Technical Assurance Director - ICS
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
THE ROLE RESPONSIBILITIES
· Working within the business (not 2 nd line or audit), provide high quality, detailed 'First Line' assurance on the effectiveness of information and cyber security capabilities throughout the system development lifecycle (via assessments of requirements, design and testing), and in the BAU environment.
· Act as a 'critical friend' to their business and function colleagues, and provide advice and best practice to shape the design and implementation of ICS capabilities, and determine whether these ICS capabilities are operating effectively in BAU.
· Provide guidance and assurance on the completion of annual attestations such as SWIFT and PCI-DSS.
· Define and maintain an efficient technical assurance methodology which delivers risk focused, timely and re-performable assurance on key controls, to support and maintain ICS risk reduction. This will include identifying where control tests can be automated.
· Support stakeholders in defining remediation activities/solutions to address issues identified in assurance reviews. OUR IDEAL CANDIDATE
1. Strong background in the information and cyber security domains within international financial services organisations.
2. Deep expertise in two of the following ICS domains, and a broad knowledge of all other ICS domains.
o Identify and Access Management
o Data Protection
o Vulnerability Management (application security; infrastructure security; and configuration compliance monitoring)
o Security monitoring and response
3. Strong interpersonal skills to foster positive relationships with internal and external stakeholders.
4. Highly effective oral and written communication skills, with an ability to influence and to gain the respect of senior stakeholders and peers.
5. Demonstrates ability to work with limited direction and multi-task without loss of quality.
6. Confident and courageous to raise/escalate issues in a pro-active, professional and timely manner.
7. Professional auditors/risk managers or experienced information/cyber security professional with deep subject matter expertise/knowledge.
8. Experience in SWIFT and PCI attestations preferred.
9. Experience in penetration testing preferred.