Head,Cyber Partnerships & Communications at Standard Chartered Bank Kenya

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

The Role Responsibilities

The Group Chief Information Risk Security Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISRO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk. The Group CISRO’s responsibilities include ICS governance, policy, red teaming and industry partnerships. In addition, the team of Information Security Risk Officers (ISROs) reports to the CISRO and performs a pivotal role as an extension of the CISRO in supporting the ICS risk management to face off to the Client Services, Regions, and Functions. The Office of the CISRO is central to ensuring the Bank’s ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.

Thought Leadership

The Head, Cyber Partnerships & Communications is a permanent role that requires strong business acumen and knowledge in the ICS field. The successful candidate will have strong experience building and maintaining public-private partnerships with external organisations, including industry information sharing centres, law enforcement, government agencies, trade associations, academia and think tanks. In addition, the candidate will work collaboratively across the Bank and with other organisations to address the evolving business, regulatory and threat requirements associated with the development of ICS policies and standards in key markets around the globe. The role reports directly to the Global Head, Cyber Partnerships and Third Party Security Risk Oversight and will deputise for them. The role will also work closely with the Group CISO and Group CISROs themselves and other senior leadership to represent the Bank’s ICS views within various external organisations and with regulators, to ensure thought leadership is brought back into the Group’s ICS strategy and reduce overall ICS risk.  It is essential that the role holder works collaboratively with colleagues in the first line of defence, Chief Information Security Office (“CISO”) team on cyber partnerships initiatives.

Business

The primary purpose of this position is to lead the Bank’s engagements with private and public partners and ensure that the Bank’s ICS views are represented. The role will support the Global Head, Cyber Partnerships and Third Party Security Risk Oversight, Group CISRO and Group CISO directly in their roles. The successful candidate will work closely with Group CISRO, Group CISO, Regional ISROs, Corporate Regulatory Affairs, and Corporate Communications, as well as other key stakeholders to develop, represent, monitor, and coordinate the Bank’s positions on key ICS regulations, policies, and standards. In addition, the role will lead collaboration initiatives with industry and government to advance the cybersecurity posture of the Bank, and the financial sector as a whole. Given the rapidly evolving ICS regulatory, policy and standards environment, the successful candidate will have a strong acumen for working with regulators and other organisations with a deep understanding of ICS policy and an ability to articulate the Bank’s positions.

Processes

The major functional activities that the Head will lead and manage are:

• Act as a senior corporate representative on matters of ICS policy and operations with regulators, industry associations, think tanks, and other organisations, with particular focus on cybersecurity, critical infrastructure protection and financial sector security and operational resiliency.
• Serve as the lead for cyber partnerships, and strategically drive and manage the Bank’s participation in government and external ICS partnerships.  This requires excellent public speaking and presentation skills.
• Maintain effective relationships with key government officials and other external stakeholders to enhance their understanding of the Bank’s ICS priorities.
• Develop policy positions including on regulatory consultations, lead engagement activities, and manage participation in ICS-related industry organizations and public-private partnerships.
• Deliver impactful internal and external communications on behalf of Group CISRO, including on Group level ICS Committee papers.
• Work across the Bank’s functions, including Group CISO, to ensure support for various positions and to promote opportunities for the Bank by closely partnering with Risk, Compliance, Communications, and others as appropriate.
• Further develop and be responsible for the execution of the Group’s ICS partnerships strategic plan which drives the Bank’s ICS external activities and engagements.
• Contribute to and develop the Group CISRO strategy.
• Overseeing and editing Group CISRO communications and promulgating the Bank's approach through relevan thought leadership publications.

People and Talent

• Lead through example and build the appropriate culture and values with two current direct reports and 3 indirect reportees.  
• Set appropriate tone and expectations from team and work in collaboration with internal and external partners driving tangible outcomes and achieving through others.
• Ensure the provision of ongoing training and development of people, and ensure that holders of critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks.
• Employ, engage, coach and retain high quality people, with succession planning for critical roles.
• Responsibility to review team structure/capacity plans.
• Set and monitor job descriptions and objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectives.
• Uphold and reinforce the independence of the second line ICS Risk function.
• Ensure CISRO communications engage and inspire confidence from the immediate CISRO team and broader Group stakeholders.

Risk Management

• Deliver the defined aspects of the role of Head, Cyber Partnerships & Communications.
• Ensure that the role is managed in accordance with the defined CISRO views on policies and standards, and that issues are identified, escalated, and addressed as appropriate.
• Lead the team professionally and efficiently, closely tracking their deliverables and commitments.

Governance

• Work with CISRO Policy team and Regional ISROs to coordinate, integrate and represent the Bank’s views on evolving regulations, policies and standards.
• Regularly report evolving requirements and changes in the  ICS landscape to appropriate CISRO colleagues and business, regional, and/or functional units within the Bank to ensure integration into business processes and requirements.
• Ensure Group Committee papers clearly, succinctly and articulately lay out relevant ICS risks and proposed options to the Group’s senior leadership.
• Support the Head, Third Party Security Risk Oversight as required on critical Third Party issues for Group CISRO

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Lead the immediate team to achieve the outcomes set out in the Bank’s Conduct Principles: [Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment].
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
• Exercise any authorities delegated by the Board of Directors and act in accordance with Articles of Association.

Key Stakeholders

• Group CISRO
• Cyber Partnerships and Third Party Security Risk Oversight Team
• Group CISO
• Head of ISROs, Regions and Countries
• Group Regulatory Affairs
• Group Corporate Communications
• Banking and ICS Regulators
• Head of ICS Policy
• Head of ICS Assurance and Testing
• Board Secretariats
• External organisations, including banking industry associations, law enforcement, think tanks, government agencies, academia, industry information sharing groups, etc.

Other Responsibilities

• Establish strong relationships with identified stakeholders across the regions and countries and understand their strategic goals, in order to ensure ICS alignment.
• Articulate the views of the Bank on ICS regulatory and resiliency matters with a range of external stakeholders, including regulators.
• Prepare and present updates on ICS regulatory matters and partnership activities at relevant Bank risk committees, steering groups, etc.
• Build trusted working relationships with other security functional heads, risk and compliance counterparts, and region and country stakeholders.
• Perform other duties as assigned, including authoring white papers, giving presentations, and developing briefings and other materials for senior executives and policy makers.
• Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.

Our Ideal Candidate

• Proven experience in information security policy and/or partnerships role.
• Bachelor’s Degree in Information Technology, Cybersecurity, Business Management, or other related discipline.
• Graduate degree (Master’s) and/or professional certifications have an advantage (e.g., CISA, CISSP, CISM, ITIL, PMP).
• Thorough understanding of IT security business processes, risks, threats and internal controls.
• Experience working in or with the financial services industry, or an ICS policy organisation in another industry, with keen understanding of business and operational environments.
• Strong leadership, negotiation and collaboration skills, and ability to work effectively and drive rapid outcomes from teams in a complex multicultural and multi-time zone organization.
• Thorough understanding and experience with regulators, multi-stakeholder organisations, trade associations, and information sharing partnerships.
• Strong analytical and program management skills.
• Experience in leading a geographically dispersed organization.
• Strong ability to collect and analyse data and make recommendations in written and oral form.
• Strong ability to liaise with all parts of the Bank, including senior security, risk and business stakeholders.
• Excellent oral, written and communication skills, including public speaking, are critical for this position.