Job Summary
• As Lead for the Sustainability Operations pillar of WRB CISO, covering sTK, SIA and Vulnerability management.
• Familiar with enterprise level vulnerability management and remediation lifecycles.
• Perform risk assessments and providing a mitigating control narrative as a cyber security expert.
• Collaborate with technology team to understand the underlying infrastructure, mitigating controls and provide a strong narrative on the material impact of the open vulnerabilities.
• Drive standardization across cluster CISOs, ensuring aligned execution of Group practices for VM, SIA review, STK review, exception management processes, and ERR TP Action Plans.
• Identify security gaps during the design phase with the domain architects and enforce mandatory remediation plans for any deviation from ICS standards.
• Execute the SIA review process and exercise authority to block vulnerable releases that violate ICS standards or exception management.
• Comprehensive vulnerability management tracking and reporting across all operational and executive risk forums to ensure unified visibility into WRB security posture.
• Drive the residual risk assessment of residual vulnerabilities that cannot be remediated immediately and alignment of residual risk rating with OTCR for endorsement.
• Mandate and oversee the annual penetration test for internet-facing system and crown jewels, ensuring all findings are fixed or formally accepted before go-live.
• Support the Threat and Governance Team in risk assessment, reporting and forming of the RC update / risk papers / management updates.
• Monitor the vulnerability management BRAM and TSRA metrics and provide regular updates in CCM, TSRA, RCSA cycles.
• Lead the continuous process improvements of ICS workflows (e.g.: ADO, SNC, SIA, exception management, execution discipline, risk assessment).
• Build and drive high-performing vulnerability management and secure by design team, fostering a culture of continuous upskilling.
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls and gaps remediation/assessment.
• Liaise with the WRB architecture team to ensure alignment between the security requirement and gaps of applications.
Key Responsibilities
Strategy
• Manage and support to deliver WRB strategy on Sustainability of ICS controls to maintain and improve ICS security risk posture by proactive risk identification and remediation together with governance of WRB ICS controls risk posture.
• Proven ability to lead on initiatives to embed a sustainable ICS Controls status in WRB. Includes gap findings, understanding solution and driving changes by collaborating with different functions, regional teams, businesses, and countries.
• A strong understanding of the business impact of security tools, technologies and policies.
Business
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices.
• Focal point for the pillar for the business and management team in WRB across group and country, working with respective regional leads as well.
• Collaborate with WRB various Business, Technology and Security Teams.
Processes
• Identify opportunities for automation and reducing manual errors especially in a fast moving environment with focused team members.
People & Talent
• Excellent organisation and leadership skills with ability to manage multiple deadlines and effectively prioritise.
• Manage direct reportee/team in KL working with wider WRB CISO team in KL and markets.
• Strong leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
Risk Management
• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
• Perform risk assessments and providing a mitigating control narrative as a cyber security expert.
Governance
• Ensure key ICS risk and issues are monitored and appropriately addressed by key stakeholders
Regulatory & Business Conduct
• Display exemplary conduct and live by the Group's Values, Valued Behaviours, and Code of Conduct
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank.
• Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.
Key stakeholders
• CISO, WRB & Markets
• Head of ICS Controls & Sustainability, WRB & Markets
• ICS Control owners
• CIO, CPBB, MT members and their teams supporting delivery of ICS remediation and ongoing management of applications/infrastructure.
• Global Head, Business Risk Management, CPBB COO
• Group Hive Leads – Business and Technology
Skills and Experience
EDUCATION: 5 to 10 years of experience in ICS security design, Operations Management, enterprise level vulnerability management and risk management.
• At least Bachelor’s degree (Economics, Management, IT)
• Experience in IT and ICS operations execution and management - MUST
• Experience in ICS Risk Framework within banking industry - MUST
• Experience in various ICS security Domain and delivery experience – MUST
• Minimum of 10 years professional experience with 3-5 years’ experience in banking industry.
• Experience in risk management and remediation. - MUST
• CISSP, Risk and Information Systems Control Certificates – Must
• Demonstrated ability to hold technical discussions with the technology team to comprehend the infrastructure, architecture design, networking, and then assess the vulnerability and its exploitability.
• Possess a strong ability to conduct in-depth research on vulnerabilities and identify effective mitigating controls.
• Comprehensive understanding of vulnerability lifecycle management, including threat, impact, and risk assessment.
TRAINING
• Strong understanding of the defence-in-depth strategy.
• Knowledge of industry standards for assessing security vulnerabilities, such as the CVSS scoring system, OWASP, CVE or SANS CWE software flaws, is required.
• Presentation skills and the ability to provide detailed and clear narratives.
CERTIFICATIONS: CISSP, CISA and equivalent certifications
LANGUAGES: English
Role Specific Technical Competencies
• Understanding of the Cyber landscape and ICS Controls within the banking environment
• Excellent organisation skills with ability to manage multiple deadlines and effectively prioritise
• Ability to foster positive relationships with internal and external stakeholders at appropriate level ensuring open cooperative environment. Be a Team player.
• Experienced in the production of executive reporting; good communication skills (written and oral).
• Excellent analytical and problem-solving skills, with the ability to prioritize and manage multiple tasks in a fast-paced environment
• Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders
About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.
Together we:
- Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
- Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
- Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
What we offer
In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
- Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
- Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
- Flexible working options based around home and office locations, with flexible working patterns.
- Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
- A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
- Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
