Head of Information %26 Cyber Security, India %26 South Asia

Head of Information %26 Cyber Security, India %26 South Asia

11 May
|
Standard Chartered
|
India

11 May

Standard Chartered

India

About Standard Chartered



We're an international bank, nimble enough to act, big enough for impact. For more than 160 years, we've worked to make a positive difference for our clients, communities, and each other.



We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you.



You can count on us to celebrate your unique talents. And we can't wait to see the talents you can bring us.



Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise,





to be here for good are achieved by how we each live our valued behaviours.



When you work with us, you'll see how we value difference and advocate inclusion. Together we :



- Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do

- Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well

- Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

- In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

- Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations

- Time-off including annual, parental / maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum

- Flexible working options based around home and office locations, with flexible working patterns

- Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills,global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits

- A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning

- Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

- Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you've applied to.



If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.



Role Responsibilities



ICS Risk has been established as a Principal Risk Type within the Enterprise Risk Management Framework.



The ICS team under the Group COO is responsible to advise, implement and sustain the ICS RTF. Head of ICS India and South Asia will provide the leadership, guidance and support to drive the adoption and



implementation of the matured ICS frameworks. This role will require hands on approach to understand, embed and guide the country business lines on the ICS RTF to maximise risk reduction and capability improvement.



A significant focus of this role will be on providing the guidance on establishing the compliance with country regulations.



The role will require to have end-to-end view of all ICS activities with regular risk assessment, tracking, follow up and reporting at the relevant forums.



This role holder will provide leadership and strong security risk framework knowledge to mobilise effort and commitment. He / she will maintain highly constructive and effective relationships with senior stake holders from various departments (i.



e. Business, Technology, Compliance) and regulators within the India and South Asia markets.



This role holder will need to work closely with the designated technology delivery teams and business operations / Business ICS heads (where required) to holistically address ICS and regulatory risk.



This role will be responsible for :



This role will be responsible for :



Executing a robust and efficient plan to rollout ICS RTF by working with key stakeholders including COOs / CIOs direct teams, Operations, ICS RTF Implementation Programme teams, Office of the CISO and Security technology teams.



The plan will incorporate digital footprint discovery, risk assessment, definition and implementation of controls as guided by the ICS RTF and tailored to the relevant areas.



- Supporting the India & SA COO and Head ASA ICS in the implementation of the ICS Risk framework including working with stakeholders to identify, assess and rate the information assets, build out the risk profile per the framework, initiate risk assessments and put together treatment plans

- Using qualitative and quantitative data sources to validate Key Control Domains (KCD) and associated controls, accelerate risk assessment process, validate business risk profile and develop action plans to remediate to bring ICS risk back into appetite.

- Conducting risk assessments and supporting mitigation activities and projects

- Managing security-related incidents and events

- Driving security culture / awareness and help improve readiness for a cyber event

- Managing India & South Asia regulatory requirements in the area of ICS and interfacing with respective stakeholders to communicate and ensure compliance with regulatory requirements.

- Representing India & South Asia in regulatory meetings (where required), providing ICS related information for any regulatory submissions or making submissions directly to regulators

- Interfacing with Country business heads to assist with sharing of risk profiles, advising on cyber risk issues and addressing areas of concern

- Interfacing into Technology forums to ensure security technologies are operating with input from business and be actively involved in the roadmap of these technologies by providing business input

- Ensuring information risks are identified, assessed, mitigated and controlled.

- Adapting to emerging and horizon risks and address issues to maximize outcomes. Urgent and timely action for risks and issues which adversely impact cyber risk profiles

- Coordinating and planning for cyber crisis management exercises, building response and recovery capabilities, workarounds, ensuring up to date playbooks etc.

- This role is required to work with regional / country HICS / Business teams / CTMs to ensure the compliance with regulatory requirements and submissions.

- This role will be involved in regulatory inspections, supervisory visits and any ICS related regulatory submissions globally

- Re-planning and prioritising as required to maximise risk reduction

- Transparent reporting to senior management to ensure the timely escalations

- Simplify the current submission processes and procedures

- Build the governance function to support the regulatory requirements

- Understand the interpret the key regulatory requirements to ensure he correct submissions



The Head of Information & Cyber Security for South Asia is responsible for



- Oversight on risk control and governance and driving improvement in the ICS control agenda. This includes oversight on development of a forward-looking end-to-end view (across business segments) on the operating environment and proactively identifying and escalating issues and sharing themes / lessons learnt.

- Providing oversight to cluster ICS initiatives.

