JOB SUMMARY
Role Overview:
Identity and Access Management (IAM) is a critical function within Standard Chartered Bank operating under the overall purview of Group CISO. We are seeking a technically experienced and strategically minded leader to serve as Head of Authentication and Secrets Security. This pivotal role is responsible for implementing, governing, and operationalising enterprise-wide authentication frameworks and secrets management practices. 
You will drive secure access assurance across user, application, and machine identities, enabling modern, passwordless authentication models and robust lifecycle management of credentials, secrets, and keys. You will also work cross-functionally with engineering, DevOps, infrastructure, identity, compliance, and risk stakeholders to ensure strong alignment between technical controls, business enablement, and regulatory obligations.

RESPONSIBILITIES

Strategy
•    Lead the authentication and secrets management strategy for the organisation, ensuring alignment with the broader cybersecurity and Zero Trust architecture.
•    Lead the roadmap, technical design, and ongoing evolution of authentication and secrets tooling across the enterprise.
•    Implement and govern the modern, phishing-resistant Authentication methods, including FIDO2/WebAuthn, passwordless logins, adaptive risk-based authentication, biometrics, and secured Secrets management for centralised and decentralised controls respectively.

Business
•    Partner with all business units, Business CISOs, application owners, and engineering teams to establish and operationalise strong authentication protocols and secrets solutions.
•    Lead a team to design and operate products and workflows with user experience and service excellence in mind.
•    Execute centralised controls and maintain oversight of decentralised controls across authentication and secrets security.

Processes
•    Own, execute and operate centralised controls for all IAM Authentication and Secrets Security Global Process Owner (GPO) responsibilities. 
•    Own the oversight and providing control effectiveness SME recommendations on solutions of decentralised controls for all IAM Authentication and Secrets Security Global Process Owner (GPO) responsibilities. 
•    Define and continuously improve end-to-end processes for:
•    User and machine authentication onboarding and decommissioning
•    Secrets issuance, rotation, expiration, and revocation
•    Vault access provisioning and deprovisioning
•    Service account lifecycle and credential rotation
•    Standardise authentication and secrets onboarding playbooks across cloud, on-prem, and hybrid workloads.
•    Implement dynamic secrets issuance, short-lived credentials, and automated secrets expiry to reduce attack surface.
•    Ensure all secrets and credentials are discoverable, managed, and auditable through centralised platforms and processes.
•    Build reusable workflow templates and automation libraries for vault configuration, access requests, and secrets injection into pipelines or workloads.
•    Partner with Cyber Ops to define and operationalise incident management processes for authentication failures, suspected key leakage, or secrets-related exposure events.
•    Establish clear RACI models and documentation for authentication and secrets ownership, ensuring accountability across technology domains.

Technology
•    Drive adoption of strong authentication protocols and standards such as OAuth2, OpenID Connect, SAML, FIDO2/WebAuthn, and Kerberos.
•    Implement scalable passwordless authentication strategies across user and workload identities.
•    Lead a team of SMEs to deploy and integrate vault technologies for secure secrets storage and access governance. (e.g. BeyondTrust, HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, etc.)
•    Govern the secure lifecycle of all digital secrets and credentials including API keys, tokens, TLS certificates, service accounts, and SSH keys.
•    Lead a team of SMEs to drive the enterprise-wide deployment and operationalisation of secured authentication platforms (e.g. ForgeRock, OpenAM, SSO, AD onboarding, etc.)
•    Enable secrets and authentication integration within CI/CD pipelines, Kubernetes clusters, cloud-native services, and DevSecOps platforms.
•    Ensure consistent and scalable implementation of machine identity protection.
•    Operate and drive the implementation of security principles for secrets access control, rotation, vault onboarding, and audit logging.
•    Track and respond to developments in authentication bypass tactics, secrets sprawl, and emerging standards and technologies.
•    Integrate or implement Authentication and Secrets security requirements in the following areas: Edge devices / ORB (Routers, Switches, FW, etc.), Platforms (Windows, Unix, VM), DB, APIs, AI agents, Applications, Endpoints, Devices, IoT, IaaS, PaaS, SaaS. 
•    Ensure service resilience and SLA for centralised products are adhered to
•    Ensure relevant KPIs and metrics are managed pro-actively and prompt actions are taken to correct course where downward trends are observed.
•    Champion the use of Infrastructure-as-Code and automation tools (e.g., Terraform, Ansible, Python) to enforce secrets policies and ensure rapid, secure provisioning.

