Job Description

Job : Technology
Primary Location : Asia-India-Chennai
Schedule : Full-time
Employee Status : Permanent
Posting Date : 09/Nov/2023, 4:31:35 AM
Unposting Date : Ongoing


Role Responsibilities We are seeking an accomplished and forward-thinking professional to join our organisation as the Operational Risk Manager for Public Cloud. In this pivotal role you will drive the Responsibilities for defining and operating a control environment for people, process and technology that enables the domain to reduce operational and technology risk to a level within the Group\xe2\x80\x99s risk appetite while satisfying control objectives defined in relevant Group policies and external regulations. This role will partner closely with Enterprise Technology Domain Stakeholders, CSS, CISRO, Group Operational Risk and Group Internal Audit and will be required to manage all aspects of initiatives emanating from same for this domain. Additional responsibilities include Proactive Controls Assessment, Issue Management, Audit and Regulatory Inspection Facilitation and other related tasks. The exceptional candidate will also endeavour to understand the larger business context within with T&I operates and advocate for technical solutions that help the business meet its strategic objectives. RESPONSIBILITIES This role is responsible for identifying, assessing, managing and governing risk through the application of the Bank\xe2\x80\x99s Enterprise Risk Management Framework and specifically the underpinning Operational Risk Type Framework and with consideration given to industry standards and best practices.

• This role is key and responsible for continuing improvements in the Domain(s)\xe2\x80\x99s approach to risk identification and mitigation, control management and audit engagement within the framework set out by the relevant authorities.
• This operations role ensures a constant state of preparation, readiness and continuous improvement across process, risk management and reduction, audit success, documentation, MIS systems and reporting.
• Maintain & Implement Risk and Control Process for 1st line of defence as per bank\xe2\x80\x99s ERMF.
• Identify risk profile / R&R for all parties involved, Cloud Platform support Mgr, Platform engineer , Domain heads etc.
• Document & Maintain (review periodically for applicability, improvement and efficiency) the Risk Management process on Domain Risk Meetings, MOM Templates, Audit Engagements, Risk Approvals, Risk Extensions, Risk Assessments and Risk reviews done by UORM.
• Maintain central data repository for Risk & Control.
• This includes Risk Profile, Risk Analysis (Operational M7 & CRISP Security risks), Stakeholder engagement Matrix, CSAR Status, list of GIA Audits and status, Open and Overdue Audit status etc.
• Ensure Awareness of Rules of Engagement w.r.t Risk Management to all domain stakeholders either directly or through UORMs and Leadership to ensure consistency across domains.
• Advise and assist the Cloud & DevOps Portfolio Head(s) in driving and directing effective compliance with the prescribed Enterprise risk management framework
• Implement effective and efficient controls to minimise / mitigate operational impact
• Ensure proper management of risk and timely resolution of issues
• Promote understanding, practice and culture of Enterprise Operational Risk within the Domain(s).

Strategy

• Good understanding of Group TTO strategy and its implications managing strategic programs with respect to technology risk management role. Support the Risk Management leadership team in shaping, defining, and driving longer term TTO risk management conformance testing strategy

Business

• This role reports to the relevant Unit Operational Risk Manager, ET Risk & Controls, Technology Governance. Primary role is focused on executing the domain strategy as well as supporting the larger environment agenda of TTO.

Processes

• Responsible for ensuring compliance with policies applicable to which impact technology risk. Challenge processes, procedures, and policy if there is opportunity for improvement.
• Perform risk assessments on processes and procedures to identify opportunities for control enhancement.
• Support the continuous improvement of domain service execution process & procedures.

People & Talent

• Champion and act as a role model of the Group\xe2\x80\x99s values and culture.

Risk Management

• Awareness of relevant risk policies/standards, Group Risk Assessment Methodology (GRAM), risk framework owner role, and first line technology risk management role.
• Responsible for executing risk management responsibilities of the first line of defence as defined within the Technology Risk Policy and Standard, and Group Technology Policy.
• Working closely with Risk Owner and Process Owner, Contribute to the team to ensure that all activities are in line with and support of the Operational principal risk type under the Bank\xe2\x80\x99s ERMF
• Drive the adoption of risk management framework through manging domain risks, Control Self-Assessment review and / or thematic review

Governance

• Provide regular status updates including tracking & managing domain risks
• Produce trend analysis of common control failures and thematic issues to enable a holistic view of risk management and control assurance

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group\xe2\x80\x99s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
• Support the Global Head, TTO Risk Management to achieve the outcomes set out in the Bank\xe2\x80\x99s Conduct Principles.

Key stakeholders

• Enterprise Technology
• Technology Strategy and Architecture
• TTO MT
• TTO Non-Financial Risk Committee
• TTO Risk Management MT
• Regional CTTO and Country CTMs
• Risk Framework Owners
• Functional Partners including Risk, HR, Finance, Audit, other TTO UORMs and ORMs etc.

Other Responsibilities

• Support ad-hoc tactical and strategic risk initiatives to meet business and operational demands through thoughtful leadership or partnership.

QUALIFICATIONS* TRAINING, LICENSES, MEMBERSHIPS AND CERTIFICATIONS The successful candidate should have 10-15 years of experience in Technology Risk Management, Information Security, Technology Governance, Internal Audit (Technology) or other related roles. The preferred candidate will have experience in Financial Services or other heavily regulated industries (e.g. Pharmaceuticals, Healthcare, etc.). Clear, concise and articulate communication of complex and conceptual topics is required for success. In addition, the following qualifications are preferred:

• Relevant industry certifications (e.g. CIA, CRISC, CISA, ITIL, CISSP, GRCP / CRCM)
• Cloud CSP training such as AWS Foundation and/or MS Azure Fundamentals
• Experience with Technology Implementation or Operation
• Hands on experience with Control Design and Implementation
• Understanding of the Audit Lifecycle
• Knowledge of relevant Technology and Business Regulations; ideal candidate has direct experience of interface with Regulators (principally PRA, MAS and HKMA).
• Knowledge of and/or hands-on experience of Technology Architecture
• Comfortable with ambiguity and able to make decisions in spite of this
• Process Design and Analysis
• Documentation and Textual Analysis
• Data Analytics
• Experience negotiating with and influencing technical and/or senior stakeholders
• Knowledge of Cloud and DevOps
• Excellent understanding of Operational Risk Management for a technology stream
• Strong performer, with efficiency and delivery outcomes
• Makes a strategic difference
• Fluent English communication & writing skills
• Assertive & good problem-solving skills with common sense

Our Ideal Candidate

• Technology Risk Management
• Control testing and business process modelling
• Manage Compliance
• Data analytics
• Knowledge of relevant industry standards (e.g. NIST, COBIT, ISO/IEC, CCS CSC, etc.) Core
• Business Process Improvement

About Standard Chartered We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you\'ll see how we value difference and advocate inclusion. Together we: Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum Flexible working options based around home and office locations, with flexible working patterns Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential. Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

Visit our careers website www.sc.com/careers