Job Summary
Strategy
• Help application teams build software with security considerations from the outset by conducting regular static code reviews to identify and resolve security vulnerabilities.
• Fine-tuning SAST tools for optimal performance
• Collaborating closely with developers and CIO teams to address issues related to OWASP Top Ten, SANS CWE patterns, and other secure-coding practices
• Supporting Azure DevOps (ADO) pipeline integration to incorporate security checks into the CI/CD process, reviewing software designs to identify and mitigate security gaps, and partnering with vendors for tool improvements when necessary
• Should be able to clearly articulate security concepts, work effectively with cross-functional teams, and provide expert advice to ensure our applications remain secure at the code level.
Business
• Proactively engage with stakeholders to obtain buy-in for the requirements and design discussions and manage the escalations and expectations accordingly.
Processes
• Perform Code Security Review assessments for in-house developed applications and enhancements in service
• Support release changes in Azure DevOps (ADO).
• Contribute to the expanded operational scope and assist CIO teams in vulnerability remediation.
• Act as a Subject Matter Expert (SME) with strong knowledge of security frameworks (OWASP, SANS, MSVS), secure coding practices, information security principles & architecture, and industry-specific auditory frameworks.
• Bring clarity, collaboration, and strong technical depth to the team to ensure the security of our applications.
People & Talent
• Collaborate with various stakeholders to ensure requirements and design discussions are clearly communicated.
Key Responsibilities
Risk Management
• Act as the SME during regulatory engagements when discussing Application Security topics
• Provide support on audit and regulatory Requests For Information (RFI) as well as internal risk management processes
Governance
• Preparation of several service metrics to management
Regulatory & Business Conduct
• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Key stakeholders
• CIO Development Teams
• Internal Audit, Risk and Regulatory Compliance Teams
• CSS Teams
• ADO team
Skills and Experience
• Security frameworks (OWASP, SANS CWE, ASVS, MSVS), secure coding practices, information security principles & architecture and industry specific auditory frameworks
• Familiarity in handling of industry standard source code review tools such as Veracode, Fortify, SonarQube, Sonatype
• DevOps/CI/CD and automation practices is desirable
• Application Security & Mobile Application Security standards
• Between 8 - 10 years of in-depth, hands-on application development, hands-on working knowledge in security product management, application security technologies and operational experience in a global environment.
• Knowledge of multiple programming languages, ability perform false positive analysis and advise remediation steps.
Qualifications
Education Degree in Computer Science
Certifications CISSP, CSSLP, SANS certifications advantageous
About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.
Together we:
- Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
- Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
- Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
What we offer
In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
- Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
- Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
- Flexible working options based around home and office locations, with flexible working patterns.
- Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
- A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
- Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
