703

Report Job

Hi , want to stand out? Get your resume crafted by experts.

Similar Jobs

Information Security Risk Officer COO

Standard Chartered IndiaCompany Name Confidential

Chief Information Security Officer CISO India

Energy ExemplarCompany Name Confidential
Last Updated: 22-11-2024 06:28:07 PM
Home Jobs in Chennai Information Security Risk Officer, COO
Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs