Associate Director, CS Risk & Control, CAT

Press Tab to Move to Skip to Content Link

The TTO ICS Risk and Governance team is established to ensure best-in-class risk and control execution from both a 'Vertical' and 'Horizontal' perspective. Central Risk & Governance is a horizontal function within the TTO ICS team, aiming to apply Principal Risk Type Frameworks effectively across TTO ICS, providing relevant information to Risk Management and Oversight Forums, and overseeing the timely identification and resolution of emerging risks, issues, and findings. Additionally, it seeks to enhance the effectiveness and efficiency of risk and control management across all ICS domains.

The Associate Director, Risk and Control, role is created within the ICS Protect Service Risk and Control team to focus on continuous improvement of the Cyber Assessment and Testing (CAT) control environment through proactive risk assessments and structured risk & control management. This role reports to the Director for CAT Risk & Control.

• Oversee all risk and control activities related to processes within the CAT function.
• Conduct risk-focused, timely, and repeatable deep dive reviews following TTO Control methodology.
• Design and maintain internal processes for dynamic risk and control monitoring in CAT.
• Manage all ORTF-based CAT controls, CSTs, KCIs, and KRIs.
• Provide accurate risk & control MI to relevant risk forums.
• Ensure compliance with the Bank’s risk framework and policies (e.g., ERMF, ORTF, ICS RTF).
• Support the design, development, and implementation of processes and controls to mitigate ICS risks.
• Assist the CAT Function in early risk detection and issue resolution.
• Support stakeholders in defining remediation actions for control weaknesses and issues.
• Act as key confidant to CAT ‘Process Owners’ for control development, prioritization, and implementation.
• Maintain accurate risk and control data in M7 and other repositories.
• Track, challenge, and escalate issue remediation delays.
• Validate that remediation activities effectively address risks.

Risk Management
• Conduct risk assessments and liaise with stakeholders to prepare residual risk papers with treatment plans.
• Support interactions with Group Internal Audit and regulatory inspections.
• Adopt an anticipatory approach to risk assessment through stakeholder engagement and environmental monitoring.
• Collaborate with control assurance teams to improve efficiency and reduce duplication.
• Support process owners in risk identification, management, and control effectiveness monitoring.
• Implement and monitor the effectiveness of control self-assessments and testing.
• Perform deep dive reviews and meaningful control testing.
• Provide challenge and escalation to senior management to ensure risk mitigation.
• Drive continuous improvement in the ICS RTF control environment.
• Offer technical guidance to team members to produce high-quality outputs addressing risks.

Governance
• Provide timely and accurate reporting to committees.
• Oversee high-impact risk and issue resolution.
• Track and report risk assessments and their outcomes for oversight.
• Identify emerging risks within CAT and ensure proper governance.
• Support enhancement of risk profile reporting and issue management tools.

Regulatory & Business Conduct
• Demonstrate exemplary conduct aligned with Group Values and Code of Conduct.
• Ensure compliance with applicable laws, regulations, and policies.
• Promote proactive risk, conduct, and compliance management.

• Bachelor’s or Honours Degree in IT, Cyber Security, or related fields, or 10+ years in cyber/IT security, technology audit, or risk management.
• Certifications such as CISA, CISM, CISSP, CCSK, CCSP, or equivalent.
  English language proficiency required.

We are an international bank committed to making a positive impact for our clients and communities. For over 170 years, we have challenged the status quo, embraced diversity, and strived for continuous improvement. Join us if you seek a purposeful career in a values-driven organization that celebrates inclusion and diversity.

Our core behaviors include doing the right thing, never settling, and working better together, fostering an environment of integrity, innovation, and collaboration.

In line with our Fair Pay Charter, we provide a competitive salary and benefits supporting your well-being, including:

• Retirement, medical, and life insurance benefits.
• Generous leave policies, including parental, sabbatical, and volunteering leave.
• Flexible working arrangements.
• Wellbeing support via platforms and programs.
• Opportunities for continuous learning and development.
• An inclusive culture that values diversity and respects individual talents.