Job Summary

• This role will be part of the Vulnerability Advisory team within the Cyber Advisory, Assessment & Vulnerability Testing (CAAT) team and the primary purpose will be to perform impact assessment of vulnerabilities that are released in the wild with respect to the Bank’s infrastructure.
• This process would cover Infrastructure devices such as Windows, Unix, AIX, Database, Webservers, ATMs, Cloud Infrastructure, Network devices, Vendor provided applications and any other associated core infrastructure components. The role requires the ability to communicate and build relationships with technology product owners and support teams across geographies

RESPONSIBILITIES

• Assess impact of vulnerabilities that are released in the wild with respect to the Bank’s infrastructure.
• Collaborate with Internal Threat Intelligence Team for intelligence about CVE and it’s weaponization
• Ensure appropriate teams are made aware of any new vulnerability impacting assets owned by them.
• Initiating and managing Critical incident calls and represent the team on the call.
• Explain impact of identified vulnerabilities to the Bank’s infrastructure to stakeholders.  
• Proactively coordinate with various stakeholders across the bank to ensure that they are aware of any vulnerabilities that require their attention.
• Keep abreast with current trends in information technology network and system security software and hardware.

Strategy

• Provide vulnerability research and report on security vulnerabilities and latest advancements in the vulnerability management lifecycle. 
• Developing threat scenarios to articulate the levels and types of security controls appropriate for respective application/product
   

Key Responsibilities

Processes

• Perform reconciliation activity of technologies used within the bank to ensure those are covered under the vulnerability alerting process.
• Act as the SME during regulatory engagements when discussing vulnerability assessment process
• Proactively identify gaps within the existing process and provide inputs/suggestion to address them.
• Proactively engage with stakeholders to obtain buy-in for the service and manage the escalations and expectations accordingly.
• Generate reports for various stake holders from time to time.

People & Talent

• Communicate effectively orally and in writing and establish cooperative working relationships.
• Provide stakeholder and peer leadership in cross-functional projects and initiatives.

Risk Management

• Provide response to audit RFIs as and when required by various audit activities.
• Be aware of, identify and escalate all risk issues and concentrations in accordance to the firm’s Group Information and Cyber Security Policy. Where appropriate, direct remedial action and/or ensure adequate reporting to Risk Committees.
   

Skills and Experience

Governance

• Promote an environment where compliance with internal control functions and the external regulatory framework is a central priority of the service

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders

• Information & Cyber Security
• Cyber Advisory, Assessment & Vulnerability Testing
• Vulnerability Management
• Vulnerability Advisory
• Other relevant functions with Technology Services (Infrastructure Services, Networks etc.) and Operations Risk
   

Qualifications

Qualification

• CISSP, SANS Certification, CISM or other relevant Cyber Security certifications

Role Specific Technical Competencies

• Vulnerability Management Process 
• Vulnerability Assessment utilizing CVSS 
• Knowledge on latest Vulnerabilities and Threats
• Cloud Security & DevSecOps
   

Competencies

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.