People & Talent
•    Manage requirements and SLAs across senior technology leaders, business leaders, auditors, and risk functions to align IAM strategies with enterprise risk appetite.
•    Translate complex IAM concepts into business-friendly language for non-technical stakeholders.
•    Engage, align, and influence senior IT, DevOps, platform, and engineering leaders on authentication and secrets strategy.
•    Collaborate across multiple domains – IT infrastructure, cloud, enterprise architecture, application teams, and compliance to deliver.
•    Drive consensus across cross-functional teams in matrixed or federated operating models.
•    Provide strong project and delivery leadership, with ability to prioritise and deliver IAM initiatives in alignment with cybersecurity roadmap and regulatory timelines.
•    Lead, mentor, and grow a team of IAM security product owners and engineers, fostering a culture of technical excellence and continuous improvement.
•    Foster a collaborative and high-performance team culture.
•    Manage key vendor relationships related to IAM platforms, security tools, and managed services.
•    Lead through example and build the appropriate conduct, culture and values.  Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.
•    Employ, engage and retain high quality people, with succession planning for critical roles.

Financial Mgmt
•    Manage annual budget in excess of USD5m.

Risk Management
•    Define and oversee the governance framework for authentication and secrets security, ensuring alignment with organisational policies, industry standards, and applicable regulations (e.g., ISO 27001, MAS TRM, NIST 800-63, PCI DSS).
•    Own the risk register for authentication and secrets management, driving mitigation plans for high-priority risks and control gaps.
•    Lead compliance and audit engagements, ensuring that vaulting, MFA, and credential practices are well-documented, monitored, and demonstrably effective.
•    Set and report on KPIs/KRIs related to secrets lifecycle maturity, control effectiveness, access hygiene, and secrets inventory completeness.
•    Participate in incident response processes involving compromised credentials, vault misconfigurations, or abuse of privileged authentication flows.

Governance
•    Implement, and maintain Authentication and Secrets security controls based on industry standards (NIST 800-63, NIST CSF, ISO 27001, CIS Controls, MITRE, etc.) and regulatory requirements (MAS, PRA, HKMA, GDPR, SOX, etc.).
•    Ensure effective Authentication and Secrets Security inputs into Governance Boards by providing evidence of high-level and low-level security technical standards being met, stakeholder requirements being met and transparency of critical service metrics.

Regulatory & Business Conduct

•    Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
•    Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
•    Lead the Team to achieve the outcomes set out in the Bank’s Conduct Principles 
•    Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
•    Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
•    Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
•    Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
•    Lead to achieve the outcomes set out in the Bank’s Conduct Principles

Key Stakeholders

•    Group CISO, TTO Group CISO MT
•    CIO, Technology & Architecture, TTO CIA TSA
•    CCO, TTO & Global Head Group Transformation, TTO COO
•    Global Head, IAM, TTO Group CISO MT
•    Global Head, Cyber Security Services, TTO Group CISO MT
•    Global Head, Group Threat Management, TTO Group CISO MT

•    CISO, WRB & Markets, TTO Group CISO MT
•    CISO, CIB, Core Technology & Functions, TTO Group CISO MT
•    Global Head, ICS Risk & Governance
•    Global Head Cyber Operations, TTO Group CISO MT
•    Global Head Audit, GSF Internal Audit 
•    Key Business Stakeholders including: All Business and Function COOs

Other Responsibilities
•    Firm leadership, team-building, and cross-functional communication skills.
•    Experience operating in large, complex, and regulated environments

•    Education - 10+ years of experience in cybersecurity with at least 5+ years with a strong focus on IAM, authentication, and secrets governance.

•    Expertise in Authentication protocols: OAuth 2.0, OpenID Connect (OIDC), SAML 2.0, Kerberos, FIDO2/WebAuthn, LDAP.

•    Expertise in secrets management technologies: HashiCorp Vault, BeyondTrust, AWS/GCP/Azure Secrets Manager or Key Vault, etc.

•    Experience in integrating MFA, password less technologies, and biometric authentication into enterprise architectures.

•    Knowledge of secrets integration with CI/CD and DevOps workflows in environments like Jenkins, GitHub Actions, Kubernetes, Docker.

•    Understanding of attack vectors targeting credentials and secrets, such as credential stuffing, vault misconfigurations, and lateral movement

•    Expertise in managing Security Product and Engineering teams

Certifications

CISSP, CCSP, CISM, GIAC GDSA, FIDO Certified Professional or equivalent

Role Specific Technical Competencies
•    Manage Vendors
•    Information Security Policy and Strategy
•    Manage Change
•    Management of Front-Line Risk
•    Strategy & Business Model
•    Manage Vendors

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.