Head OTCr, Cyber Defence

Job ID: 42430

Location: Singapore, SG

Area of interest: Governance, Risk Management & Compliance

Job type: Regular Employee

Work style: Office Working

Opening date: 17 Oct 2025

**JOB SUMMARY**
- The Group Operational, Technology and Cybersecurity Risk (OTCR) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing technological, information and cyber security (ICS) risks across the enterprise.- As a critical function reporting into the Group Chief Risk Officer (CRO), Group OTCR serves as the second line of defence for assuring Operational, Technology and ICS controls are implemented effectively and in accordance with the Enterprise Risk Management Framework (ERMF) and the ICS Risk Type Framework, and for instilling a positive culture of Operational, Technology and Cybersecurity risk management within the Bank.- As part of the function, the team of OTCR CISO performs a pivotal role as an extension of the OTCR in supporting the Tech and ICS risk management strategy, governance, advisory and assurance roles that face off to the Client Businesses, Regions, and Functions.- This specific OTCR CISO role has accountability for 2nd Line of Defence oversight over the CISO Global Threat Mgmt and Cyber Defence team. The role therefore requires experience working within such functions and highly sophisticated technical skills across Security Logging and Monitoring, Security Incident Management, Cyber Forensic, Cyber Intelligence and Threat Management.**RESPONSIBILITIES**

**Strategy**-
**Business**
- The role delivers services that continually monitor the Tech and ICS threat landscape, undertake constructive and robust oversight of the effectiveness of Tech and ICS controls and risk remediation strategies, and ensure accurate, insightful, and transparent Tech and ICS risk reporting is provided to senior management to provide them appropriate assurance and confidence on the T&O CISO risk profile.- We are seeking an information and cyber security risk specialist to deliver a range of activities associated with the discharging of OTCR second line responsibilities. This role will have considerable engagement with all business units, risk committees, and other stakeholders across the bank, but especially those in T&O covering Cyber Operations and Group Threat Management domains.**Processes**
The major functional activities that the OTCR, CISO will lead and manage are:
- Overseeing and challenging 1st line Tech and ICS risk proposals and risk-taking activities for Security Logging and Monitoring, Security Incident Management and Cyber Forensic, Cyber Intelligence and Threat Management, and other key ICS domains.
- Intervening in 1st line activities if they are not in line with existing or adjusted Risk Appetite.
- Monitoring of Tech and ICS risks and associated remediation plans across business lines using the Threat Scenario Risk Assessment (TSRA) Framework.
- Assuring the 1st line implements controls to comply with applicable laws and regulations as defined by the ICS Policy, Standards and escalate significant regulatory non-compliance matters and developments to the Global Head, OTCR, T&O.
- Overseeing implementation of the controls to mitigate risks related to Security Logging and Monitoring, Security Incident Management and Cyber Forensic, Cyber Intelligence and Threat Management.
- Promoting a healthy Tech and ICS risk culture and good conduct within Transformation, Technology & Operations of key ICS domains.

**People & Talent**
- Lead through example and build the appropriate culture and values.
- Employ, engage, and retain high quality people, with succession planning for critical roles.
- Uphold and reinforce the independence of the second line OTCR function.
- Provide guidance and training for businesses and functions on managing risks associated with Cyber Operations and Group Threat Management domains.

**Risk Management**
- Support the assessment of Tech and ICS risk and reporting by T&O 1st line teams.
- Support the OTCR T&O team in the use of the Tech and ICS risk frameworks and other techniques from a 2nd line perspective.
- Raise visibility of Tech and ICS weaknesses to drive improvements and upliftment.
- Highlight gaps or control weaknesses against security standards and regulations in the key ICS domains.
- Create risk mitigation plans calling out where these are ineffective or insufficiently followed.
- Perform thematic reviews as required by the OTCR T&O team.

**Governance**
- Work with teams within T&O and participate in work groups and other meetings to understand, advise, and challenge on Tech and ICS matters, specifically for Security Logging and Monitoring, Security Incident Management and Cyber Forensic, Cyber Intelligence and Threat Management associated risks.
- Report any Tech and ICS risks/issues during T&O NFRC which require attention and support.
- Ensure consistency of reporting and production of high-quality