Jobs at Standard Chartered Bank Kenya

The Role Responsibilities

The Group Chief Information Security Risk Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISRO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISRO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, red teaming, third party security risk, industry partnerships, and regulatory engagement. In addition, a team of Information Security Risk Officers (ISRO) and Information Security Risk Managers (ISRM) reports to the CISRO and perform a pivotal role as an extension of the CISRO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Businesses, Regions, and Functions. The Office of the CISRO is central to ensuring the Bank’s ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.

Strategy

The Information Security Risk Manager (ISRM) is a permanent role that requires knowledge and experience in the field of ICS risk governance. The successful candidate will have practical working experience in a second- or third-line capacity within ICS, and can respond flexibly and collaboratively to evolving business, regulatory and threat requirements. The role reports directly to the Head of ISRO for Africa and is based in Kenya. The incumbent will directly support ISRO team members and other CISRO functions to address ICS as a principal risk type for the Bank, to include the rollout of the ICS RTF in Africa. The role will provide oversight and challenge of ICS risk management and control effectiveness as a risk partner to country leadership as defined in the Bank’s ICS Risk Type Framework.

Business

The primary purpose of this position to ensure that the management of ICS risk is adequate and well-governed.  The successful candidate will work closely with the ISRO and ISRM team members and Country CRO, CIO, COO and Compliance Officers, as well as relevant key Business stakeholders to manage risks within tolerance, and taking into account the evolving threat and regulatory landscape, policies and standards, business operations and technology infrastructure. The successful candidate should possess a good understanding of ICS policy with an ability to articulate new requirements into ICS risk management assessments and processes.

The major functional activities that the role will lead and manage are:

• Overseeing and challenging 1st line ICS risk proposals and risk-taking activities.
• Supporting and regularly monitoring risk appetite through the approved framework.
• Managing and monitoring ICS risks and associated remediation plans across the Africa region using the CISRO Governance Risk Type Framework; Ensure controls are adequate, appropriate, and effective
• Validating adoption, effectiveness, and sustainability of ICS controls and recommending appropriate actions to mitigate risks.
• Supporting ICS risk management activities including internal and external audits, project reviews, and regulatory submissions
• Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.  Ensure the 1st line implements controls to comply with applicable laws and regulations as defined by the CISRO Policy team and relevant ICS policies and procedures
• Promoting a healthy ICS risk culture and good conduct within Africa.

People and Talent

• Lead through example and operate with the appropriate culture and values.
• Work in collaboration with risk and control partners.
• Work closely with country ISROs that is aligned and scale to the ICS risk control needs of the Africa region.
• Uphold and reinforce the independence of the second line ICS Risk function.

Risk Management

• Deliver objectives set forth by Head, ISRO Africa to support the Group's ICS risk management approach and objectives.
• Ensure risks are managed in accordance with the defined CISRO Governance Risk Type Framework and associated Policy and Standards; and that issues are identified, escalated, and addressed as appropriate.

Governance

• Establish strong ties into the relevant country leadership, governance, risk and control committees to ensure adequate monitoring, tracking and governance of ICS risk.
• Drive integration of ICS Risk Type Framework into Africa and apply it for ongoing governance of country risk.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the country. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
• Exercise authorities delegated by the Board of Directors and act in accordance with Articles of Association.

Key Stakeholders

• Country and Regional CRO
• Country and Regional CIO
• Country Compliance Officer
• Country and Regional Head of Compliance
• Regional COO
• Country CEO
• Banking Regulators
• Security Technology Services
• Head of ICS Governance
• Head of ICS Policy
• Group Internal Audit
• Head of ICS Assurance and Testing
• Head of ICS Training, Awareness & Exercises

Other Responsibilities

• Establish strong relationships with identified stakeholders across in the country and understand their strategic goals, in order to ensure ICS alignment.
• Prepare, present and challenge in a 2nd line capacity at relevant risk committees, steering groups and cross-business opportunities.
• Validate the accuracy of KRI’s and KCI’s and other risk ratings, as well as process designs, to meet policy requirements.
• Ensure that Process Owners are escalating risk, control, and process deficiencies appropriately in accordance with the relevant risk frameworks.
• Build trusted working relationships with other security functional heads, risk and compliance counterparts, and country stakeholders.
• Utilise appropriate risk management tool(s) to manage, track and monitor ICS risks across the country.
• Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.
• Monitor, assess and advise country on acceptable risk tolerances based on policy and control environment and the evolving regulatory and threat landscape

Our Ideal Candidate

• Leadership Competencies    
• Spot Opportunities    
• Solve Problems  
• Take the Lead   
• Build Resilience   
• Collaborate    
• Communicate    
• Deliver Sustainably    
• Achieve Results   
• Technical Competencies   
• Manage Conduct    
• Manage Risk    
• Manage People    
• Insert essential technical competencies from the Competency Framework 
• CISSP or equivalent

Unposting Date: 31/Mar/2022

go to method of application »