- Providing support and guidance, often hands-on, to countries where their scale doesn&rsquot; support local subject-matter ICS expertise.



Strategy



- Ensure effective prioritisation and application of industry best practice into the ICS RTF and ICS business risk

- Identify changes to plan required in terms of additional components, reprioritisation to anticipate and respond to changes

- Learn from the recent regional and global cyber events and build into strategy to address current and emerging risks



Business



- Maintain strong stakeholder engagement with other COO ICS teams, Chief Information Security Office teams, ICS RTF Implementation Programme teams and Security Technology teams

- Establish and maintain working groups across domains to progress the framework roll out.

- Escalate appropriately to ensure Head ICS is briefed and necessary decisions are made in a timely manner



Governance



- Support the India & South Asia COO and ASA Head ICS on running periodic working groups and ensuring proper rollout of the ICS RTF

- Manage actions coming out of various risk and compliance forums / Regulatory bodies.



Risk Management



- Manage the rollout of the ICS RTF professionally and efficiently, closely tracking timeline commitments for provision of information and action plans, and for validation of actions taken

- Ensure adoption of security tooling and capability to address ICS risk tactically and strategically

- Address and adopt response and recover capabilities and assist with cyber crisis management exercises, playbooks etc.



Regulatory and Business Conduct



- Display exemplary conduct and live by the Group's Values, Valued Behaviours, and Code of Conduct

- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank.

- Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.



Key Stakeholders



- India, South Asia and Regional / Global COOs / CTMs / CEOs / Business teams / HICS

- Group CISO and COO, Trust, Data and Automation and teams below the Group CISO

- Head ICS, ASA and Head ICS, Asia

- ICS RTF Implementation Programme - Accountable Executive and teams

- Security Technology Services and teams

- Cyber Security Services

- Operational Risk

- Compliance Risk



Other Responsibilities



Keep abreast of any new developments in the ICS risk frameworks globally, participate in industry and external discussions



Our Ideal Candidate



Academic or Professional Education / Qualifications : As per Bank&rsquos; requirements and HR policy



- Solid hands on experience working across multiple security frameworks (e.g. NIST, ISO 27001, PCI-DSS) and clear understanding and exposure to Singapore regulatory requirements.

- Experience in deployment and successful roll-out of risk frameworks across businesses with global footprint

- Hands on experience in one or more key technology domains Identity and Access Management (IAM), Data Protection, Vulnerability and Compliance Management, Cloud Security, Network security, Security Incident Management etc.

- Extensive experience within information security or risk function, with assessment, treatment plan and governance, ideally gained in the financial industry

- Experience in Cyber Crisis management, Response and Recovery activities etc.

- Excellent organisation and leadership skills with ability to manage multiple deadlines and effectively prioritise

- Ability to work independently to effect change across the business lines and manage multiple deliverables simultaneously

- Ability to execute on strategy with plan to influence senior stakeholders and decision makers to adopt cyber capabilities across their business lines

- Ability to foster positive relationships with internal and external stakeholders at appropriate level ensuring open cooperative environment

- Stakeholder management, Negotiation skills, Conflict management, Decision-making and Team work

- Understanding of key regulatory guidelines

- Strong leadership and people management skills

- Possess one or more security certifications such as CISSP, CISA, CISM, CRISC, PCI-QSA, CSX etc.



Visit our careers website

Head of Information & Cyber Security, India & South Asia

Head of Information & Cyber Security, India & South Asia

Head of Information & Cyber Security, India & South Asia We're an international bank, nimble enough to act, big enough for impact. For more than 160 years, we've worked to make a positive difference for our clients, communities, and each other. We [...]
Mumbai
04 May
    Mumbai
    04 May

Information Security Associate Manager

Information Security Associate Manager

About the role Wells Fargos Information & Cyber Security (ICS) group is looking for a highly motivated leader for its Identity and Access Management (IAM) Access Operations group. The IAM operations delivery organization comprises of Provisioning an [...]
India
04 May
    India
    04 May

Specialist, Information Security

Specialist, Information Security

Risk Management Group works closely with our business partners to manage the banks risk exposure by balancing its objective to maximise returns against an acceptable risk profile. We partner with origination teams to provide financing, investments a [...]
India
05 May
    India
    05 May

Senior Information Security Engineer Cyber Resiliency

Senior Information Security Engineer Cyber Resiliency

About the Role Our Information Security team is looking for a Senior Information Security Engineer to join to join our Cyber Resiliency function. The individual in this role will participate in execute, support and lead Exercise Enablement within Cy [...]
India
14 May
    India
    14 May