Job title: Global Head, ICS Policy
Company: Standard Chartered
Job description: The Group Chief Information Security Risk Officer (CISRO) organization plays a critical role in the protection and resilience of Standard Chartered PLC’s data and IT systems by managing information and cybersecurity (ICS) risks across the enterprise. .
As a critical function reporting to the GCRO, the CISRO function serves as the second line of defense to ensure that ICS controls are implemented effectively and in accordance with the ICS risk management framework and to instill a culture of cybersecurity throughout the organization. Group.
CISRO is responsible for governance, policy, risk assessments, the red team, industry partnerships and regulatory engagement of the ICS. In addition, the Information Security Risk Officer (ISRO) team reports to CISRO and plays a central role as an extension of CISRO by supporting the ICS risk management strategy, governance, advisory and assurance roles facing businesses, regions, and global functions.
The CISRO is essential to ensure the Group’s ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as to maintain an acceptable ICS risk profile which is regularly communicated to the Board.
We are looking for an experienced Cyber and Information Policy Officer (ICS). This is a strategic role and the successful candidate will:
- Strong business acumen
- Detailed knowledge of information security policies and procedures
- In-depth understanding of the challenges of implementing policies and
- An ability to respond in an agile and collaborative manner to current commercial and regulatory requirements.
This role leads a team responsible for creating new control documents, reviewing existing control documents and ensuring that a methodology is in place to identify and classify all assets within the Group, all being published through the Enterprise Risk Management Framework (ERMF).
The role is also responsible for holding and maintaining registers of regulatory obligations and ensuring that all obligations related to the ICS are integrated into the group’s ICS policy.
The position reports directly to the Global Head of ICS Governance, Policy and Risk.
- Develop, drive and maintain key policy projects and programs, including Group-wide SCI policy and standards, in line with the latest cyber risks and threats.
- Serve as an expert advisor to SCB senior management in the development, prioritization, implementation and maintenance of ICS policy and standards.
- Act as an ombudsperson for disputes, exception requests and complaints regarding ICS group-wide security policy, practices and related issues.
- Ensure that the group-wide ICS policy and standards are published and communicated throughout the organization.
- Act as a trusted strategic partner and business facilitator for all ICS policy matters
- Coordinate the integration of the policy into technology, companies and group functions with periodic engagement and assess understanding and compliance with information security policies within the organization at large.
- Manage the Policy Life Cycle service line
- Manage the Enterprise Risk Management service line
- Improve and maintain the quality and clarity of all policy documentation to ensure it is fit for purpose and understood by all business and technology audiences
- Manage the entire end-to-end lifecycle of policy / procedures / standards documents, from creation to approvals to maintenance / retrieval of policy documents on the information security framework
People and talents
- Lead by example and build the right culture and values to ensure your team functions as a client-centric risk partner. Set the appropriate tone and expectations for the team and work collaboratively with risk and control partners.
- Make sure teams are motivated, engaged and productive, with stress levels managed.
- Employ, hire and retain talent so that the team is competent, diverse and experienced to fulfill its obligations.
- Ensure the provision of continuous training and development, ensure that direct reports and wider CISRO teams are appropriately qualified and qualified for their roles, and that they have effective supervision to mitigate risk .
- Define and monitor job descriptions and direct reporting goals and provide feedback and rewards based on their performance against those responsibilities and goals.
- Create a motivating and stimulating environment for staff, conducive to creativity and performance with a customer-centric mindset.
- Provide oversight to GBS staff who provide services to the operational risk function.
- Work closely with the CISO training and outreach team to ensure that policies and procedures are clearly understood and communicated in a simple and consistent manner, and that they are easily tracked and aligned with all communication initiatives
- Redouble efforts to resolve ambiguity by publishing policy-related communications through a formal communications strategy.
- Develop and maintain the existing content of the Control Framework Library (CFL) to improve the user experience across the Group.
- Lead policy specific projects such as key regulatory oversight, industry benchmarking, cross-cutting controls, etc. to improve program quality and align with industry best practices
Regulation and conduct of business
- Display exemplary conduct and live according to the Group’s Values and Code of Conduct.
- Take personal responsibility for embedding the highest ethical standards, including regulation and business conduct, throughout Standard Chartered Bank. This includes understanding and complying, in letter and spirit, with all applicable laws, regulations, guidelines and the Group’s Code of Conduct.
- Identify, escalate, mitigate and resolve risk, conduct and compliance issues in an efficient and collaborative manner.
- Carry out other responsibilities assigned by group, country, company or function policies and procedures
- Extensive experience in increasingly senior roles in ICS risk, policy, operations and / or strategy management
- Bachelor’s degree or equivalent in business, computer systems and / or professional certification in information security
- Certifications in various ICS fields a plus (CISA / CISSP / CISM / CRISC)
- Membership of ICS professional organizations is a plus
- In-depth expertise in information security policy / procedures / standards development and documentation / business alignment / policy communication
- Information security policy management expert
Location: Mumbai, Maharashtra
Job date: Mon, 04 Oct 2021 07:57:56 GMT
Apply for the job now!