Manager, Information & Cyber Security, Country Technology Management Manager, Information & Cyber Security, Country  …

Standard Chartered Bank
in Hong Kong, Hong Kong, Hong Kong
Permanent, Full time
Last application, 13 Sep 19
Standard Chartered Bank
in Hong Kong, Hong Kong, Hong Kong
Permanent, Full time
Last application, 13 Sep 19
Standard Chartered Bank
Manager, Information & Cyber Security, Country Technology Management
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

The Role Responsibilities

As the 1 st line of Information & Cyber Security (ICS) management function within CTM, the responsibilities will include:
ICS Risk Governance, Assessment and Mitigation
    • BAU management of ICS governance, assessment, and mitigation processes as the First Line of Defense.
    • Assess technology and ICS risks and ensure adequate controls and procedures are in place in the First Line of Defense and in compliance with of Group Technology Risk and IT Security policies, guidelines and standards.
    • Support strategic alignment with "Office of the CISO" (CISO) and "Security Technology Services" (STS).
    • Establish, implement and monitor ICS initiatives in accordance with SCB ICS policies and procedures as well as regulatory supervisory policies, such as TM-E-1, TM-G-1, and regulatory framework such as C-RAF.
    • Drive and manage ICS risk mitigation initiatives, including facilitating Risk Control Self-Assessments and KRI.
    • Prepare updates and risk acceptance documentation for relevant governance forums.
    • Lead forums to address risk, service and quality initiatives and improvements
Regulatory Reporting
    • Conduct regular review of the Regulatory Reporting requirements and ensure timely preparation and submission of the reports to regulators related to ICS perspective.
    • Communicate with business units in relation to new or revised regulatory or internal guidelines and to ensure staff awareness on ICS control and compliance areas.
    • Facilitate ICS regulatory review with Group and In-Country stakeholders and regulators.
    • Manage follow-ups with Group and In-Country stakeholders to ensure ICS queries are resolved and actions taken. Stakeholders include Group Technology Heads and senior management in Compliance, Chief Information Security Officer, Security Technology Services, Operational Risk and ITO Risk & Control Heads in country.
Continuous improvement to enhance ICS risk controls and operational efficiency
    • Monitor and track remediation of specific gaps identified.
    • Proactively assess and review the Bank's IT infrastructure and application to ensure that the confidentiality, availability, and integrity issues are addressed properly.
    • Identify thematic issues by gathering and evaluating ICS data from multiple sources including testing, risk indicators, incidents, losses, audit findings, etc.
    • Agree, verify and track ICS remediation plans with the responsible parties.
    • Support the implementation of ongoing ICS training programmes in collaboration with Compliance, Operational Risk and other 2 nd line stakeholders.
    • Develop and maintain ICS dashboard to keep track of ICS KPI and identify trends and thematic root cause of ICS incidents.
ICS Solution Evaluation from Technology Risk Perspective
    • Build key relationships with the various IT departments and technology teams. Work in partnership in identifying and developing solutions to address key technology risk areas for ICS.
    • Provide consultancy to business units in terms of the ICS risk control, control monitoring and compliance assurance procedures
Outsourcing & Vendor Management
    • Engage outsourcing vendors related the assessment, assurance and mitigation of ICS risk, such as iCAST.
    • Set up ICS related KPI and SLA and ensure the good quality of the deliverables by outsourcing vendors.

The Role Requirements

Technical literacy and knowledge:
  • University degree holder, preferably in IT or Computer Science major. Master or other advanced professional degree preferred.
  • At least 8 years of working experience with 5 years within the Cyber or Information Security space either within a Bank or consulting firms, preferably with information security solutions implementation experience.
  • Experience in conducting vulnerability assessments and penetration testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
  • Good experience in ICS governance, assessment, assurance, operations control, security management and/or audit in banks or financial institutions and related ISO standard (ISO 27001).
  • Good experience in Security Incident Response and handling of the threats in all aspects of ICS domains.
  • In-deep knowledge in the following topics:
  • Network protocols and network connectivity concepts, firewall, IDS, DMZ and Internet technologies.
  • Virtualization, infrastructure & network architecture, data centre architecture, ICS architecture.
  • Application security, secure access control mechanisms, encryption, key management techniques.
  • Technical proficiency in
  • Unix / Linux, Windows O/S, Mainframe, relational Database Systems, Endpoint security, Security tools.
  • Development of Python or shell script.
  • Professional Certification preferred - CRISC, CGEIT, CISSP, OSCP, CREST.
Communication and influencing skills:
  • Capable of engaging key stakeholders and building alliances through active conversations including peer or more senior stakeholders who have no direct reporting relationships
  • Welcomes different opinions and treats every complaint as an opportunity for improvement
  • Good interpersonal relationship with business and support partners.
  • Strong analytical sense, ability to adapt and drive changes and take ownership of the initiatives.
  • Flexible, innovative and self-motivated with continuous drive for quality
People and change management:
  • At least 5 years' experience of directly managing teams of managerial and/or operational staff
  • Knowledge of ICS management tools, processes, best practices inclusive of the ability to effectively use these in the context of a complex programme.
  • Demonstrable understanding of resource management, and the ability to create and implement a ICS risk management framework for a solutions programme.
  • Possesses an approachable style, with a proven ability to manage and motivate staff
  • Demonstrable understanding and experience in solution provision, skills identification and development team leadership

Apply now to join the Bank for those with big career ambitions.