Job Summary

Senior Vulnerability Threat Management Analyst will be part of the Cyber Risk Remediation team under the CIO function and lead the vulnerability management activities for retail bank division. The Analyst will play a vital role in coordination, analysis, reporting and remediation of vulnerability findings to achieve security goals and risk reduction target for the department. The role requires optimal engagement with various stakeholders including technology delivery leads, information security officers and Collaborate with IT teams to develop and track effective remediation plans for identified vulnerabilities.
•    Governance - Drive strategy and tactical plans toward holistic vulnerability management across multiple technology teams in a large organization. Oversee data collection and reporting of vulnerability metrics for the board, CIO, and CISO leadership. Maintain strong working relationships with IT engineering, operations, and other stakeholders to track and expedite vulnerability remediation targets.
•    Prioritization - Assessment / analysis of vulnerability scan results to prioritize vulnerabilities based on severity, potential impact, and exploitability while aligning with the remediation priorities with the organization’s security standards. 
•    Remediation Planning - Develop strategies to identify, manage, and mitigate identified threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders. Collaborate with IT teams to develop and implement effective remediation plans for identified vulnerabilities.
•    Reporting / Data Analysis - Prepare and publish weekly / monthly reports and metrics based on vulnerability scan results, IT asset inventories and organization structure. Manage and report vulnerability remediation status across all applications within retail bank. Generate detailed vulnerability reports for various stakeholders, including CIO, CISO management, IT teams, and auditors.
•    Advisory / Solution Consulting - Provide technical guidance on patching, configuration changes, and security best practices. Demonstrate in-depth knowledge and understanding of the global threat landscape, cybersecurity trends, emerging technologies, and provide expertise / consultation to application teams for vulnerability remediation.
•    Risk Assessment - Evaluate the potential impact of vulnerabilities on the organization's systems and data. Collaborate with risk management teams to assess the overall risk posture and prioritize mitigation efforts. Assist with the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes)

Key Responsibilities

Strategy

Drive strategy and tactical plans toward holistic vulnerability management across multiple technology teams in a large organization. Oversee data collection and reporting of vulnerability metrics for the board, CIO, and CISO leadership. Maintain strong working relationships with IT engineering, operations, and other stakeholders to track and expedite vulnerability remediation targets.
•    Remediation Advisory & Planning - Develop strategies to identify, manage, and mitigate identified threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders. Collaborate with IT teams to develop and implement effective remediation plans for identified vulnerabilities.

Business

Prepare and publish weekly / monthly reports and metrics based on vulnerability scan results, IT asset inventories and organization structure. Manage and report vulnerability remediation status across all applications within retail bank. Generate detailed vulnerability reports for various stakeholders, including CIO, CISO management, IT teams, and auditors.

Processes

• Prioritization - Assessment / analysis of vulnerability scan results to prioritize vulnerabilities based on severity, potential impact, and exploitability while aligning with the remediation priorities with the organization’s security standards. 

People & Talent

• Advisory / Solution Consulting - Provide technical guidance on patching, configuration changes, and security best practices. Demonstrate in-depth knowledge and understanding of the global threat landscape, cybersecurity trends, emerging technologies, and provide expertise / consultation to application teams for vulnerability remediation.

Risk Management

• Risk Assessment - Evaluate the potential impact of vulnerabilities on the organization's systems and data. Collaborate with risk management teams to assess the overall risk posture and prioritize mitigation efforts. Assist with the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes)

Governance

• Governance - Drive strategy and tactical plans toward holistic vulnerability management across multiple technology teams in a large organization. Oversee data collection and reporting of vulnerability metrics for the board, CIO, and CISO leadership. Maintain strong working relationships with IT engineering, operations, and other stakeholders to track and expedite vulnerability remediation targets.

Our Ideal Candidate Should Have:-

•     Candidate should have atleast 7+ years of expereince in below technology stack.  

•    Vulnerability Analysis: Comprehensive knowledge of vulnerability scanning tools (such as Tenable and Qualys), familiarity with common security vulnerabilities (like the OWASP Top 10), and the capability to evaluate their severity and impact on the business.

•    Exploitability Analysis / Threat Modelling: Expertise in identifying and assessing potential threats and vulnerabilities, evaluating their exploitability, and developing strategies to mitigate associated risks.

•    Remediation: Proficient in various remediation techniques, including patching and configuration changes, with a solid understanding of the effectiveness of different approaches.

•    Scripting/Programming: To be able to understand and recommend code level fixes in Java. Proficiency in scripting languages to automate tasks, analyse data, and develop custom solutions for vulnerability remediation.

•    Networking: Strong grasp of IPv4 and IPv6 networks, including network protocols and security concepts.

•    Operating Systems: Proficient in both Windows and Linux patching systems and automation. 

•    Security Frameworks: Knowledgeable about security frameworks and best practices, such as the NIST Cybersecurity Framework or CIS Critical Security Controls. 

•    Penetration Testing: Experienced with penetration testing methodologies and tools.

Qualifications

• EDUCATION     Bachelor’s degree in computer science, information security, or a related field
• MEMBERSHIP     Preferred Security Research Organization memberships / awareness
• CERTIFICATIONS     Professional certification such as CEH, CVA, CISSP, CISA, or CISM
• LANGUAGES     English

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.