Job ID: 27826
Location: Warszawa, PL
Area of interest: Governance, Risk Management & Compliance
Job type: Regular Employee
Work style: Hybrid Working
Opening date: 5 May 2025

JOB SUMMARY

The Group Chief Information Security Risk Officer (CISRO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing Information and Cyber Security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the Group CISRO team serves as the second line of defence for assuring ICS controls are implemented effectively, in accordance with the ICS Risk Framework, and for instilling a culture of cyber security within the Bank. Group CISRO is responsible for the development of ICS framework, which includes all aspects of end to end risk identification, assessment, management and mitigation to stay with approved risk appetite thresholds; ICS policy, assurance and red team activities, cyber resilience and stress testing, third party security risk, industry partnerships, and regulatory engagement. The team of Information Security Risk Officers (ISRO) have delegated authority for risk approval from the Group CISRO and support the implementation of the ICS risk management strategy, providing oversight, governance, and advisory across the Group’s Business, Regions, and Functions. Group CISRO is central to ensuring the Bank is able to meet its ICS commitments to internal and external stakeholders, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.

SKILLS AND EXPERIENCE

• At least 10+ years’ experience in cyber security testing/assessment, penetration testing, cyber security operations, cyber security audit or information security governance.
• Thorough understanding of IT security business processes, risks, threats and internal controls.
• Experience working in or with the financial services industry with keen understanding of business and operational environment.
• Strong knowledge of the cyber security threat landscape, businesses, markets and risk framework.
• Good understanding of global legal, regulatory and industry regulations, frameworks and standards and the ability to adapt to the changes accordingly.
• Able to communicate complex ICS risks/issues precisely and effectively.
• Able to construct recommendations in a factual and persuasive manner. Excellent communication skills in both written and oral form.
• Ability to empathise and collaborate with stakeholders across functions and at all levels of experience.
• Ability to look beyond individual issues to identify broader themes with wider-reach impact.
• Ability to both assess strategic priorities and to focus on detailed aspects of a function to drive effective delivery.
• A big-picture thinker who is detail-oriented.
• Experienced in team management & engagement and able to lead, guide, motivate team to meet goals and objectives.
• Ability to perform testing by using data analytics.

ABOUT STANDARD CHARTERED

We’re an international bank, nimble enough to act, big enough for impact. For more than 170 years, we’ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you’re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can’t wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you’ll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

• Primarily responsible to effectively lead/perform ICS assurance reviews and issue validation activities.
• Execute and deliver insightful, quality and value-adding assurance reviews to drive proactive risk management.
• Drive and support internal growth initiatives to upskill staff competencies, optimise resources/capacity, enhance digital agility and identification of risk hotspots for assurance work.
• Drive, collaborate and support cross-functional initiatives to drive greater efficiency and effectiveness.
• Building and promote good external partnerships with stakeholders to collaborate effectively.
• Provide timely, regular communication and updates of deliverables (outcomes, recommendations) to key internal and external stakeholders.
• Responsible and accountable for performing reviews and issue validations in line with the 2LA methodology and ensure that the ICS assurance deliverables meets the quality standards set out in the methodology.
• Ensure timely deliverables, invocation of escalation and clearance of report in alignment with our CISRO Assurance operating model.
• Support the Global Head of ICS Assurance & Testing to set up the annual plan and manage the execution of the plan to achieve the target on quality, timeline and budget.