Head OTCR, Cyber Defence & Threat Intelligence

Job description

Job Summary
The Group Operational, Technology and Cybersecurity Risk (OTCR) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing technological, information and cyber security (ICS) risks across the enterprise.

As a critical function reporting into the Group Chief Risk Officer (CRO), Group OTCR serves as the second line of defence for assuring Operational, Technology and IC controls are implemented effectively and in accordance with the Enterprise Risk Management Framework (ERMF) and the ICT Risk Type Framework, and for instilling a positive culture of Operational, Technology and Cybersecurity risk management within the Bank.

As part of the function, the team of OTCR CISO performs a pivotal role as an extension of the OTCR in supporting the Tech and IC risk management strategy, governance, advisory and assurance roles that face off to the Client Businesses, Regions, and Functions.

This specific OTCR CISO role has accountability for 2nd Line of Defence oversight over the CISO Global Threat Mgmt and Cyber Defence team.

The role therefore requires experience working within such functions and highly sophisticated technical skills across Security Logging and Monitoring, Security Incident Management, Cyber Forensic, Cyber Intelligence and Threat Management.


Responsibilities
Overseeing and challenging 1st line Tech and IC risk proposals and risk-taking activities for Security Logging and Monitoring, Security Incident Management and Cyber Forensic, Cyber Intelligence and Threat Management, and other key IC domains.


Intervening in 1st line activities if they are not in line with existing or adjusted Risk Appetite.


Monitoring of Tech and IC risks and associated remediation plans across business lines using the Threat Scenario Risk Assessment (TSRA) Framework.


Assuring the 1st line implements controls to comply with applicable laws and regulations as defined by the IC Policy, Standards and escalating significant regulatory non‐compliance matters and developments to the Global Head, OTCR, T&O.


Overseeing implementation of the controls to mitigate risks related to Security Logging and Monitoring, Security Incident Management and Cyber Forensic, Cyber Intelligence and Threat Management.


Promoting a healthy Tech and IC risk culture and good conduct within Transformation, Technology & Operations of key IC domains.


People & Talent
Lead through example and build the appropriate culture and values.


Employ, engage, and retain high quality people, with succession planning for critical roles.


Uphold and reinforce the independence of the second line OTCR function.


Provide guidance and training for businesses and functions on managing risks associated with Cyber Operations and Group Threat Management domains.


Risk Management
Support the assessment of Tech and IC risk and reporting by T&O 1st line teams.


Support the OTCR T&O team in the use of the Tech and IC risk frameworks and other techniques from a 2nd line perspective.


Raise visibility of Tech and IC weaknesses to drive improvements and upliftment.


Highlight gaps or control weaknesses against security standards and regulations in the key IC domains.


Create risk mitigation plans calling out where these are ineffective or insufficiently followed.


Perform thematic reviews as required by the OTCR T&O team.


Governance
Work with teams within T&O and participate in work groups and other meetings to understand, advise, and challenge on Tech and IC matters, specifically for Security Logging and Monitoring, Security Incident Management and Cyber Forensic, Cyber Intelligence and Threat Management associated risks.


Report any Tech and IC risks/issues during T&O NFRC which require attention and support.


Ensure consistency of reporting and production of high‐quality documentation and materials.


Provide recommendations and feedback to OTCR teams based on experience with T&O.


Regulatory & Business Conduct
Display exemplary conduct and live by the Group’s Values and Code of Conduct.


Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank.

This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.


Effectively and collaboratively identify, elevate, mitigate, and resolve risk, conduct and compliance matters.


Key Stakeholders
Group OTCR T&O, IC & Tech Risk Leadership Team
Group T&O Risk Management and Cloud Governance Heads and teams
Group CISO MT
OTCR for Functions, Businesses and Regions
Group Internal Audit
Identified business stakeholders
Other Responsibilities
Embed Here for good and Group’s brand and values in OTCR, CISO & COO team; Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures within OTCR TTO covering other domains beyond main domains of responsibility.


Our Ideal Candidate
Degree in Information and Cyber Security or Technology or equivalent
10+ years experience in information security or risk management, preferably in Banking and Financial sector, with 5 years hands‐on experience in SIEM, XDR/EDR, SOAR, logging architecture (on‐prem/cloud), MITRE ATT&CK, threat hunting and incident response including forensic, threat intel frameworks.


Strong knowledge of cybersecurity frameworks, standards and principles
Strong knowledge of cloud security best practices and frameworks (e.g., CIS Benchmarks, NIST Cybersecurity Framework)
Professional Certifications such as CISSP/CISM, CRISC, CCSK/CCSP, MITRE ATT&CK Defender, SANS GCTI/GCED are desirable
Excellent written and oral communication and reporting skills, ability to present complex Cyber Operational and Threat Management concepts to non‐technical stakeholders
Role Specific Technical Competencies
Cyber Security frameworks, standards, and principles
Security Logging and Monitoring
Security Incident Management
Threat Management
About Standard Chartered
We’re an international bank, nimble enough to act, big enough for impact.

For more than 170 years, we’ve worked to make a positive difference for our clients, communities, and each other.

We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before.

If you’re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you.

You can count on us to celebrate your unique talents and we can’t wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours.

When you work with us, you’ll see how we value difference and advocate inclusion.


What We Offer
Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.


Time‐off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.


Flexible working options based around home and office locations, with flexible working patterns.


Proactive wellbeing support through Unmind, a market‐leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first‐aiders and all sorts of self‐help toolkits.


A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.


Being part of an inclusive and values driven organisation, one that embraces and celebrating our unique diversity, across our teams, business functions and geographies – everyone feels respected and can realise their full potential.


Recruitment Assessments
Some of our roles use assessments to help us understand how suitable you are for the role you’ve applied to.

If you are invited to take an assessment, this is great news.

It means your application has progressed to an important stage of our recruitment process.


#J-18808-Ljbffr

Required Skill Profession

Other General