Director, OTCR, ICS & Tech Risk Assurance

This role could be based in Poland and Malaysia. When you start the application process you will be presented with a drop down menu showing all countries, Please ensure that you select a country where the role is based.

The Operational, Technology and Cyber Risk (OTCR) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s operations, data, and IT systems by managing operational, technology and cyber risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Group OTCR team serves as the second line of defence for assuring that controls are implemented effectively, in accordance with the OTCR Framework, and for instilling a risk culture within the Bank.

TheDirector, CSC and Tech Risk Assuranceis a permanent role that requires strong business acumen and a detailed knowledge of risk assessment, audit execution and control testing. The successful candidate will have key skills in critical thinking, problem solving, industry specific technical and regulatory knowledge, and stakeholder management, and be able to respond in a flexible and collaborative manner to evolving business, regulatory and threat demands. The role reports directly to the Head of Assurance, CSC and Tech Risk. The Director will work closely with key stakeholders to address Operational, Technology, Cyber risks as an identified “top risk” for the Bank and align these to the Bank’s overall CSC Risk Type Framework and Enterprise Risk Management Framework (ERMF).

This is a senior level role, and the individual will be required to engage with senior stakeholders across the business, technology, governance, CISO and other risk functions to act as an independent trusted advisor, providing key insights from testing to enable effective risk decisions making.

The successful candidate will be able to develop together with the Head of Assurance a high performing team to identify and focus reviews on the areas of highest Technology and Cyber Risk risks, providing insights which enable uplift of the OTCR risk posture. It is critical therefore, to have senior stakeholder engagement, liaison, and negotiation experience, along with strong communication skills, and an ability to create a compelling, yet simplistic vision, for others to follow.

• Support the Head of Assurance to define, develop and operationalise the OTCR CSC & Tech Risk Assurance team to align with the risk management strategy and wider enterprise risk management strategy for the Bank Enterprise Risk Management Framework (“ERMF”).
• Support the Head of Assurance to define and develop structured Assurance capabilities and to lead/ execute risk-based independent reviews of control efficacy by assessing the design and operating effectiveness of key controls.
• Provide the management and validation of findings identified in Assurance CSC & Tech risk reviews.
• Work with the wider OTCR Assurance & Testing team to manage and maintain a risk-based plan to focus testing on areas of highest risk.
• Communicate complex risks, issues and testing insights precisely and effectively to management and regulators as required.
• Drive and support internal growth initiatives to upskill staff competencies, optimise resources/capacity, enhance digital agility and identification of risk hotspots for assurance work.
• Drive, collaborate and support cross-functional initiatives to drive greater efficiency and effectiveness.
• Building and promote good external partnerships with stakeholders to collaborate effectively.
• Responsible and accountable for performing reviews and issue validations in line with the 2LA methodology and ensure that the CSC and Tech Risk assurance deliverables meets the quality standards set out in the methodology.
• Ensure timely deliverables, invocation of escalation and clearance of report in alignment with our OTCR Assurance operating model.

• At least 10+ years’ experience in cyber security testing/assessment, penetration testing, cyber security operations, cyber security audit or information security governance.
• Thorough understanding of IT security business processes, risks, threats and internal controls.
• Experience working in or with the financial services industry with keen understanding of business and operational environment.
• Strong knowledge of the cyber security threat landscape, businesses, markets and risk framework.
• Good understanding of global legal, regulatory and industry regulations, frameworks and standards and the ability to adapt to the changes accordingly.
• Able to communicate complex CSC risks/issues precisely and effectively.
• Able to construct recommendations in a factual and persuasive manner. Excellent communication skills in both written and oral form.
• Ability to empathise and collaborate with stakeholders across functions and at all levels of experience.
• Ability to look beyond individual issues to identify broader themes with wider‑reach impact.
• Ability to both assess strategic priorities and to focus on detailed aspects of a function to drive effective delivery.
• A big‑picture thinker who is detail‑oriented.
• Experienced in team management & engagement and able to lead, guide, motivate team to meet goals and objectives.
• Ability to perform testing by using data analytics.

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first‑aiders and all sorts of self‑help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.