Information Security Manager - Third Party Security Risk

Key Responsibilities

Risk Management

• Maintain a register of third party security risks and ensure that deficiencies are mitigated.

• Support the Head of TPSR to ensure compliance with relevant regulations covering third party security risk.

• Monitor and report on third party security risk compliance to stakeholders.

• Remain current on industry trends and regulatory requirements related to third party information security

Key Roles & Responsibilities:

• Manage a register of third party security risks and ensure that deficiencies are mitigated.

• Support any training and awareness initiatives relating to third party security risk.

Governance

• Diligently provide weekly and ad hoc reporting on status of reviews.

Regulatory & Business conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.

• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.

• Follow the Leadership of Head of TPSR to achieve the outcomes set out in the Bank’s Conduct Principles: Fair Outcomes for Clients; Effective Operation of Financial Markets, Financial Crime Prevention; Creating the Right Environment.

• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders

• Supply Chain Management

• Business Functions

Other Responsibilities

• Embed “Here for Good” and Group’s brand and values in the TPSR Team

• Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures.

Skills and Experience

• Information System / Technology

• ICS Audit / Risk / Assurance

Qualifications

• Bachelor degree or above from an accredited college/university in an appropriate field.

• Strong communication skills in English

• Ideally 3 years of experience in information security / IT auditing, with Big 4 and/or Banking & Financial services experience

• Experience in third party audits is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement.

• Familiarity with working in a MNC or cross-cultural setting.

• Excellent written and interpersonal skills.

• Strong time management skills.

• Ability to draft reports that clearly communicate observations and risks would be required.

• Strong stakeholder engagement skills, and ability to interact at all levels across an organisation.

• Strong audit project organisation and management skills.

• Ability to multitask and ensure that all key priorities are delivered as per agreed timelines.

• Preferable certifications (e.g. CISSP, CCSP, CISA)

• Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and regulatory requirements will be a plus.

• Competency with Microsoft Office Suite (Word, PowerPoint, Excel, Visio, SharePoint).

Industries:Banking, Insurance, Investment Banking