Risk Manager - Public Cloud(Malaysia, India)

• This role could be based in India and Malaysia. When you start the application process you will be presented with a drop down menu showing all countries, Please ensure that you select a country where the role is based.

• We are seeking an accomplished and forward-thinking professional to join our organisation as the Operational Risk Manager for Public Cloud. In this pivotal role you will drive the Responsibilities for defining and operating a control environment for people, process and technology that enables the domain to reduce operational and technology risk to a level within the Group’s risk appetite while satisfying control objectives defined in relevant Group policies and external regulations. This role will partner closely with Enterprise Technology Domain Stakeholders, CSS, CISRO, Group Operational Risk and Group Internal Audit and will be required to manage all aspects of initiatives emanating from same for this domain. Additional responsibilities include Proactive Controls Assessment, Issue Management, Audit and Regulatory Inspection Facilitation and other related tasks.
• The exceptional candidate will also endeavour to understand the larger business context within with T&I operates and advocate for technical solutions that help the business meet its strategic objectives.

RESPONSIBILITIES

This role is responsible for identifying, assessing, managing and governing risk through the application of the Bank’s Enterprise Risk Management Framework and specifically the underpinning Operational Risk Type Framework and with consideration given to industry standards and best practices.

• This role is key and responsible for continuing improvements in the Domain(s)’s approach to risk identification and mitigation, control management and audit engagement within the framework set out by the relevant authorities.
• This operations role ensures a constant state of preparation, readiness and continuous improvement across process, risk management and reduction, audit success, documentation, MIS systems and reporting.
  • Maintain & Implement Risk and Control Process for 1st line of defence as per bank’s ERMF.
    Identify risk profile / R&R for all parties involved, Cloud Platform support Mgr, Platform engineer , Domain heads etc.
  • Document & Maintain (review periodically for applicability, improvement and efficiency) the Risk Management process on Domain Risk Meetings, MOM Templates, Audit Engagements, Risk Approvals, Risk Extensions, Risk Assessments and Risk reviews done by UORM.
• Maintain central data repository for Risk & Control.
  • This includes Risk Profile, Risk Analysis (Operational M7 & CRISP Security risks), Stakeholder engagement Matrix, CSAR Status, list of GIA Audits and status, Open and Overdue Audit status etc.
  • Ensure Awareness of Rules of Engagement w.r.t Risk Management to all domain stakeholders either directly or through UORMs and Leadership to ensure consistency across domains.
• Advise and assist the Cloud & DevOps Portfolio Head(s) in driving and directing effective compliance with the prescribed Enterprise risk management framework
• Implement effective and efficient controls to minimise / mitigate operational impact
• Ensure proper management of risk and timely resolution of issues
• Promote understanding, practice and culture of Enterprise Operational Risk within the Domain(s).

Strategy

Good understanding of Group T&O strategy and its implications managing strategic programs with respect to technology risk management role. Support the Risk Management leadership team in shaping, defining, and driving longer term T&O risk management conformance testing strategy

Business

This role reports to the relevant Unit Operational Risk Manager, ET Risk & Controls, Technology Governance. Primary role is focused on executing the domain strategy as well as supporting the larger environment agenda of T&O.

Risk Management

• Awareness of relevant risk policies/standards, Group Risk Assessment Methodology (GRAM), risk framework owner role, and first line technology risk management role.
• Responsible for executing risk management responsibilities of the first line of defence as defined within the Technology Risk Policy and Standard, and Group Technology Policy.
• Working closely with Risk Owner and Process Owner, Contribute to the team to ensure that all activities are in line with and support of the Operational principal risk type under the Bank’s ERMF
• Drive the adoption of risk management framework through manging domain risks, Control Self-Assessment review and / or thematic review

Governance

• Provide regular status updates including tracking & managing domain risks
• Produce trend analysis of common control failures and thematic issues to enable a holistic view of risk management and control assurance

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
• Support the Global Head, T&O Risk Management to achieve the outcomes set out in the Bank’s Conduct Principles.

Key stakeholders

• Enterprise Technology
• Technology Strategy and Architecture
• T&O MT
• T&O Non-Financial Risk Committee
• T&O Risk Management MT
• Regional CT&O and Country CTMs
• Risk Framework Owners
• Functional Partners including Risk, HR, Finance, Audit, other T&O UORMs and ORMs etc

Processes

Responsible for ensuring compliance with policies applicable to which impact technology risk. Challenge processes, procedures, and policy if there is opportunity for improvement.
Perform risk assessments on processes and procedures to identify opportunities for control enhancement.
Support the continuous improvement of domain service execution process & procedures.

People & Talent

Champion and act as a role model of the Group’s values and culture.

Other Responsibilities
Support ad-hoc tactical and strategic risk initiatives to meet business and operational demands through thoughtful leadership or partnership.

• Technology Risk Management
• Control testing and business process modelling
• Manage Compliance
• Data analytics
• Knowledge of relevant industry standards (e.g. NIST, COBIT, ISO/IEC, CCS CSC, etc.)
• Business Process Improvement

The successful candidate should have 10-15 years of experience in Technology Risk Management, Information Security, Technology Governance, Internal Audit (Technology) or other related roles. The preferred candidate will have experience in Financial Services or other heavily regulated industries (e.g. Pharmaceuticals, Healthcare, etc.). Clear, concise and articulate communication of complex and conceptual topics is required for success.

In addition, the following qualifications are preferred:

1. Relevant industry certifications (e.g. CIA, CRISC, CISA, ITIL, CISSP, GRCP / CRCM)
2. Cloud CSP training such as AWS Foundation and/or MS Azure Fundamentals
3. Experience with Technology Implementation or Operation
4. Hands on experience with Control Design and Implementation
5. Understanding of the Audit Lifecycle
6. Knowledge of relevant Technology and Business Regulations; ideal candidate has direct experience of interface with Regulators (principally PRA, MAS and HKMA).
7. Knowledge of and/or hands-on experience of Technology Architecture
8. Comfortable with ambiguity and able to make decisions
9. Process Design and Analysis
10. Documentation and Textual Analysis
11. Data Analytics
12. Experience negotiating with and influencing technical and/or senior stakeholders
13. Knowledge of Cloud and DevOps
14. Excellent understanding of Operational Risk Management for a technology stream
15. Strong performer, with efficiency and delivery outcomes
16. Makes a strategic difference
17. Fluent English communication & writing skills
18. Assertive & good problem-solving skills with common sense

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thingand are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle,continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together,we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

In line with our Fair Pay Charter,we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance,with flexible and voluntary benefits available in some locations.
• Time-offincluding annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible workingoptions based around home and office locations, with flexible working patterns.
• Proactive wellbeing supportthrough Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills,global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning cultureto support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation,one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.