Standard Chartered Bank (SCB)
This role is aligned to Consumer, Private and Business Banking (CPBB) business and works closely with the designated technology delivery teams to holistically address Information Cyber Security (ICS) risk. The Business ICS Risk Manager – Threat, Risk and Strategy is a non-people leader role which requires to be adaptive and respond to a wide and deep scope. The positions is reporting to the Director of ICS Risk – Threat, Risk and Strategy and supports the execution of team’s objectives, by collaborating with stakeholders across business and technology, as well as other pillars within the team. In support of CPBB ICS Risk strategy, areas of responsibility may include:
- Business ICS Risk Manager – Threat, Risk & Strategy
- Board Risk Committee, Regional Risk Committee and Cyber Advisory Forum reporting.
- Address and adopt response and recover capabilities and assist with cyber crisis management exercises, playbooks etc.
- Assist with other cyber activities underway.
- Collaborate and work with various stakeholders including Cyber Information Security Risk teams (L2).
- Manage the rollout of the ICS RTF professionally and efficiently, closely tracking timeline commitments for provision of information and action plans, and for validation of actions taken
- Support the business in the management of TPSA metrics.
- Escalate appropriately to ensure the Director of ICS Risk – Threat, Risk and Strategy, CPBB is briefed and necessary decisions are made in a timely manner
- Oversight on Board Risk Metrics and remediation plans.
- Maintain strong stakeholder engagement with other COO ICS teams, Chief Information Security Office teams, ICS RTF Implementation
- Programme teams and Security Technology teams
- Identification and Management of CPBB ICS Risks and Threats.
- Identify changes to plan required in terms of additional components, reprioritisation to anticipate and respond to changes
- Ensure that ICS Key Controls are implemented effectively with appropriate coverage.
- Support the identification, assessment and rating of information assets with the business.
- ICS Risk tracking and coordination, by providing regular status updates including progress, top risks and issues to the respective business forums for the relevant domains. Track RAG status, key milestones, risks, dependencies and issues.
- Audit Management.
- ICS Business Recovery and Respond oversight, by coordinating with SMEs for cyber crisis management exercises, build response and recovery capabilities and workarounds.
- Third Party Security Assessment oversight.
- Support the Threat Security Risk Assessment (TSRA) and Risk and Control Self Assessment (RCSA) for CPBB.
- Experience in risk and governance of key ICS Controls – Data Protection, Vulnerability and Compliance Management, Network security, Security Incident Management, etc.
- Proven ability to deliver complex, global, pan-bank initiatives by driving collaboration and participation across diverse set of stakeholders.
- Good organisation and stakeholder management skills with ability to manage multiple deadlines and effectively prioritise.
- Possess one or more security certifications such as CISSP, CISA, CISM, CRISC, PCI-QSA, CSX etc. would be an asset.
- Experience in the identification and assessment of Cyber Risks.
Qualification & Experience:
- Experience in third party oversight and risk management.
- Experience working across multiple security frameworks (e.g. NIST, ISO 27001, PCI-DSS).
- Ability to work collaboratively with stakeholders and execute independently to effect change across the business lines and manage multiple deliverables simultaneously.
Company: Standard Chartered Bank (SCB)
Vacancy Type: Full Time
Job Location: Karachi, Sindh
Application Deadline: N/A