The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank's data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Office of the CISO serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework and for instilling a culture of cyber security within the Bank. The Group CISO is responsible for ICS governance, strategy, policy, awareness, training, risk assessments, red teaming, third party security risk, industry partnerships, and regulatory engagement. In addition, the team of Information Security Officers (ISO) reports to the CISO and performs a pivotal role as an extension of the CISO in supporting the ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Services, Regions, and Functions. The Office of the CISO is central to ensuring the Bank's ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board. The Cyber Training, Awareness & Exercises team is looking for a Head, Cyber Awareness Insights and Reporting to join their small but energetic communications team to manage the measurement, reporting, tracking and assurance of their Information and Cyber Security (ICS) training and awareness programme and phishing simulation exercises.
You will be responsible for arming the business, functions and geographies with data-driven insights and reports to help them better manage the human side of Information and Cyber Security . You will design strategic audience-based programmes and communications that inform and inspire business leaders and employees around the globe. You will drive the design and implementation of quantitative and qualitative exercises to help the business understand gaps and opportunities in their Awareness scores. You will be constantly looking at ways to improve the way we manage ICS risk from the human angle in terms of Phishing exercises, data leakage and other metrics that inform the business. You will be expected to communicate and present to all levels, both internally and externally, with vendors and colleagues and senior stakeholders.
The role is varied and extremely dynamic. One day, you could be designing a phishing simulation programme for 80,000 employees, the next working with an agency to create engaging reports that help countries identify specific employee risk areas.
Main Purpose of the role: Reporting to the Head of Cyber Training, Awareness and Exercises team, Group CISO, the Head, Cyber Awareness Insights and Reporting will collaborate with multiple stakeholders to lead, design and deliver a range of complex activities in the following fields: Roles and Responsibilities: Strategic Planning and Awareness Insights/Intelligence · Drive the strategic vision and direction for improved awareness-through-data insights and reporting for all audience-specific Cyber awareness programmes (Executives, targeted awareness, general employees) · Lead and conduct complex existing/new Cyber awareness measurement programmes/projects such as the Bank's global phishing simulation exercises, clear desk checks and 3 rd party surveys that indicate the Bank's awareness capabilities · Manage existing reports including the Security Culture Report, Phishing Communications, Quarterly Awareness updates, and introduce new reports where needed, that demonstrate the Bank's Security Culture · Manage and evolve the Bank's Awareness reports, which help measure a country's secure behaviour and provide recommendations for improvement · Review, maintain and update existing project process documents regularly Research and Analysis · Lead and drive data governance of how generated data will be used, stored, shared and accessed by the broader team · Be the in-house expert for Awareness team team on all third party and internal data/intelligence requirements to improve employee competence and change behaviour in line with industry best practices and peer benchmarks · Provide key trend predictions, behavioural pattern analysis and deep dive insights through data analysis/3 rd party research engagement for regular reporting to the wider team based on customised audience requests using people-focused, user experience and change behaviour analytics approach Communications and Reporting · Manage all communications and provision of awareness data points for the ICS Risk Type Framework, and other related risk dashboards/papers/reports from CISO, OR, GIA, ICS TRP teams · Create visually impactful, interactive and actionable reports for stakeholders that demonstrate the Bank's security posture in different regions, countries, businesses and functions using key information and cyber security parameters. · Liaise with Corporate Affairs and other communications partners to amplify our story in human-centric way
Stakeholder and people management · Liaise with Audit, regulators, Governance, Operational risk, Compliance, Corporate Affairs and other functions to provide Cyber awareness metrics that demonstrate the Bank's ability to manage the human side of ICS risk - including the new Conduct Phishing Metrics dashboard · Lead a team of 1-2 staff for phishing simulations, clear desk, data gathering and tracking, data trends analysis, generating reports, trend prediction and behavioural pattern analysis to support improvement in all teams audience specific programmes · Other duties as required Key Stakeholders
Heads of Information & Cyber Security
Information Security Officers (Geography, Business & Functions)
Executive, General and BFG Awareness Teams
CISO & STS MTs
Key Business Stakeholders including: ALl Business and Function CIOs, CTMs, CROs, Compliance Heads
Regulatory and Business Conduct · Display exemplary conduct and live by the Group's Values and Code of Conduct. · Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct. · Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters. Group Standard Compliance Performance · Take personal responsibility for understanding the risk and compliance requirements of my role. Understand and comply with, in letter and spirit, all applicable laws, and regulations, including those governing anti-money laundering, terrorist financing, and sanctions; the Group's policies and procedures; and the Group Code of Conduct. Effectively and collaboratively identify, escalate, mitigate and resolve risk and compliance matters · Embed 'Here for Good' and Group's purpose - Driving commerce and prosperity through our unique diversity. Promote a culture of openness, trust, and risk awareness, where ethical, legal, regulatory and policy compliant conduct is the norm
Qualifications, Skills & Experience
A visionary, proactive go-getter with a minimum of 10 years relevant working experience in market research, data-driven marketing/analytics/communications or similar field
Finely tuned attention to detail with the ability to lead and act strategically with an eye for the "bigger picture" a must
A genuine interest in transforming data and insights into actionable, plan English, visually appealing reports and communications
Meticulous project management skills
Excellent communications and writing skills a must
Advanced competency skills using MS Office software (Word, Powerpoint, Excel) or Tableau to generate trend prediction, behavioural pattern analysis and reports an added advantage.
Leading a team in a multinational corporation experience a plus.
A reasonably competent level of understanding of (or interest in) information technology and user-oriented information security.
High adaptability to work and contribute to the team across geographies in a matrix and digital-centric environment
Ability to assess and manage priorities, working in a structured, autonomous manner with a firm focus on delivering results
Sound judgement and anticipation with strong integrity, independence and resilience
A Degree in a related field. Extended years of relevant working experience may be considered in lieu.
Internal Number: 6387009
About Standard Chartered Bank
eFinancialCareers is a career site specializing in financial services.