Risk Manager, Third Party Security Risk

Press Tab to Move to Skip to Content Link

The Third Party Security Risk (TPSR) team, as part of the Chief Information Security Office (CISO), involves evaluating the security practices and protocols of various vendors delivering service to the Bank. The primary responsibility is to conduct thorough security assessments, identify potential risks, and ensure compliance with the bank's security standards. This role is critical in safeguarding the bank's data and maintaining robust security measures across all third-party engagements.'

If you’re searching for a career with high visibility, a steeplearning curve and the opportunity to change thefuture of a global business, you’ve found it. Joinour Third Party Security Risk (TPSR) team, and you’ll be given theresources you need to protect our most valuable assets – our peopleand our products. Get ready to pioneer better, fasterand safer ways to enhance our resilience againstthreats while keeping our business moving forward.

About our Technology & Operations Team
Our Technology & Operations (T&O) team is the powerhouse for the Bank. We aim to go further, faster, to ensure we're agile and ready for tomorrow, today. Our diverse network enablesus to innovate and build banking solutions that support communities to prosper. We're a place where talented people are encouraged to grow, learn,and thrive, to drivetheir own career journeys, to reach their full potential.

When you work with us, you’re protecting thereputation and legacy of a 170-yearorganisation andbuilding on it. We’re driven by progress andcontinuously evolving to ensure we’re agile and readyfor tomorrow, today.

Strategy
• The main responsibilities will be to support the Head of Third Party Security Risk in delivering the third party security risk program within the Bank.
Business.

Business
• Effectively perform third party security reviews and ensure quality and timely execution. Portfolio includes reviewing WRB, Cloud Service Providers (CSP) and global technology third parties and performing technical deep dive assessments (where applicable) and activities related to TPSR process.
• Make timely and sound judgments, and identify clear solutions from broad, complex or ambiguous situations.
• Interact with all levels of management within the Bank while performing third party security reviews of service providers across all of the Bank’s markets.
• Effectively communicate the security risks to internal and external stakeholders.
• Effectively communicate and manage relationships with stakeholders globally.

Processes
• Diligently provide weekly and ad hoc reporting on status of reviews.
• Support any training and awareness initiatives relating to third party security risk.
• Support and assist in third party program improvement initiatives.
• Assist in the development of new/amended processes, innovative ways of working and reviewing risk and control assessments.
• Assist in the forward planning and prioritisation of vendor assessments or requests from business stakeholders, and resource allocations

People & Talent
• Manage a register of third party security risks and ensure that deficiencies are mitigated

• Support any training and awareness initiatives relating to third party security risk.

Risk Management
• Maintain a register of third party security risks and ensure that deficiencies are mitigated.
• Support the Head of TPSR to ensure compliance with relevant regulations covering third party security risk.
• Monitor and report on third party security risk compliance to stakeholders.
• Remain current on industry trends and regulatory requirements related to third party information security.

Governance
• Diligently provide weekly and ad hoc reporting on status of reviews.

Regulatory & Business Conduct
• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Exercise authorities delegated by the Board of Directors and act in accordance with Articles of Association (or equivalent)

• Bachelor degree or above from an accredited college/university in an appropriate field.
• Ideally 3 years of experience in information security / IT auditing, with Big 4 and/or Banking & Financial services experience
• Experience in third party audits is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement.
• Familiarity with working in a MNC or cross-cultural setting.
• Excellent written and interpersonal skills.
• Strong time management skills.
• Ability to draft reports that clearly communicate observations and risks would be required.
• Strong stakeholder engagement skills, and ability to interact at all levels across an organisation.
• Strong audit project organisation and management skills.
• Ability to multitask and ensure that all key priorities are delivered as per agreed timelines.
• Preferable certifications (e.g. CISSP, CCSP, CISA)
• Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and regulatory requirements will be a plus.
• Competency with Microsoft Office Suite (Word, PowerPoint, Excel, Visio, SharePoint).

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thingand are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle,continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together,we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

In line with our Fair Pay Charter,we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance,with flexible and voluntary benefits available in some locations.
• Time-offincluding annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible workingoptions based around home and office locations, with flexible working patterns.
• Proactive wellbeing supportthrough Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills,global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning cultureto support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation,one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.