Job Summary

This role will be part of the Configuration Compliance & Governance team within the Security Configuration and Compliance Management function and is responsible for the Configuration assessment, Non-compliance risk rating classification and driving remediation governance of Non-compliance identified that could potentially impacting the Bank's infrastructure or products.
The ideal candidate will have a deep understanding of configuration management, threat assessment and remediation processes. 

Key Responsibilities

•    Assess the configuration standards with industry standard benchmarks, create policy in compliance scanning tool, evaluate the reports for all the bank infrastructure assets.
•    Assess impact, threat and exploitation scenarios for potential non-standard configurations impacting the Bank’s infrastructure or products, research on security frameworks and latest advancements in the configuration management lifecycle and tools. 

•    Oversee and prioritize configuration remediation efforts based on severity and potential impact on Bank’s operation and reputation, which includes management of tracking and remediation of non-compliance by leveraging agreed upon action plans and timelines (SLAs) with Technology/ Business stakeholders within the Bank 
•    Aggregate configuration assessment results from security standards, utilizing a combination of automated tools and manual reviews to identify potential attack surface to drive remediation prioritization of high-profile non-compliances.
•    Collaborate with product engineering and cyber defence team to drive remediation prioritization or mitigation strategies by leveraging information on threat or exploitation context. 
•    Coordinate and lead vulnerability management forums with operation and engineering teams as required to govern outstanding vulnerability remediation findings and providing status updates.
•    Develop and maintain documentation related to configuration management, non-compliance assessment and remediation process.
•    Support organization through internal and external audits of the various processes and procedures in use
•    Leverage available data sets to deliver and enhance weekly/monthly recurring reports and present these in the relevant forums to stakeholders.
•    Stay abreast of emerging threats, configuration standards and mitigation techniques through ongoing research and professional development.
•    Communicate effectively orally and in writing and establish cooperative working relationships.

Skills and Experience

•    Between 8 - 12 years of in-depth, hands-on working knowledge in security technologies and operational experience in a global environment, preferably in Banking and Financial services sector.
•    You’ll have strong understanding of network security principles and basic configuration standards, with skills in monitoring security systems and identifying potential cyber security risks within a banking environment.
•    Solid knowledge of banking security compliance requirements and ability to support implementation of security protocols and data protection measures.
•    Proficiency in fundamental cyber security tools and technologies.
•    Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defence-in-depth).
•    Hands on experience on industry leading tools : Qualys Guard, Vulnerability Management, Policy compliance, Cloud,
•    Knowledge on Python, Excel Macros, any programming knowledge to simplify the repeated mundane activities
•    Quick learner and Collaborative mindset with team members 

Qualifications

•    Education: Bachelor Degree In Engineering, Computer Science/Information Technology Or Its Equivalent.
•    Certifications: Industry Certifications Will Be A Plus E.G., CCNA Security, CCIE, CCNP Security, CISA, CRISC And CISM
•    QUALYS PRODUCT CERTIFICATION IS MANDATORY 

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.