Director, ICS and Tech Risk at Standard Chartered Bank Kenya

Strategy

• The Director ICS and Technology Risk is a permanent role that requires practical experience of ICS and Technology risk governance, committee papers, reporting and analysis. The successful candidate will have a strong understanding of operating in a second line capacity within a risk department, and can respond flexibly and collaboratively to evolving business, regulatory and threat requirements. The role holder will also need to demonstrate experience in presenting Technology and ICS risk view to board members. The role holder will need to have the ability to collect, analyse and interpret disparate data, risk indicators and perspectives to create an end-to end view of the bank’s Cyber and Technology Risk. 

Business

• The primary purpose of this position to ensure that the management of ICS and Technology risk is operating effectively and efficiently and to provide risk oversight and assurance that ICS and Technology risk is appropriately managed. The role will support the OTCR in their role as the Bank's executive accountable for ICS and Technology risk. The successful candidate will work closely with the Head, OTCR, Cyber & Tech Risk Profile & Gov as well as other key stakeholders. Given the rapidly evolving ICS and Technology regulatory environment, successful candidate will have a strong acumen for working with regulators and understanding ICS and Technology policy with an ability to articulate new requirements into ICS and Technology risk management assessments and processes

Processes

• The successful candidate will have the following skills to deliver high quality and consistently delivered risk reports, opinions and guidance.  
• The major functional activities that the role holder will be required to execute:
• Executive Reporting: In partnership with the Management Team and key subject matter experts draft high quality content for ICS and Technology risk papers and committee submissions, brining together a diversity of inputs from relevant experts to create a clear, concise and accurate input for relevant committees.
• Group Risk Profile: Support process to compile, assess and opine on the ICS and Technology Group Risk Profile and assess the macro level factors that impact this profile. Track actions and working groups across the teams to translate findings and recommendations from the ICS and Technology Risk Profile into tangible action.
• Standardisation and Central MI Reporting: Execute ICS and Technology Risk processes and Standard Operating Procedures (SOPs) and develop standardised approaches to the team’s delivery and ICS/Technology risk oversight activities. Delivery of central Management Information (MI) on critical risk data, trends and insights on process, risks and commitments which the team oversees.
• Group ICS Risk Assessment: Proactively support the 2LoD lead for the Bank’s ICS Thread Scenario-Led Risk Assessment (TSRA) which is used to assess ICS risk across the Bank and provide input for continuous improvement of the TSRA approach.
• Country ICS and Technology Risk Oversight: Work closely with Country and region key stakeholders to drive requirements and help set priorities for ICS and Technology risk management based on acceptable risk tolerance and taking into account the evolving threat and regulatory landscape, policies and standards, and technology infrastructure.
• Risk Management: Deliver the defined aspects of the role to support the Group's ICS risk management approach and objectives in accordance with the defined Risk Type Framework and associated Policy and Standards; and that issues are identified, escalated, and addressed as appropriate. Uphold and reinforce the independence of the second line ICS and Technology Risk function.
• Governance: Establish strong ties into the relevant Group, country leadership, governance, risk and control committees to ensure adequate monitoring, tracking and governance of ICS risk. Awareness and understanding of the regulatory framework, in which the Group operates, and the regulatory requirements and expectations relevant to the role.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
• Exercise authorities delegated by the Board of Directors and act in accordance with Articles of Association.

Key Stakeholders

• OTCR TTO Management Team 
• Group Internal Audit
• Banking Regulators
• Group OTCR Leadership Team
• Country, Cluster and Group CRO
• Country, Cluster and Group CISO
• Global Head, Security Technology Services
• Head of ICS Assurance and Testing

Other Responsibilities

• Embed Here for good and Group’s brand and values.
• Establish strong relationships with identified stakeholders and understand their strategic goals, in order to ensure ICS and Technology alignment.
• Articulate the value of ICS and Technology controls and their bottom-line impact on security and resiliency.
• Prepare, present and challenge in a 2nd line capacity at relevant risk committees, steering groups and cross-business opportunities.
• Measure efficient and effective management of ICS and Technology risk for the countries.
• Build trusted working relationships with other security functional heads, risk and compliance counterparts, and country stakeholders. 
• Utilise appropriate risk management tool(s) to manage, track and monitor ICS and Technology risks across the countries.
• Maintain sufficient and appropriate evidence of work performed for review by Group Internal Audit and others.

Role Specific Technical Competencies

• First class communicator, with the ability to convey complex risk and technical topics thorough written, verbal, and visual communication methods.  An excellent grasp of written English to create accurate and concise papers and reports on technical topics. 
• Critical Thinking:  The ability to analyse a large amount of information objectively and make reasoned and informed judgment and conclusions.  Can apply structured thinking and standardised approaches to deliver high quality outputs consistently and repeatedly.  
• Data and Analytics:  Proficiency in the management, interpretation, and assessment of complex data sets.  Understands basic statistical techniques and tools to represent data in charts, graphs and other visualisations.  
• Collaboration:  Work effectively with wider risk management team and first line colleagues to elicit input from technical experts, gather diverse perspectives and develop collective solutions. 
• Cyber Security and Technology: The candidate should have proven experience in Cyber Security and Technology risk management, enabling them to work with a range of subject matter experts on technical and complex topics.
• Information & Cyber Security Risk Management
• IT Standards, Procedures and Policies
• Information Assurance
• Operational Risk
• Cyber Threat Intelligence
• Emerging Technologies
• Risk & Control Self-Assessment (RCSA)

QUALIFICATIONS

EDUCATION     

• Bachelor’s degree in Engineering, Computer Science, Information Technology, Cybersecurity, Business Management, or other related discipline