Job Summary

Standard Chartered’s diverse footprint across 63 of the fastest growing markets in Asia, Africa and the Middle East creates unique opportunities for passionate, motivated, and highly skilled people who want to make a difference. We are changing the way people think about banking. We are changing the way we do business – becoming the digital bank with a human touch. This is your opportunity to be part of a growth story in an industry that is reimagining how customers are getting better, faster experiences and convenience through digital technology.

Our Information & Cyber Security (ICS) team sits within the Transformation, Technology & Operations (TTO) function and is responsible for all mission-critical and enterprise-wide areas of cybersecurity, including identity and access management, global threat intelligence, data protection, malware protection, and application and infrastructure security. These are challenges that impact our clients globally.

Our ICS Portfolio team develops the platforms, drives the processes and builds partnerships on behalf of ICS. We thrive on providing solutions to complex issues, devoting time and energy to designing and delivering new and innovative solutions, and all in an environment that demands being risk-aware, not risk-averse. ICS chooses progress over perfection and aims to always participate with a constructive purpose. The team makes an impact wherever they are based, be it in our offices around the world, our Global Business Solution centres in China, India, Malaysia and Poland, or even from our home.

If tackling complex challenges excites you, then join our ICS Identity & Access Management team where you will get to collaborate and work on solutions across business and functions to drive the transformation and deliver better experiences to our customers. We constantly strive to reduce time-to-market and streamline our processes. We follow agile methodology and work to embed an improvement habit across the bank.

Now you have an opportunity to make a meaningful impact with a diverse and passionate team of creators, innovators, and achievers. With us, you’ll learn, be inspired, and make an impact every day. The success of our work hinges on how we use the unique diversity of our people to realise the effects we seek to achieve: Always on. Always safe. Always Simple.

Key Responsibilities

The Authorisation Security Team within the Identity and Access Management domain operates as an integrated model consisting of four independent yet interconnected capabilities that together form a closed-loop control system. Authorisation Policy Engineering is a newly established capability responsible for converting business, risk, and regulatory access intent into durable, enforceable, and machine‑readable identity and access control policies.

The Head of Authorisation Policy Engineering is accountable for the end‑to‑end capability that transforms access intent into machine‑enforceable authorisation policy. Reporting directly to the Head of Authorisation Security, this role requires a strong, independent leader responsible for defining, maintaining, and advancing the policy engineering discipline—including its models, semantics, and standards. The role demands establishing a high‑integrity engineering culture and protecting policy quality without compromising on delivery cadence. Success depends on close collaboration with peer capability leaders to maintain alignment, manage systemic risk, and ensure the authorisation domain functions as a coherent, well‑governed ecosystem. Key responsibilities include owning capability outcomes such as backlog prioritisation, delivery performance, and prudent budget stewardship. The role holder is expected to exercise independent judgement and make binding decisions within their capability remit. This role serves as the Bank’s sovereign authority for authorisation policy semantics, responsible for defining and governing the canonical enterprise access model. As the source of truth for access intent, the role ensures all IAM Capabilities and consuming platforms align to consistent, machine‑readable authorisation logic.

• Accountable for the correctness, sustainability, and enterprise adoption of IAM role models and role logic, reducing entitlement sprawl and preventing privilege inflation at source.
• Establish and sustain enterprise authorisation policy engineering as a durable, tool‑agnostic capability, acting as the final authority for policy modelling standards and semantics.
• Translate business, regulatory and risk control intent into testable, machine-readable policy with no room for error, ensuring all intent is captured in a single, canonical source of truth.
• Lead adoption of Policy-as-Code practices, independent of platform, with version control, automated testing, peer review and controlled deployment.
• Own end-to-end policy lifecycle, deterministic fail-closed/fail-open behaviour, graceful degradation, and operational resilience including protection of policy integrity by rejecting or reshaping requirements that compromise correctness.
• Define and track KPIs demonstrating the transition from manual interpretation to automated, deterministic enforcement.
• Partner with other Capabilities in IAM to ensure coherent, enforceable, continuously validated authorisation semantics.
• Support capability growth through hiring input, coaching, and knowledge sharing.
• Ensure semantic consistency across IAM Capabilities by governing a unified enterprise access model and preventing drift, duplication, or logic collisions.

Responsibilities

Strategy*

• Develop and define a multi-year strategy aligned with Zero Trust principles and enterprise objectives.
• Establish standards for expressing authorisation intent as code.
• Ensure policy models are scalable, composable, and adaptable.
• Translate enterprise strategy and regulatory expectations into actionable initiatives.
• Act as the expert in identity policy area.
• Act as a liaison between business and technical teams to ensure business and technical objectives and requirements are well communicated and understood.
• Partner with the Bank Cyber Operations to design, develop and operationalise identity policy.
• Partner with the Bank Security Architects and Risk Teams to ensure alignment with Enterprise Security approach and Regulatory standards.
• Partner with the Bank Analytics and Strategy teams to translate insights into execution roadmaps.
• Continuously identify opportunities for cost optimization, increase efficiency and process simplification.