The Role Responsibilities

Strategy

• Develop and lead the delivery in the AME region of the HR Risk roadmap, priorities and milestone plan, aligned to the standards / requirements in support of the Group’s strategy and in line with the Enterprise Risk Management Framework (“ERMF”).
• Keep abreast of developments in the risk management landscape and apply learning to HR’s risk management practices. Coordinate with counterparts in other functions / business lines across the AME region to ensure a consistent, best practice and collaborative approach.
• Continuously evaluate and provide clear, balanced advice and leadership to senior management on the HR risk implications of business strategies and programmes, and the cost benefit analysis of risk remediation.
• Play a leadership role on regulatory projects and change initiatives, ensuring appropriate risk management strategies are in place.
• Positively influence and ensure effectiveness of HR Non-Financial Risk Team Meetings (NFRTM) in AME, upholding the integrity of HR risk / return decisions.

Risk Type Frameworks

• Ensure the HR Process Universe is well understood and embed process ownership across AME.
• Ensure there is a clear articulation of the framework for managing the First and Second Line activities of HR.
• Lead the review of existing risk-based processes and the development of new risk-based processes where gaps have been identified. Lead the alignment of these processes to HR policies, ensuring the revised suite of policies clearly articulate the roles and responsibilities of both the First and Second Lines of defence.
• Lead the implementation of the ERMF across HR in the AME region, ensuring it is effectively embedded across all product areas (including HR Process Universe, controls and control effectiveness, policies and policy assurance, process risk assessments).
• Ensure that risks are properly assessed, and control cost / benefit decisions are made transparently and controlled in accordance with the Group’s standards and Risk Tolerance.
• Act as an adviser over the aggregate level of risk in HR AME that arises from end to end processes. Lead the design of effective controls and the systematic monitoring of process control effectiveness and compliance with applicable laws and regulations.
• Continuously monitor and provide leadership and oversight of HR’s Non-Financial risk profile and the effectiveness of the risk mitigation in place. Provide a comprehensive view of the material risks facing HR and the material HR risks facing the Bank, ensuring that risk assessment and reporting is comprehensive and accurate.
• Lead Policy and Standard owners in creating, maintaining and ensuring the effective deployment across AME of Group HR Policies and Standards. Ensure alignment to and compliance with policy governance standards.
• Lead the roll out of process risk assessments, scenario analysis and stress testing for HR.
• Drive and promote an effective and exemplary risk and control culture (aligned to the Group’s risk appetite), with appropriate escalation.
• Lead updates to senior HR management.
• Ensure that all members of the HR function across AME are aware of their risk management responsibilities through leadership, communication and training.
• Act as the primary liaison between Country Operational Risk and HR, ensuring effective First and Second Line of defence coordination and integrated risk assessment.
• Collaborate with colleagues across HR to ensure continuous improvement in HR to strengthen the control environment.

Information & Cyber Security

• Act as the single point of contact for the HR, HICS on ICS activities (including information assets) across AME and coordinate with Country HR colleagues
• Provide any country specific treatment plans after coordination within HR
• Represent the Regional Head, HR on the ICS Working Group for AME

Audit, Compliance and Risk Reviews

• Lead risk based internal control reviews within HR and proactively influence / inform Country Internal Audit and Compliance planning (formal audits, risk reviews).
• Lead internal, external and regulatory audits and compliance reviews: support HR and Audit teams with their engagement, the management of audit activities, the reporting of audit findings and the management and closure of all audit findings. Ensure timely response to and implementation of any audit points / issues raised.
• Ensure lessons learned and best practices are shared across HR, and a central repository of audit points / observations and reports is in place.

Governance

• Ensure that the Non-Financial Risk Team Meetings in AME are exercising their responsibilities effectively and the requisite information flows are in place and working effectively.
• Embed the Group’s values and code of conduct and ensure adherence with the highest standards of ethics, and compliance with relevant policies, procedures and regulations forms part of the culture.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

People and Talent

• Ensure that resources and infrastructure are adequate to support the management of risk within HR.
• Drive an environment of performance, collaboration and compliance, to ensure issues are raised and blockages are resolved in a timely manner.
• Provide forward-looking leadership to ensure HR Risk is positioned to meet the challenges of the future.
• Champion and act as a role model of the Group’s values and culture.  
• Actively contribute to and raise the overall professional competence of the broader HR function. 

Key Stakeholders

• Regional Head, HR, AME
• Regional Management Team, AME
• Country Heads, HR across AME
• HR Management Teams (AME region)
• Senior Operational Risk Officer, Functions, AME countries
• Country Compliance Team (AME countries)
• Audit Teams (AME countries)

Our Ideal Candidate

• 7+ years of experience in aspects of HR Services, HR Operations, Risk & Compliance management
• Certifications on risk and compliance preferred
• Understanding of Hub/Spoke model, Shared Service Centre environment,
• Investigatory mindset, ability to analyse problems & processes based on data sets
• Ability to work effectively across functions/businesses, cross team collaboration

Unposting Date: 25/Mar/2022