Posted on :
20 Dec, 2018
20 Dec, 2018
The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, red teaming, third party security risk, industry partnerships, and regulatory engagement. In addition, a team of Information Security Officers (ISO) reports to the CISO and performs a pivotal role as an extension of the CISO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions. The Office of the CISO is central to ensuring the Bank’s ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.
Job Title: Country Information Security Officer
The Country Information Security Officer (ISO), Ghana is a permanent role that requires strong business acumen and deep knowledge and experience in the ICS field. The successful candidate will have a strong understanding of operating in a second line capacity within an ICS or risk management organisation, and can respond flexibly to evolving business, regulatory and threat requirements. The role reports directly to the Regional Information Security Officer, Africa and Middle East. The Country ISO, Ghana will work closely with the CISO and others to address ICS as a principal risk type for the Bank and support its integration into the Bank’s overall Enterprise Risk Management strategy. The role will provide oversight and challenge of ICS risk management and control effectiveness as a risk partner to leadership as defined in the Bank’s ICS Risk Type Framework and under delegation from the Group CISO.
The primary purpose of this position to ensure that the management of ICS risk is operating effectively and efficiently and to provide assurance that ICS risk is appropriately managed within the country. The role will support the CISO in their role as the Bank’s executive accountable for ICS risk. The successful candidate will work closely with the Regional Information Security Officer, Africa and Middle East, the Security Technology Services team, and Country CRO, CIO, and Compliance Officers, as well as other key stakeholders to drive requirements and help set priorities for ICS strategy and investment based on acceptable risk tolerance and taking into account the evolving threat and regulatory landscape, policies and standards, and technology infrastructure. In addition, given the rapidly evolving ICS regulatory environment, successful candidate will have a strong acumen for working with regulators and understanding ICS policy with an ability to articulate new requirements into ICS risk management assessments and processes.
The major functional activities that the role will lead and manage are:
• Delegation of Authority from the CISO for ICS risk management engagement within Standard Chartered Bank Ghana
• Overseeing and challenging 1st line ICS risk proposals and risk-taking activities;
• Overseeing and challenging 1st line activities if they are not in line with existing or adjusted Risk Appetite;
• Monitoring of ICS risks and associated remediation plans across Ghana using the Information and Cyber Security Risk Type Framework (ICS-RTF);
• Overseeing and Challenging the 1st line implementation of ICS controls to comply with applicable laws and regulations as defined in ICS Policy and escalate significant regulatory non-compliance matters and developments to the Group CISO and the defined ICS-RTF process.
• Promoting a healthy ICS risk culture and good conduct within Standard Chartered Bank Ghana
• Executing all responsibilities as assigned for the 2nd line Country ISO as documented in the ICS – RTF roles and responsibilities
People and Talent
• Lead through example and build the appropriate culture and values.
• Set appropriate tone and expectations from team and work in collaboration with risk and control partners.
• Ensure the provision of ongoing training and development of people, and ensure that holders of all critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks.
• Employ, engage and retain high quality people, with succession planning for critical roles.
• Responsibility to review team structure/capacity plans.
• Manage team of region and country ISOs that is aligned and scaled to the ICS risk control needs of Standard Chartered Bank Ghana
• Set and monitor job descriptions and objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectives.
• Uphold and reinforce the independence of the second line ICS Risk function.
• Deliver the defined aspects of the Country ISO, Ghana role to support the Group’s ICS risk management approach and objectives.
• Ensure that the Country ISO, Ghana role is managed in accordance with the defined CISO Governance Risk Type Framework and associated Policy and Standards; and that issues are identified, escalated, and addressed as appropriate.
• Establish strong ties into the relevant regional and country leadership, governance, risk and control committees to ensure adequate monitoring, tracking and governance of ICS risk.
• Drive integration of ICS Risk Type Framework into all businesses and functions in the country and utilise for the ongoing governance of region and country risk.
Regulatory & Business Conduct
• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
• CRO, Ghana
• CIO, Ghana
• Compliance Officer, Ghana
• CEO, Ghana
• Banking Regulators
• Global Head, Security Technology Services
• Head of ICS Governance
• Head of ICS Policy
• Group Internal Audit
• Head of ICS Assurance and Testing
• Head of ICS Training, Awareness & Exercises
• Head of ISO Regions
• Group CISO
• Establish strong relationships with identified stakeholders across the business and functions in country, and understand their strategic goals, in order to ensure ICS alignment.
• Articulate the value of ICS controls and their bottom line impact to the region and country security and resiliency.
• Prepare, present and challenge in a 2nd line capacity at relevant risk committees, steering groups and cross-business opportunities.
• Perform Delegation of Authority (DoA) responsibilities for CISO as defined for the region and countries.
• Measure efficient and effective management of ICS risk for the country
• Utilise appropriate risk management tool(s) to manage, track and monitor ICS risks in Ghana
• Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.
• Do the right thing: Be brave, be the change; Think client; Live with integrity
• Never Settle: Continuously improve and innovate; Simplify; Learn from your successes and failures
• Better together: See more in others; How can I help?; Build for the long term
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It’s about showing how you embody our valued behaviours – do the right thing, better together and never settle – as well as our brand promise, Here for good.
We’re committed to promoting equality in the workplace and creating an inclusive and flexible culture – one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.