Director, ICS and Tech Risk at Standard Chartered Bank Kenya

RESPONSIBILITIES
Strategy

• The Director ICS and Technology Risk is a permanent role that requires practical experience of ICS and Technology risk governance, committee papers, reporting and analysis. The successful candidate will have a strong understanding of operating in a second line capacity within a risk department, and can respond flexibly and collaboratively to evolving business, regulatory and threat requirements. The role holder will also need to demonstrate experience in presenting Technology and ICS risk view to board members. The role holder will need to have the ability to collect, analyse and interpret disparate data, risk indicators and perspectives to create an end-to end view of the bank’s Cyber and Technology Risk.

Business

• The primary purpose of this position to ensure that the management of ICS and Technology risk is operating effectively and efficiently and to provide risk oversight and assurance that ICS and Technology risk is appropriately managed. The role will support the OTCR in their role as the Bank's executive accountable for ICS and Technology risk. The successful candidate will work closely with the Head, OTCR, Cyber & Tech Risk Profile & Gov as well as other key stakeholders. Given the rapidly evolving ICS and Technology regulatory environment, successful candidate will have a strong acumen for working with regulators and understanding ICS and Technology policy with an ability to articulate new requirements into ICS and Technology risk management assessments and processes.

Processes
Required

• The successful candidate will possess skills to deliver high quality and consistently delivered risk reports, opinions and guidance. The major functional activities that the role holder will be required to execute:
• Executive Reporting: In partnership with the Management Team and key subject matter experts draft high quality content for ICS and Technology risk papers and committee submissions, bringing together a diversity of inputs from relevant experts to create a clear, concise and accurate input for relevant committees.
• Group Risk Profile: Support process to compile, assess and opine on the ICS and Technology Group Risk Profile and assess the macro level factors that impact this profile. Track actions and working groups across the teams to translate findings and recommendations from the ICS and Technology Risk Profile into tangible action.
• Standardisation and Central MI Reporting: Execute ICS and Technology Risk processes and Standard Operating Procedures (SOPs) and develop standardised approaches to the team’s delivery and ICS/Technology risk oversight activities. Delivery of central Management Information (MI) on critical risk data, trends and insights on process, risks and commitments which the team oversees.
• Group ICS Risk Assessment: Proactively support the 2LoD lead for the Bank’s ICS Thread Scenario-Led Risk Assessment (TSRA) which is used to assess ICS risk across the Bank and provide input for continuous improvement of the TSRA approach
• Country ICS and Technology Risk Oversight: Work closely with Country and region key stakeholders to drive requirements and help set priorities for ICS and Technology risk management based on acceptable risk tolerance and taking into account the evolving threat and regulatory landscape, policies and standards, and technology infrastructure.
• Risk Management: Deliver the defined aspects of the role to support the Group's ICS risk management approach and objectives in accordance with the defined Risk Type Framework and associated Policy and Standards; and that issues are identified, escalated, and addressed as appropriate. Uphold and reinforce the independence of the second line ICS and Technology Risk function.
• Governance: Establish strong ties into the relevant Group, country leadership, governance, risk and control committees to ensure adequate monitoring, tracking and governance of ICS risk. Awareness and understanding of the regulatory framework, in which the Group operates, and the regulatory requirements and expectations relevant to the role.

QUALIFICATIONS
EDUCATION

• Bachelor’s degree in Engineering, Computer Science, Information Technology, Cybersecurity, Business Management, or other related discipline

TRAINING

• Years of Experience: 8 years in Technology or ICS risk management with 3 of these in a role that engages and prepares and presents reports to the board.
• Proven experience in an information security office, senior governance and policy, ICS/ Technology Risk Role.
• Thorough understanding of ICS and Technology related frameworks, principles, processes, risks, threats and controls.
• Strong leadership, negotiation and collaboration skills, and ability to work effectively in a complex multicultural and multi-time zone organization.
• Ability to collect and analyse data, establish facts and make recommendations based on sound risk management principles.
• Technical knowledge across a broad range of Technical and ICS capabilities including Cloud Technology, Technical Programmes, Cyber Defence, Security Monitoring, Analytics, DLP, Access management, Cloud etc.
• A passion for keeping technical knowledge and skills up to date and horizon scanning new and emerging thematic risks from new technology.
• Strong knowledge of cyber security, technology related frameworks, information security principles and architecture.
• Ability to articulate gross and residual risk with specific ability to clearly, concisely and accurately communicate complex technology and process risk to non-technical stakeholders in a lucid way.
• Proven experience of demonstrating resilience and having a strength of character.
• Must be a self-starter who is able to initiate and successfully drive initiatives to completion with little or no management supervision.
• Strong analytical skills and an ability to prioritise, make decisions, and work within tight timeframes.
• Proven ability to lead highly complex, global activities through influence and credibility rather than command and control.
• Excellent communication and interpersonal skills.

CERTIFICATIONS

• Professional certifications are desirable (e.g., CRISC, CISA, CISSP, CISM, GIAC, Cloud Certifications etc).