Information & Cyber Security Risk Quantification Analyst, ICS Risk Framework
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
The purpose of this role is to provide analysis for the rollout and implement the risk for the control quantification framework enhancements, part of Information and Cyber Security (ICS) Transformation Remediation Programme (TRP), across Standard Chartered Bank. The framework will incorporate the newly established ICS Threat Resilience Solution (TRS). The role will need to establish a rollout plan for the TRS.
Establishing the TRS within Standard Chartered Bank (SCB) will covekrir all client segments (Retail Bank, Private Bank, Commercial and Global Banking) and products (Financial Markets, Transaction Banking, Wealth Management, Corporate Finance).
The ICS TRP brings together all material ICS investment activities. The portfolio will p rioritize ICS investments to maximise risk reduction and capability improvement, while meeting compliance and legal obligations and minimis ing client impact . The portfolio provides a single end-to-e nd view of investment activities with regular tracking and reporting.
Information and Cyber Security risk has recently been established as a Principal Risk Type within the Enterprise Risk Management Framework. The new ICS Risk Type Framework (RTF) seeks to bring consistency in approach and introduce operational structure to the identification and mitigation of ICS risks. The RTF is based upon core best practice methods of ICS risk management including NIST.
The responsibilities include to: TRS Product
- Develop the TRS model including excel modelling and visualisation. Maintain and develop the model parameters, inputs and outputs.
- Enable the establishment of a clear business, function and risk business adoption.
- Analysis of TRI outputs for designated Threats Assessment and Control Domains.
- Define requirements for TRI enterprise model development including data, technology and process.
- Provide solution mind-set to the strategic design and review of project deliverables as they relate to the control and risk framework to ensure the target operating model and infrastructure is best in class. Ensure that the approach taken recognises the context and objectives.
- Establish the ongoing business operating model.
- Establish and maintain working groups across domains to progress the framework roll out.
- Support a robust and efficient delivery plan by working with key stakeholders including the Office of the CISO and COOs/CIOs and face off to assigned Business lines, Functions and/or Regions.
- Ensure project reporting is up to date including project static, RAG status, key milestones, financials, risks, dependencies, issues and resource forecasts. Deliver quality submissions to PSC.
- Support and apply the refinement of tools, templates and good practice.
Regulatory and Business Conduct
- Manage the project professionally and efficiently, closely tracking timeline commitments for provision of information and action plans, and for validation of actions taken.
- Ensure calculation engine, systems and process required to establish a robust model are compliant with the banks internal model requirements.
- Establish data quality standards and approach to ensure reporting is aligned to the internal policy and regulatory standards i.e. BCBS, Data Quality.
- Display exemplary conduct and live by the Group's Values, Valued Behaviours, and Code of Conduct
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank.
- Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.
Our Ideal Candidate
- Chief Operating Officers - Business teams
- Head, Operational Risk Information for Functions
- Global Head of Information & Cyber Security Governance & Policy, CISO
- Experience in the development and successful roll out of projects and change within large international financial services companies
Apply now to join the Bank for those with big career ambitions.