Cybersecurity Risk Manager - Third Party SecurityStandard Chartered • Kuala Lumpur, Kuala Lumpur, Malaysia
Cybersecurity Risk Manager - Third Party Security
Standard Chartered • Kuala Lumpur, Kuala Lumpur, Malaysia
30+ days ago
Job descriptionBusiness Lead due diligence assessments, security reviews, and continuous vendor risk monitoring. Evaluate vendor responses to security questionnaires, attestations, and evidence artifacts. Assess vendors’ cybersecurity posture against standards such as ISO 27001, NIST, GDPR, SOC 2, PCI‑DSS, and best practices. Analyse third‑party cloud security controls, data protection measures, and threat management capabilities. Document findings, provide risk ratings, remediation recommendations, and track actions to closure. Partner with CISO, procurement, and business teams on vendor onboarding and contract renewals. Continuously evolve and optimise third‑party risk assessment methodologies and frameworks. Leverage AI / ML tools and data analytics to enhance risk detection and predictive assessments. Stay informed on the latest cybersecurity trends, threat intelligence, and regulatory developments. Support audits, regulatory reviews, and compliance assessments related to third‑party risk. Communicate risk insights and reporting to executive leadership and stakeholders. Processes Support any training and awareness initiatives relating to third‑party security risk. Support and assist in third‑party program improvement initiatives. Assist in the development of new / amended processes, innovative ways of working and reviewing risk and control assessments. Assist in the forward planning and prioritisation of vendor assessments or requests from business stakeholders, and resource allocations. People & Talent Support any training and awareness initiatives relating to third‑party security risk. Risk Management Support the Head of TPSR to ensure compliance with relevant regulations covering third‑party security risk. Monitor and report on third‑party security risk compliance to stakeholders. Remain current on industry trends and regulatory requirements related to third‑party information security. Governance Regulatory & Business Conduct Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. Lead to achieve the outcomes set out in the Bank’s Conduct Principles. Effectively and collaboratively identify, escalates, mitigates, and resolves risk, conduct and compliance matters. Serve as a Director of the Board. Exercise authorities delegated by the Board of Directors and act in accordance with Articles of Association. Key Stakeholders Business Functions Other Responsibilities Embed Here for good and Group’s brand and values in TPSR Team; Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures. Ideally 3 years of experience in information security / IT auditing, with Big 4 and / or Banking & Financial services experience. Candidate with Cybersecurity background, Understanding and knowledge of IC S / IT. Experience in third‑party audits is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement. Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and regulatory requirements will be a plus. Familiarity with working in an MNC or cross‑cultural setting. Excellent written and interpersonal skills. Good risk management, understanding emerging risk / technologies AI / ML. Ability to draft reports that clearly communicate observations and risks would be required. Strong stakeholder engagement skills, ability to interact at all levels across an organization. Strong audit project organisation and management skills. Certified Information Systems Security Professional (CISSP) Systems Security Certified Practitioner (SSCP) Certified in Risk and Information Systems Control (CRISC) Certified Information Security Manager (CISM) Certified Cloud Security Professional (CCSP) Strong communication skills in English. Deep understanding of cybersecurity principles, data privacy, and regulatory frameworks. Expertise in third‑party risk management (TPRM), cyber risk quantification, and vendor assessments. Understanding of AI, ML, Cloud Security (AWS, Azure, GCP), and Zero Trust Architecture. Familiarity with security testing methods such as Vulnerability Assessment, Penetration Testing (VAPT), and Red Teaming. Ability to analyse technical evidence, security policies, and complex risk scenarios. Excellent written and verbal communication with the ability to influence stakeholders at all levels. Analytical mindset with problem‑solving skills and attention to detail. Ability to prioritise tasks and manage multiple assessments in a fast‑paced, agile environment. May require occasional travel for onsite vendor assessments. Experience working within highly regulated sectors (e.g., Banking, Finance, Healthcare) is highly desirable. Knowledge of regulatory requirements such as GDPR, CCPA, DORA is a plus. Preferable certifications (e.g. CISSP, CCSP, CISA, CISM, CTPRP, CRISC etc.). Competency with Microsoft Office Suite (Word, PowerPoint, Excel, Visio, SharePoint). Information System / Technology : IC S Audit / Risk / Assurance. Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do. Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well. Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term. Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations. Time‑off including annual leave, parental / maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum. Flexible working options based around home and office locations, with flexible working patterns. Proactive wellbeing support through Unmind, a market‑leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first‑aiders and all sorts of self‑help toolkits. A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning. Being part of an inclusive and values‑driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies – everyone feels respected and can realise their full potential.
Cybersecurity Risk Manager - Third Party Security
Join to apply for the Cybersecurity Risk Manager - Third Party Security role at Standard Chartered
Job Summary
We are looking for a passionate Third-Party Cybersecurity Risk Assessor to join our dynamic cybersecurity team! In this critical role, you will assess and manage the cybersecurity risks posed by third‑party vendors, suppliers, and service providers, ensuring alignment with our organization’s information and cyber security standards. You'll play a pivotal part in safeguarding sensitive data, protecting infrastructure, and enabling secure digital ecosystems in an ever‑evolving threat landscape. If you thrive in a fast‑paced environment, are excited by emerging technologies, and have a keen eye for risk and resilience, this opportunity is for you.
Key Responsibilities
- Strategy
The main responsibilities will be to support the Head of Third Party Security Risk in delivering the third‑party security risk program within the Bank.
Perform cybersecurity risk assessments on third‑party vendors, suppliers, and service providers.
Diligently provide weekly and ad‑hoc reporting on status of reviews.
Manage a register of third‑party security risks and ensure that deficiencies are mitigated.
Maintain a register of third‑party security risks and ensure that deficiencies are mitigated.
Diligently provide weekly and ad‑hoc reporting on status of reviews.
Display exemplary conduct and live by the Group’s Values and Code of Conduct.
Supply Chain Management
Skills And Experience
Optional Skills
Role Specific Technical Competencies
About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you’re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can’t wait to see the talents you can bring us. Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you’ll see how we value difference and advocate inclusion.
Together We
What We Offer
#J-18808-Ljbffr
Create a job alert for this search
Manager Manager • Kuala Lumpur, Kuala Lumpur, Malaysia
Related jobs
Technology Consulting - Cyber Security (Manager / Senior Manager)
Ernst & Young Advisory Services Sdn Bhd • Kuala Lumpur, Kuala Lumpur, Malaysia
Cyber security is one of the most important risks facing businesses today.Systems, applications, and processes are becoming increasingly interconnected and automated and many organizations are now ...Show more
Last updated: 30+ days ago • Promoted
Technology Consulting - Cyber Security, Manager / Senior Manager
Ernst & Young Advisory Services Sdn Bhd • Kuala Lumpur, Kuala Lumpur, Malaysia
At EY, we are expanding our market-leading cyber security services to meet increasing client demand.We are seeking highly motivated Managers and Senior Managers to join our team, lead critical clie...Show more
Last updated: 30+ days ago • Promoted
Cyber Strategy Risk Consultant
Accenture Southeast Asia • Kuala Lumpur, Kuala Lumpur, Malaysia
Cyber Strategy Risk Consultant.Role focused on developing and implementing cybersecurity strategies aligned with a client’s business goals, addressing risk, governance, and resilience needs.Cyber S...Show more
Last updated: 30+ days ago • Promoted
Technology Consulting - Cyber Security, Manager / Senior Manager
EY • Kuala Lumpur, Kuala Lumpur, Malaysia
At EY, we’re all in to shape your future with confidence.We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go.Join EY and help ...Show more
Last updated: 30+ days ago • Promoted
Cybersecurity Manager
DayOne • Kuala Lumpur, Kuala Lumpur, Malaysia
DayOne is a global leader in the development and operation of high-performance data centers.As one of the fastest-growing companies in the industry, we have built a robust presence across Asia and ...Show more
Last updated: 30+ days ago • Promoted
Cyber Security Manager / Senior Manager
EY • Kuala Lumpur, Kuala Lumpur, Malaysia
Cyber Security Manager / Senior Manager.EY Federal Territory of Kuala Lumpur, Malaysia.As a Manager / Senior Manager in the EY cyber security practice, you will lead and manage teams to deliver secu...Show more
Last updated: 30+ days ago • Promoted
Senior Manager, Cyber Security & Resilience
AIA Malaysia • Kuala Lumpur, Kuala Lumpur, Malaysia
Senior Manager, Cyber Security & Resilience — AIA Malaysia.Location : Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia.