Business*

• Partner with business and control stakeholders to capture access intent and define outcomes.
• Articulate policy engineering value in risk reduction, scalability, and operational efficiency.
• Ensure full traceability and semantic consistency between requirements, policy definitions, and enforcement decisions, eliminating ambiguity across platforms.
• Own the clarity, coherence and auditability of enterprise access intent as expressed in policies.
• Validate benefits realisation with measurable, outcome-based indicators
• Facilitate integration of business priorities and strategic objectives into delivery roadmaps.
• Translate technical requirements into business value statements for leadership stakeholders.
• Ensure that processes are optimized for transparency, accountability, user experience and continuous improvement.
• Partner with business owners to validate outcomes and benefits realization.
• Work closely with ICS and Stakeholders to ensure that requirements are in line with the bank’s strategy
• Responsible to evolve the craft towards improving automation, simplification and innovative use of latest market trends
• Engage with third-party vendors as appropriate for the project

Processes*

• Define and optimise end-to-end policy lifecycle processes, including authoring, reviewing, testing, approving, deploying, and rolling back.
• Identify and implement automation opportunities across the policy lifecycle.
• Define standards for policy observability and explainability, ensuring deterministic, testable behaviour and preventing systemic drift.
• Align processes with enterprise architecture, operational practices, and compliance.
• Identify automation and digital enablement opportunities (e.g., workflow, integration, self-service).
• Partner with process owners, operations, and compliance teams to ensure business alignment.
• Successful grooming of delivery backlog facilitating planning ceremonies with clear, aligned outcomes.

Responsibilities

People & Talent*

• Act as the primary liaison between business, cybersecurity, and platform teams.
• Communicate product performance, risks, and roadmap to executive stakeholders and governance forums.
• Foster culture of precision, accountability, and shared understanding of authorisation concepts.
• Build capability through coaching, mentoring, and shared practices.
• Contribute to hiring, retention, and professional development.
• Drive stakeholder alignment on adoption plans, investment needs, and decommissioning of legacy platforms.
• Create an environment of trust, open communication, and cross-functional alignment across business, technology, and control functions.
• Collaborate closely with business units, Scrum Masters, and development teams to ensure successful sprint outcomes.
• Champion an engineering‑first culture that prioritises precision, correctness, and policy integrity over delivery speed.

Risk Management*

• Establish and maintain a strong governance framework for correctness, consistency, resilience and enforceability.
• Proactively identify, assess, and eliminate systemic risks such as semantic drift, logic collisions, inconsistent attributes, and misaligned enforcement patterns.
• Ensure fail-safe behaviour under degradation or failure.
• Contribute to audit and risk management with evidence-based artefacts.
• Ensure adherence to ICS governance standards and contribute to shaping internal audit and risk processes.
• Ensures the project follows the standards with respect to risk management as applicable to their domain.
• Adheres to common practices to mitigate risk in their respective domain.

Governance*

• Embed a strong compliance-first and regulatory-first mindset into program delivery for IAM initiatives.
• Ensure that program decisions and outcomes align with legal, regulatory, and business conduct requirements.
• Act as a role model for integrity, ethics, and responsible delivery practices.
• Ensure all artefacts and assurance deliverables are as per the required standards and policies (e.g., SCB Governance Standards, ESDLC etc.).

Responsibilities

Regulatory & Business Conduct*

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key stakeholders*

See the consolidated list of responsibilities below

• Peers in IAM Authorisation Security, Hive Tech Lead, PMs and SMs ICS wide, Engineering Leads & Enterprise Security Architecture
• ICS IAM Leadership Team, ICS CISOs, ICS Delivery Team partners, CPOs

• Technology & Architecture & CIOs
• Global Head, ICS Identity & Access Management
• Global Head, Cyber Security Technology
• Global Head, Cyber Security Operations
• Global Technology Service Heads (Production Support, Infrastructure, Testing, SRE, Architecture)

Other Responsibilities*

Embed Here for good and Group’s brand and values in ICS - Identity & Access Management domain. Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures; Multiple functions (double hats); [List all responsibilities associated with the role]

The ideal candidate will embody the following attributes:

• Strategic Thinker - connects execution with long-term organizational goals.

• Independent Driver - able to lead without heavy oversight.
• Regulatory Mindset - embeds compliance and governance discipline in delivery.
• Trusted Partner - strong communicator with ability to engage stakeholders up to CIO level.
• Delivery-Oriented - relentless focus on achieving OKRs and outcomes.
• Collaborative Leader - fosters alignment, removes silos, and builds trust across teams.

Skills and Experience

• 15+ years of total experience as a cyber security professional with at least 8 years demonstrated experience defining and governing enterprise authorisation policy in a global capacity.
• Experience in translating business, regulatory and risk intent into executable policy.
• Experience in establishing capabilities with strong engineering standards.
• Experienced in leading complex, enterprise-wide initiatives with accountability for capability and outcomes.
• Demonstrated experience in designing or governing machine‑readable authorisation policy (e.g., RBAC/ABAC/PBAC, declarative policy languages).

• Familiar with enterprise directories and identity platforms such as Active Directory, Entra and related IAM technologies

• Familiar with operating systems, middleware, databases, and cloud platforms (Azure/AWS) from identity threats perspective
• Familiar with emerging technologies such as Artificial Intelligences, Agentic AI and Digital Assets from identity threats perspective
• Analytical, delivery-oriented mindset with the ability to balance strategy and execution.
• Exceptional communication (technical and non-technical), collaboration, and leadership skills with a focus on influencing without authority.
• Skilled at identifying risks, driving remediation, and ensuring compliance with audit/regulatory expectations.
• Agile mindset proven by experience with Agile tools.
• Proficient in creating process and solution design documents
• Proficient in stakeholder management and good communication skills. Able to bridge business and technical teams. Able to communicate with senior executives while maintaining alignment with ground-level teams.
• Experience working in banking, finance, or other regulated environments.

Skills and Experience

Qualifications

Qualifications

• Bachelor’s degree in Cyber Security, Computer Science, Engineering, Banking, Business, or a related field
• Certified Scrum Product Owner (CSPO)
• Relevant certifications would be beneficial.

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.