Senior ICS Risk Manager, ASEAN Cluster

Overview

Senior ICS Risk Manager, ASEAN Cluster & Singapore at Standard Chartered Singapore. The role supports the ASEAN Cluster CISO to drive the adoption and implementation of the Information and Cyber Security (ICS) Risk Type Framework (RTF) across the Group and entities in Singapore and the ASEAN Cluster, to identify and mitigate ICS risks, while meeting compliance and regulatory obligations.

• Drive adoption and implementation of the ICS RTF across Singapore and ASEAN Cluster with end-to-end visibility of ICS activities, including regular risk assessments, tracking, follow-up and reporting.
• Maintain constructive relationships with key stakeholders and regulators; mobilize effort and commitment using strong security risk framework knowledge.
• Roll out ICS RTF by coordinating with Country and Cluster CTO/CIO teams, business and function teams, ICS RTF Implementation Programme teams, CISO teams and Security technology teams. Include digital footprint discovery, risk assessment, and implementation of controls as guided by the ICS RTF.
• Provide CISO authority for countries in scope (delegates for Singapore and other ASEAN markets as appointed).
• Identify, assess and rate information assets; build risk profiles; initiate risk assessments and develop treatment plans.
• Deploy Threat Scenario-based risk assessments in-country; use qualitative and quantitative data to validate TSRA and controls; accelerate risk assessment processes; develop remediation action plans to bring ICS risk back into appetite.
• Monitor and address thematic cyber issues; ensure cyber hygiene across the portfolio; provide regular status updates to country and cluster forums; track RAG status, milestones, risks, dependencies and issues.
• Interface with Technology forums to ensure security technologies operate effectively and contribute to technology roadmaps.
• Develop risk treatment plans with business and technology teams; manage dependencies and negotiate timelines for remediation.
• Adapt to emerging horizon risks; take urgent actions for risks adversely impacting cyber risk profiles; re-plan and re-prioritize to maximize risk reduction.
• Coordinate cyber crisis management exercises; build response and recovery capabilities; maintain up-to-date playbooks; assist with other cyber activities.
• Manage all ICS-related regulatory requests and self-assessments; coordinate/audit controls; support regulator inspections, internal/external audits (e.g., SWIFT, PCI-DSS, ISO 27001).
• Build and sustain relationships with internal and external stakeholders (e.g., country Management Team, local regulators); deliver ICS risk culture and scorecards (e.g., CISO MI, BRAM, Culture Quotient).
• Represent SCB in ICS regulatory and industry forums; drive and support group and cluster ICS initiatives; remotely act as Market CISO for ASEAN markets as appointed.
• Engage regulators and senior stakeholders, handle time-sensitive requests with urgency, including outside of work hours; promote brand as an industry thought leader and deepen engagement with industry peers.
• Be the cyber trusted advisor to the Board, Cluster and Country Management Teams, and drive business and client value supporting initiatives such as digital transformation.
• Participate in face-to-face engagements and working groups with local regulators and associations.

• Education: Degree in Engineering, Computer Science/Information Technology or equivalent.
• Training: Strong knowledge of ICS products and operations; ability to initiate and drive programs; communicate complex risk to non-technical stakeholders; strong interpersonal and stakeholder management; excellent written and verbal communication; proficiency in MS Excel, PowerPoint and Word; ability to manage projects with limited supervision; strong analytical skills; deep knowledge and experience in ICS; proven ability to lead global activities through influence.
• Certifications (preferred): CISM, CISA, CISSP, GIAC, CRISC, PCI-ISA/PCIP, ISO 27001/22301 Lead Implementor/Auditor, etc.
• Languages: Business communication.
• Role-specific technical competencies: ability to manage multiple deadlines; strong collaboration; stakeholder management; 10+ years in ICS risk management; strong communication; team player; capable of guiding complex, global programs.

• Competitive salary and benefits aligned with Fair Pay Charter
• Core