Senior Manager, Cyber Security & Resilience.This role leads the organi...Show more
Last updated: 30+ days ago • Promoted
Manager, Risk - Technology Risk & Cyber Risk MY
CIMB • Kuala Lumpur, Kuala Lumpur, Malaysia
Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia.Group Technology Risk Management Framework (GTRMF).Cyber Resilience Framework (CRF), Cloud Risk Management Framework (CRMF).BNM’s Risk Mana...Show more
Last updated: 10 days ago • Promoted
Senior Manager - Cyber Security Risk Management
Standard Chartered • Kuala Lumpur, Kuala Lumpur, Malaysia
Senior Manager - Cyber Security Risk Management.Senior Manager - Cyber Security Risk Management.Senior Manager - Cyber Security Risk Management.
Senior Manager - Cyber Security Risk Management.The C...Show more
Last updated: 30+ days ago • Promoted
Senior Manager, Cyber Security & Resilience
AIA Hong Kong • Kuala Lumpur, Kuala Lumpur, Malaysia
At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.As pioneering innovators for over 100 years, we’re now transforming our organisation to be fast...Show more
Last updated: 30+ days ago • Promoted
Technology Consulting - Cyber Security (Manager / Senior Manager)
EY • Kuala Lumpur, Kuala Lumpur, Malaysia
Technology Consulting - Cyber Security (Manager / Senior Manager).EY Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia.
Cyber security is one of the most important risks facing businesses tod...Show more
Last updated: 30+ days ago • Promoted
Third Party & Outsourcing Information Security Risk Manager
UOB • Kuala Lumpur, Kuala Lumpur, Malaysia
Third Party & Outsourcing Information Security Risk Manager.Be among the first 25 applicants.Get AI-powered advice on this job and more exclusive features.
United Overseas Bank Limited (UOB) is a le...Show more
Last updated: 10 days ago • Promoted
Manager, Risk Management (Technology Risk)
Hong Leong Bank Berhad • Kuala Lumpur, Kuala Lumpur, Malaysia
Manager, Risk Management (Technology Risk).The Manager, Technology Risk will undertake the role to proactively safeguard our bank and technology landscape by leveraging our collective expertise to ...Show more
Last updated: 30+ days ago • Promoted
Third-Party Risk Management Lead, Markets Governance
Standard Chartered • Kuala Lumpur, Kuala Lumpur, Malaysia
Third-Party Risk Management Lead, Markets Governance.This role is critical in ensuring that third-party Risk is effectively managed in alignment with the Bank’s risk appetite and regulatory expecta...Show more
Last updated: 30+ days ago • Promoted
Manager, Operational Risk Systems & Analytics –Global Risk Oversight
RBC • Kuala Lumpur, Kuala Lumpur, Malaysia
This position combines a customer service mindset with technical system experience to support application users.The primary role is to act as the first point of contact for customer inquiries, moni...Show more
Last updated: 30+ days ago • Promoted
Technology Consulting - OT Cyber Security, Manager / Senior Manager
Ernst & Young Advisory Services Sdn Bhd • Kuala Lumpur, Kuala Lumpur, Malaysia
At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you.
And we’re counting on your u...Show more
Last updated: 30+ days ago • Promoted
Senior Manager - Cybersecurity
Hartalega • Petaling Jaya, Selangor, Malaysia
The Head of Cyber Security is a strategic leadership role responsible for safeguarding the organization's digital assets, IT infrastructure, and sensitive data across both corporate IT and operatio...Show more
Last updated: 30+ days ago • Promoted
OT Cybersecurity Manager
Bureau Veritas Cybersecurity • Kuala Lumpur, Kuala Lumpur, Malaysia
We are seeking an expert in OT who is business‑savvy, technically hands‑on, and entrepreneurial to lead the build‑out of Bureau Veritas Cybersecurity's launch of OT as a service offering in Asia Pa...Show more
Last updated: 15 days ago • Promoted