Head of Governance and Controls

The Country Head Governance, Risk & Control is responsible for Identification of emerging and existing risks through a country or regional lens or activities that require a Client-Journey agnostic- or consolidated approach; Responsible for Country Offshoring Strategy; Responsible for monitoring control effectiveness as it relates to Local Regulatory Reporting; Responsible for Country Conduct Plan, Data Governance and Cybersecurity

The primary requirements of the role will be:

1. Put on country lens, review the risk from CJ agnostic perspective.

2. Identify country top themes / trends, emerging risks.

3. Ensure country adheres to policy requirement, challenge where risk remain unresolved and fulfil country conduct plan.

4. Monitor country "risk hygiene / quality assurance" across CJ ops.

5. Demonstrate strong hub-spoke governance.

6. SPOC for providing country level view of outsourcing for Operations [But details of each outsourcing will be provided by CJ team, including liaison with regulators for the specific hubbing activities].

7. Ensure compliance to Reg reporting Policy / standard in line with Compliance Risk Type Framework.

8. Main liaison with regulator, to facilitate/represent COO.

9. Fulfilment of board duties

10. Support COO in ICS governance and remediation works at country level

11. Support COO in Data governance at country level.

12. Work to achieve effective conduct governance

13. To have the overall EUC used in country view and its compliance to EUC policy and procedures

14. Role model in setting the right risk and control culture.

Key Roles and Responsibilities:

1. Review and assess risk metrics (losses, near miss incidents, control effectiveness data) from the country lens.

2. Identify patterns and trends from a Country / Regional Lens. Proactively identify and share issues in one business that may have impact in another business;

3. Represent First Line Risk (Rep for COO) / Prep COO to attend local governance committees (Country Risk Committee / Country Non Financial Risk Committee/ ERC). Represent First Line for CJ agnostic nominations to working group/ committees related to Principle Risk Type / Sub Risk Type e.g. Data Governance, ICS

4. Review and challenge on first line CJ risk adherence's effectiveness in country/hub e.g. effective Risk & Loss reporting, RRA completion for the country.

5. Escalate material themes /trends to Group, could also be receiving the trend from Group Conduct and control team"

6. To review and ensure effective country governance over hub in SRM / JSR meeting. To ensure JSR/SRM is fit for purpose. Any material concern coming out of the JSR has been escalated to the country risk forum e.g. Where cj hasn’t been remediated and for regulatory interface

7. SPOC to coordinate Country offshoring strategy - A single point of contact in Operations to consolidate and coordinate the overall Country off sourcing strategy. country Overall how's country doing in outsourcing. To be consulted for hubbing activities to ensure overall country lens has been considered. First Line Risk Management liaison for any Regulatory Visits, Regulatory Reviews or Audits as they relate to Operations-owned processes;

8. Escalate any concerns relating to the control effectiveness of all final submissions to local Regulators and Government bodies.

9. For the subsidiary countries, take accountability for ensuring that risks are clearly and accurately articulated to Board Members, including mitigation plans.

10. Communicate the expectations of the Board in relation to the Group’s culture, values and behaviours to Client Journeys in country.

11. Responsible for the identification, monitoring and remediation of any ICS risk that arises from infrastructure which is Country-specific and CJ-agnostic and for improving the Security Quotient score.

12. Responsible for crisis- and incident response and risk reporting as it relates to infrastructure which is Country specific and CJ agnostic and acting as a point of contact for any pan-Country audits or regulatory reviews.

13. Responsible for providing a consolidating view of ICS risk to the Country CEO and Country Risk Owner.

14. Responsible for identifying risks and tracking of data issues which are pan-CJ/ CJ-agnostic, for example, Country regulatory reports.

15. Responsible for Chairing / support COO to chair the Country Data Governance Committees if they continue. Responsible for providing any country nuances to Group Ops Conduct Plan

16. Responsible for executing any country specific conduct activities

17. Support COO as First level approvers (non CJ) for EUC dispensation in the country

18. Country Risk & Control are responsible for providing a consolidated view of EUC used in country for a holistic overview of EUC risk.

19. As Acting CO HICS, the primary purpose of this position is to ensure that the management of ICS risk is operating effectively and efficiently and to provide assurance that ICS risk is appropriately managed within the country in accordance to regional and global bank standards.

20. Execute a robust and efficient plan to rollout ICS RTF by working with key stakeholders including COOs/CIOs direct teams, ICS RTF Implementation Programme teams and Security technology teams.

21. Execute a robust and efficient plan to rollout ICS RTF by working with key stakeholders including COOs/CIOs direct teams, ICS RTF Implementation Programme teams and Security technology teams.

22. Supporting the Regional Head of ICS in the implementation of the ICS Risk framework including working with stakeholders to identify, assess and rate the information assets, build out the risk profile per the framework, initiate risk assessments and put together treatment plans

23. Use qualitative and quantitative data sources to validate Key Control Domains (KCD) and associated controls, accelerate risk assessment process, validate business risk profile and develop action plans to remediate to bring ICS risk back into appetite.

24. Follow up on identified thematic cyber issues, develop processes to address issues from re-occurrence and ensure cyber hygiene across the whole portfolio.

25. Provide regular status updates including progress, top risks and issues to the respective country and regional forums for the relevant domains. Track regulatory status, key milestones, risks, dependencies and issues.

26. Interface with the Business and Country ICS Leads to assist with sharing of risk profiles, advising on cyber risk issues and addressing areas of concern.

27. Interface with Technology forums to ensure security technologies are operating with input from countries and be actively involved in the roadmap of these technologies by providing regional/country input.

28. Development of risk treatment plans for the assigned areas in conjunction with the business and technology teams. Interface with other areas to ensure dependencies are known and prioritised. Negotiate timelines to ensure proper remediation by maintaining support and organizational alignment.

29. Adapt to emerging and horizon risks and address issues to maximize outcomes. Urgent and timely action for risks and issues which adversely impact cyber risk profiles.

30. Re-planning and prioritising as required to maximise risk reduction.

31. Coordinate and plan for cyber crisis management exercises, build response and recovery capabilities, workarounds, ensure up to date playbooks etc.

32. Assist with other cyber activities underway

33. Use qualitative and quantitative data sources to validate Key Control Domains (KCD) and associated controls, accelerate risk assessment process, validate business risk profile and develop action plans to remediate to bring ICS risk back into appetite.

People and Talent:

• Lead through example and build the appropriate culture and values. Sets appropriate tone and expectations for the team and work in collaboration with risk and control partners.


• Lead and support a change in mindset, building a culture of client centricity, agility, and accountability through standardised metrics and measurement.


• Drive training and communications to promote awareness and continuous learning for risk control and governance aspects


• Ensure the provision of ongoing training and development of people and ensure that holders of all critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks.

Regulatory & Business conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.

• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.

• Proactive in seeking regular assurance that the Group Business Risk Management teams are performing to an acceptable control assessment standard as per the defined Enterprise Risk Management Framework / Operational Risk Types Framework.


• Lead the [country / business unit [team] to achieve the outcomes set out in the Bank’s Conduct Principles

Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters