Information Security Risk Manager, HK Information Security Risk Manager, HK …

Standard Chartered Bank
in Hong Kong, Hong Kong, Hong Kong
Permanent, Full time
Be the first to apply
Standard Chartered Bank
in Hong Kong, Hong Kong, Hong Kong
Permanent, Full time
Be the first to apply
Information Security Risk Manager, HK
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

The Role Responsibilities & Our Ideal Candidate

The Group Chief Information Security Risk Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISRO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISRO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, red teaming, third party security risk, industry partnerships, and regulatory engagement. In addition, a team of Information Security Risk Officers (ISRO) and Information Security Risk Managers reports to the CISRO and performs a pivotal role as an extension of the CISRO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions. The Office of the CISRO is central to ensuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.


  • The Information Security Risk Manager (ISRM), Hong Kong, is a permanent role that requires knowledge and experience in the field of ICS risk governance. The successful candidate will have practical working experience in a second or third line capacity within ICS, and can respond flexibly and collaboratively to evolving business, regulatory and threat requirements. The role reports directly to the Head of ISRO for GCNA and HK, and be based in Hong Kong. The incumbent will work closely with peer ISRO team members and other CISRO functions to address ICS as a principal risk type for the Bank, and support regional rollout of ICS RTF in HK, and the GCNA region. The role will provide oversight and challenge of ICS risk management and control effectiveness as a risk partner to country leadership as defined in the Bank's ICS Risk Type Framework.


  • The primary purpose of this position to ensure that the management of ICS risk is adequate and well-governed in HK and the GCNA region. The successful candidate will work closely with the peer ISRO and ISRM team members and Country CRO, CIO, COO and Compliance Officers, as well as relevant key Business stakeholders to manage risks within tolerance, and taking into account the evolving threat and regulatory landscape, policies and standards, business operations and technology infrastructure. The successful candidate should possess a good understanding of ICS policy with an ability to articulate new requirements into ICS risk management assessments and processes.


The major functional activities that the role will lead and manage are:
  • Overseeing and challenging 1st line ICS risk proposals and risk-taking activities;
  • Monitoring of ICS risks and associated remediation plans across HK and GCNA countries using the CISRO Governance Risk Type Framework;
  • Assuring the 1st line implements controls to comply with applicable laws and regulations as defined by the CISRO Policy team
  • Challenging risk decisions derived from regional ICS Key Indicator Performance Monitoring for HK and GCNA countries as required
  • Taking part in regional or country ICS Transformation and Remediation Program (TRP) Working Group as a 2 nd line ICS Subject Matter Expert (SME)
  • Promoting a healthy ICS risk culture and good conduct within GCNA.
People and Talent
  • Lead through example and operate with the appropriate culture and values.
  • Work in collaboration with risk and control partners.
  • Work closely with country ISROs that is aligned and scaled to the ICS risk control needs of the GCNA region and countries.
  • Uphold and reinforce the independence of the second line ICS Risk function.
Risk Management
  • Deliver objectives set forth by Head, ISRO GCNA to support the Group's ICS risk management approach and objectives.
  • Ensure risks are managed in accordance with the defined CISRO Governance Risk Type Framework and associated Policy and Standards; and that issues are identified, escalated, and addressed as appropriate.
  • Establish strong ties into the relevant country leadership, governance, risk and control committees to ensure adequate monitoring, tracking and governance of ICS risk.
  • Drive integration of ICS Risk Type Framework into GCNA and utilise for the ongoing governance of country risk.
Regulatory & Business Conduct
  • Display exemplary conduct and live by the Group's Values and Code of Conduct.
  • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the country. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
  • Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
  • Exercise authorities delegated by the Board of Directors and act in accordance with Articles of Association.
Key Stakeholders
  • Country and Regional CRO
  • Country and Regional CIO
  • Country Compliance Officer
  • Country and Regional Head of Compliance
  • Regional COO
  • Country CEO
  • Banking Regulators
  • Security Technology Services
  • Head of ICS Governance
  • Head of ICS Policy
  • Group Internal Audit
  • Head of ICS Assurance and Testing
  • Head of ICS Training, Awareness & Exercises
Other Responsibilities
  • Establish strong relationships with identified stakeholders across in the country and understand their strategic goals, in order to ensure ICS alignment.
  • Prepare, present and challenge in a 2nd line capacity at relevant risk committees, steering groups and cross-business opportunities.
  • Validate the accuracy of KRI's and KCI's and other risk ratings, as well as process designs, to meet policy requirements.
  • Ensure that Process Owners are escalating risk, control, and process deficiencies appropriately in accordance with the relevant risk frameworks.
  • Build trusted working relationships with other security functional heads, risk and compliance counterparts, and country stakeholders.
  • Utilise appropriate risk management tool(s) to manage, track and monitor ICS risks across the country.
  • Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.
  • Monitor, assess and advise country on acceptable risk tolerances based on policy and control environment and the evolving regulatory and threat landscape

Apply now to join the Bank for those with big career ambitions.

To view information on our benefits including our flexible working please visit our career pages . We welcome conversations on flexible working.