Manager, Identity and Access - Risk and Control
- Kuala Lumpur, Federal Territory, Malaysien
- Festanstellung, Vollzeit
- Standard Chartered Global Business Services Sdn Bhd
- 21 Jan 19
Manager, Identity and Access - Risk and Control
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
Security Technology Services (STS) is a critical function within Standard Chartered Bank operating under the overall purview of "Technology Services" .
The STS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products in order to maintain and continuously improve Bank's cyber security posture in today's ever evolving cyber security landscape.
The STS team protect the Bank from cyber security threats by delivering effective information security technology services, managing and responding to security incidents to ensure, and support the continuity and growth of Bank's business operations; and meet the both internal and external stakeholders' expectations across 70+ countries and territories, in which SCB operates.
As part of the Security Transformation activities within SCB, a governance function within Identity and Access management is getting strengthened to cover the assurance function globally from access management perspective. This requires a highly skilled and experienced risk and assurance profession to build the governance model and capability improve Bank's access management risk posture in order protect the Bank from complex cyber threats.
The Role Responsibilities
- Manage and engage stakeholders effectively from regulatory audit or internal audit. Support audit activities and ensure that STS are meeting their audit and regulatory obligations.
- Audit, risk and controls management: Setting up of Enterprise access controls governance and Operational assurance model to provide overall assurance of access management controls across the bank.
- Manage and engage stakeholders effectively from 2nd line Risk. Support risk activities in alignment to the policies and standards. And engage with the business to manage risks and mitigating controls
- Ensure information provided to regulatory and audit is accurate, relevant and up to date
- Serve as single point of contact for IAM to handle all information request from auditors, and provide responses centrally to regulatory audit or internal audit
- Attend audit meetings, facilitate the request for information, clarification review, conducting verification and examining supporting documents to meet the audit obligations.
- Facilitate internal verification or investigation on the audit findings or observations
- Facilitate to review audit findings with IAM service owners and provide timely management responses to the findings, including remediation actions
- Proactively review and identify existing and/or emerging risks and/or non-compliance, engage service owners effectively to facilitate remediation on time in full
- Review and improve existing audit performance
- Collaborate with STS assurance on audits engagement involving access management. Represent IAM on audits from access management perspective
- Define and develop RA papers with stake holder as and when needed and track them.
- Actively work with the various Risk forums to develop policies, internal controls and have the ability to independently conduct risks and control assessment.
- ITO R&C
- STS assurance
- RO /OR
Our Ideal Candidate
- Minimum 8 years experience in Banking, Information Security Technology with focus on Identity and access
- Minimum 8 years experience as Risk and compliance expertise
- Excellent written and oral communication skills
- Experience in writing assurance reports is an added advantage
- Strong sense of personal ownership and responsibility in accomplishing the organisation's goal. Exudes confidence and will roll-up his/her sleeves to drive success
- Able to get things done in a quick-paced environment. Be transparent and open around what doesn't work and what does
- Good understanding of regulatory compliance, IT security, IT risk and controls
- Ability to collect and analyze data, establish facts and make recommendations in written and oral form
- Strong analytical, communication, interpersonal, negotiating and influencing skills
- Strong Technical skills and good understanding in access management across platforms/Applications and PID
- Excellent communication skills - oral, written and presentation; technical reporting writing across various types of tareget audiences.
- Bachelor Degree in Computer Science/Information Technology, Engineering, Finance or its equivalent
- CISSP / CISA / CISM trained or certified will be a definite advantage