Job Summary

As part of the First Line of Defense Tech Risk Team (Line 1.5). The Tech Risk Control Room will drive the day-to-day management of Technology processes and controls, ensuring a positive support to our Bank’s initiatives and growth. Specifically, the team will work with the Technology and ICS Delivery teams responsible for evaluating the effectiveness of existing IT controls and security policies, conducting risk assessments and providing assurance on the control environment. Adopting and implementing modern approaches to technology assurance, integrating cloud-native security designs, offensive security and agile development. Working closely with various stakeholders, including product owners, risk and compliance to will design and manage an effective Tech Risk Assurance in line with best of breed industry practices and innovative engineering.

• Test Planning: collaborate to design a comprehensive control testing plan Identify key controls that need regular testing. • Test Execution: Perform regular tests of security and compliance controls using a mix of automated and manual testing methods. • Evidence Collection: Gather and organize evidence of control effectiveness. Ensuring proper documentation of test results. • Gap Analysis: Identify any control weaknesses or failures assess the impact of control gaps on overall security and compliance. • Remediation Planning: Develop action plans with the stakeholders to address identified control weaknesses. Remediation efforts are prioritised based on risk and impact. • Continuous Improvement: test results are used to refine and improve controls over time/ Update control testing procedures as threats and regulations evolve. • Reporting: Prepare detailed reports on control effectiveness. Communicate test results to relevant stakeholders, including management. • Drive the design and day-to-day management of ICS and Technology processes and BAU controls. • Work closely with the digital workspace computing team to ensure all controls are in place, systems effectively onboarded and security capabilities delivering their SLAs. • Own the registry of technology and security controls and regulatory requirements, continuously collecting and mapping artefacts to ensure continuous compliance and facilitate deviation analysis. • Define clear ownership of controls and perform control execution of controls owned by the control room. • Work closely with technology and security engineering teams to automate the collection and analysis of technology and security controls data to minimise manual reviews. • Providing comprehensive reporting of compliance and escalate violations within the Tech Risk

Key Responsibilities

People & Talent*

• Must have above average understanding of cyber security principles and practices and have has existing experience in the Tech Stack. • Jr Role: Min 2 years of experience in IT auditing or information security. • Sr Role: 5-7 years of experience in Technology Risk Management • Prior work experience at a big 4 is preferred. • Good understanding of regulatory requirements such as MAS Technology Risk Management Guidelines, MAS Notice FSM -05 (644 Technology Risk Management) and Notice FSM- N06 (655 Cyber Hygiene). • MS Defender, Microsoft Purview Data Loss Prevention (DLP), AWS, Zscaler, Okta, CI/CD (Github, Harness, Terraform), Sumo, Kubernetes, Networking, • Scripting Technologies - JavaScript, Python, Jira • One or more of the following certifications will be preferred: CISA, CISSP, CISM, CRISC, GIAC, CCSLP.

Qualifications

IT auditing or information Core
MAS Advanced
MS Defender Core

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
Flexible working options based around home and office locations, with flexible working patterns.
Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.