Job Summary

•     This role could be based in India and Malaysia. When you start the application process you will be presented with a drop down menu showing all countries, Please ensure that you select a country where the role is based.
•    The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing information and cyber security (ICS) risk across the enterprise. As a critical function reporting into the Group Chief Technology, Operations and Transformation Officer, the Group CISO serves as the first line of defence for assuring ICS controls are implemented effectively and in accordance with the ICS Risk Framework, Policy and Standard, and for instilling a culture of cyber security within the Bank.
•    The VP, ICS Threat Scenarios will support the Threat Scenario-led Risk Assessment (TSRA) team, specifically TSRA Threat Scenario Subject Matter Experts (SME). This includes designing, implementing, and maintaining creation and amendment of new threat scenarios, working on Sentinel/MSTR/PEGA/ATOM architecture based on ICS RTF framework, driving digitisation, automation, and innovation; performing Data quality checks/recon; collaborating with different stakeholders, GTM, ESA, Purple Team, Control Owners, Risk Managers, Cyber Functions and Board engagement, where needed.
•    This role reports directly to the Director, ICS Threat Scenarios.

Key Responsibilities

Strategy
•     This is a global role that requires strong cybersecurity and technical knowledge, business acumen and good organisation skills with ability to manage multi-disciplinary group, knowledge of Cybersecurity Risk Management, and process controls.
Business
•     The role will work closely with TSRA Threat Scenario Library team, TSRA Operations, Group Threat Management (GTM) and control owners to support sustainability of TSRA threat scenario library and provide skills needed to deliver against the ICS, R&C strategic goals. The role is expected to seamlessly blend in with the existing SMEs in a multi-location set up – providing expertise while analysing the evolving threat landscape, contextualize with SCB’s business priorities and identify scenarios for risk assessments, while also suggesting mitigation to minimize risks from the evolving threats. The role will develop into an SME in the future, working closely with the various CISO and 2LoD teams to help the bank reduce exposure to the external threat landscape.
Processes
The candidate will:
•    Drive creation of a central project plan for uplifting TSRA Threat Scenarios to become more data driven – supporting residual risk assessments, investment planning and benefits management.
•    Directly work with senior stakeholders to chart out yearly objectives, identify key milestones and dependencies.
•    Coordinate Working Group meetings, prepare agenda, meeting packs and minutes. Help squad leads to identify and follow through actions for closure.
•    Work with different product teams towards the best possible implementation – be the subject matter expert on policy requirements and guide technology teams throughout the delivery lifecycle.

•    Participate in design discussions and propose solutions by balancing the policy requirements with technical implementation.
•    Participate in UAT, prepare user documentation and training material where required
•    Collaborate with GTM, Security Architecture and R&C teams to plan and prepare training materials for the unified delivery.
•    Proactively identify areas of opportunity and continuous improvement in the implementation of an end-to-end threat led risk management.
•    Develop ICS Threat Scenarios: 
•    Source and analyse for key insights from the Bank’s approved Threat Intel reports/bulletins and Threat Intel tools,
•    Gather business contexts from requestors and collect threat characteristics from stakeholders, 
•    Craft scenario narrative to articulate ICS threat and adversary techniques (including mapping of MITRE TTPs and mitigating controls) and,  
•    Seek alignment with stakeholders for Threat Working Group endorsement and inclusion into the Bank’s Strategic Threat Library 
•    Perform annual refresh of the Bank’s Threat Scenario Library by reviewing/identifying for obsolete/similar threat scenarios for retirement, enhancement, or amendment with the object to maintain an evergreen and highly relevant threat library for business function consumption and adoption. 
•    Perform control efficacy assessment of outputs produced by Purple Team’s BAS/atomic testing on selected threat scenarios and provide assessment view/summary in the form of MITRE Heat Map format.  
•    Collaborate with key stakeholders in the areas of key threat parameters (e.g., plausibility, adversary behaviors, TTP), testing of high priority scenarios and mitigating controls alignment.
•    Develop, maintain, and adhere to Guiding Principle for mitigating controls mapping to the Bank’s standard control statements. 

•    Provide Threat SME support to stakeholders and projects as and when requested. 
•    Provide Threat SME support to the CISO, 1st Line Defence (1LOD), and 2nd Line of Defence (2LOD) of the Bank during the annual Risk and Control Self-Assessment (RCSA) cycle. 
•    Participate and provide support in the content delivery of the communication deck for the Bank’s Monthly ICS Threat Working Group and Stakeholder Engagement Forums.
People & Talent Management
•    Working in close collaboration with TSRA Threat SMEs, GTM, ESA risk and control partners across all functions to effectively embed a strong culture of risk awareness and good conduct,
•    Improve client centricity through increased delivery velocity,
•    Spread and sustain a continuous improvement and innovation culture
Risk Management
•    Work closely with senior stakeholders to drive an effective security risk management culture and compliance mindset,
•    Mature the Bank’s ability to proactively identify and manage cyber threats through implementation of robust, integrated risk processes (the ICS RTF and Threat Scenario Risk Assessment (TSRA) Standard),
Governance
•    Provide timely and accurate reporting to appropriate committees (risk governance committees, QPR/MPR and associated Refinement Forums, where applicable)
•    Support assurance activities, external and external audits and provide the timely feedback
•    Support appropriate oversight and facilitate resolution of high impact risk and issues
Regulatory & Business Conduct 
•    Display exemplary conduct and live by the Group’s Values and Code of Conduct. Including tracking and remediation of conduct issues 
•    Effectively and collaboratively support to identify, escalate, mitigate, and resolve risk, conduct and compliance matters.

Key Stakeholders
•    Head, ICS Risk Mgmt Ops-Business, Mkts & Functions
•    Director, ICS Threat Scenarios
•    TSRA Threat SMEs
•    Group Threat Management (GTM)
•    Enterprise Security Design & Architecture (ESA)
•    Head, ICS Risk Management Ops – Business, Markets and Functions 
•    Chief Information Security Officers (CISOs) 
•    Information Security Risk Officers 
Other Responsibilities
•    Embed Here for good and Group’s brand and values in ICS R&G; Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures; Multiple functions (double hats);

Qualifications

Required Qualifications, Capabilities, And Skills:
•    Bachelor’s degree in computer science or cyber-security or a related field of study
•    More than 15 years of experience in technology, risk and controls, preferably in Banking & Financial Services.
•    At least 5 years of working experience as a practitioner in the fields of Cybersecurity, Networking Security, Cloud Security, Red/Blue/Purple Team activities, Threat Intelligent Analysis or Threat Hunting 
•    Demonstrable knowledge on MITRE Methodology/Framework, threat intelligence, key adversary techniques and mitigation
•    Strong written or verbal communication skill and ability to articulate threat/security findings to both technical and non-technical audiences. 
•    Practical proficiency in MS Excel, Words, PowerPoints, Visio/Griffy
Preferred Qualifications, Capabilities, And Skills:
•    Good understanding of networking concepts including OSI model, TCP/IP
•    Good general knowledge on the applicability of cyber defensive/detection technologies/solutions/tools as mitigation/safeguard against cyber threat 
•    Good understanding on industry standard control statements (NIST, CIS) compliance is a plus.
•    Certification in CISSP, CCSP, CISA, CEH, GSEC, CISM, CompTIA Security+

Skills and Experience

•    Change Management
•    MITRE Methodology/Framework
•    Industry standard (NIST, OSI, CIS)
•    Regulatory Environment – Financial Services
•    Cybersecurity tools / technologies

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.