VP, ICS Group Functions Governance and Risk

Strategy

• Lead the central governance processes for ICS Group Functions team, this will cover the following domains
  • Policy and Governance
  • Controls monitoring and effectiveness
  • Group Function Management Reporting
• The central governance role will be key to supporting the Information and Cyber Security (“ICS”) Risk Type Framework (“RTF”) implementation in the Functions team
• Monitoring and reporting the remediation and risk buy down of the Group Functions Treatment Plans and reporting at risk deliverables
• Interface with respective ICS MT, Group Business, Function and / or Country teams
• Group Functions primary SPOC for ICS Policy changes and associate impact assessment
• For select Group wide initiatives, support the Head of Functions HICS to support the ICS TRP change agenda
• Understand specific Functional requirements including regulatory and policy driven requirements to result in compliance. Lead and report to the management of these requirements to ensure we remain within risk appetite.
• Arrange and support the Head of Functions HICS in the running of the Functions respective ICS Working Groups. Support Heads of respective Functions to manage ICS risk including preparing the Non-Financial Risk Committees papers for the departments.

Business

• Agree and drive the implementation of the ICS agenda for respective Functions by working with the respective Business/Function Heads, Region / Country Management Team, COO/CIO teams, ISOs, the ICS TRP and senior IT leadership.
• Lead ICS risk remediation initiatives and activities that potentially include incident responses, crisis exercises, risk assessments, stress testing, regulator engagement.
• Support the implementation of the ICS Risk Type Framework (“RTF”) in respective Functions
• Develop and implement enterprise solutions to drive efficiency and consistency across GF HICS

Processes

This is a First line of defence role that will lead to the centralisation and consolidation of common governance processes across. The centralisation of the processes includes

• Support the implementation of the ICS TRP Programme
• Dispensations
  • Lead GF input into dispensation process reviews
  • GF ICS Dispensation reviews to pre-screen requests prior to approval requests
• ICS Metrics review and analysis for GF TSRA
• Represent GF at the ICS Policy Change Forum
• Participation in ICS Education and Awareness sessions to drive ICS cultural behaviour change

People and Talent

• Drive change in ICS Governance culture across ICS GF by leading by helping shape and drive the future model through leveraging and build the appropriate culture and values. Run knowledge transfer sessions for the team to raise awareness and help drive consistency of control application.

Risk Management

Support and lead a number of Risk Management initiatives including the :-

• Support the implementation of TSRA across GF and TDR through the centralisation of business and service control metric analysis. Drive central metric reviews across GF / TDR to support the bi-monthly TSRA and KCD risk profiles. Investigate out of tolerance KCI’s and help shape actions and treatment plans to remediate and drive risk buy down.
• Implement dispensation triage review process, ensure requestors meet minimum standards of content and document. Guide requestors to help meet compliance.
• Lead risk buy down initiatives to increase levels of compliance and risk awareness.

Governance

Establish centralised governance process for ICS GF, include and consider ICS, Data Governance and Privacy considerations including

• Creation of monthly Group Functions ICS Report and chair monthly committee to review and drive associated actions
• Represent GF at the ICS Policy Forum / Working groups
• Perform / review / support impact analysis on proposed changes
• Support the relevant Functions HICS in the relevant Functions Risk Committees, ICS working groups, Programme Steer Cos etc. to provide updates and influence positive outcomes for the Business/Function/Region/Country.
• Validate the accuracy and consistency of KRIs, KCIs and other risk ratings/assessments, as well as process designs using available MI.
• Support the Third-Party Security Assessment team during 3rd party reviews.
• Help design and embed ICS RTF controls in ORF across within the respective Functions Support regulatory engagements.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders

Primary Stakeholders include

• The Global Head of ICS Operations (David Mclinton)
• Head of ICS Group Functions (Matthew Steel).

Secondary stakeholders include

• The HICS of CFCC & Risk and the Risk Managers supporting GIA, TDR, GCFO, Legal and HR

• ICS qualifications desired – CISA, CISM, CISSP
• Data Governance or Privacy related qualification