Job Summary

If you are not an engineer, cannot code, and are unable to motivate the organisation on the benefits of cloud, this role is not for you.
The role requires the individual to design, implement, and manage solutions to maintain the security posture of the organisation’s cloud environments.
This role involves working closely with cross-functional teams to ensure the security, reliability, and efficiency of cloud infrastructure. The position requires strong technical expertise in cloud platforms, automation, and DevOps practices to support business objectives and drive innovation

Strategy
•    Develop and execute cloud security strategy to align with organization goals and regulatory requirements
•    Regularly review and update security strategies and practices based on emerging threats, industry trends, and organizational changes

Business
•    Implement preventive controls on the cloud platform across AWS & Azure on pipelines, account baselines and policy configurations
•    Implement detective & corrective controls on the cloud platform across AWS & Azure
•    Implement and enforce robust security controls across the cloud platform to protect data, applications, and infrastructure from vulnerabilities and threats
•    Ensure continuous monitoring and enhancement of the cloud security posture, implementing best practices and proactive measures to safeguard against evolving threats
•    Respond to security incidents, conducting investigations, and implementing remediation measures to prevent recurrence.
•    Integrate security practices into the cloud development and deployment pipelines, ensuring that security is embedded throughout the software lifecycle

Processes
•    Integrate seamlessly with cyber security processes and controls
•    Design and implement CI/CD pipelines for continuous integration and deployment.
•    Ensure best practices in Infrastructure as Code (IaC) using Terraform, CloudFormation, or equivalent tools.

People & Talent
•    The team believes and advocates efficiency as a continuous engineering challenge not a commercial ambition
•    The team of talented engineers has it drilled into them that their success also pivots on the ability for other engineers to deploy workloads on the cloud platform easily and seamlessly
•    Mentor junior cloud engineers and provide technical guidance.
•    Contribute to training initiatives and promote cloud best practices within the team.

Key Responsibilities

Risk Management
•    Comply with organisation risk management framework
•    Identify, assess, and mitigate security risks, ensuring compliance with industry standards and regulations.
•    Work closely with risk counterparts across technology, cyber and other areas for safe deployment of workloads to cloud
•    Monitor cloud environments for security vulnerabilities and compliance risks.
•    Implement automated monitoring, logging, and alerting to ensure system security.

Governance
•    Ensure compliance with all applicable SC governance frameworks
•    Adhere to cloud governance frameworks and processes
•    Ensure cloud solutions adhere to internal governance policies and industry standards.
•    Ensure compliance with the highest standards of regulatory and business conduct and compliance practices as defined by internal and external requirements. This includes compliance with local banking laws and anti-money laundering regulations and guidelines

Regulatory & Business Conduct
•    Display exemplary conduct and live by the Group’s Values and Code of Conduct.
•    Responsibility for building a culture of good Conduct within the team.
•    Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
•    Lead the Cloud Security team to achieve the outcomes set out in the Bank’s Conduct principles: Fair Outcomes for Clients; Financial Crime Compliance; The Right Environment
•    Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matter.
•    Responsibility for risk, control and Conduct in the function and providing oversight over the risk, control and Conduct in the function.
•    Responsibility for adherence to the Mandatory Conduct Requirements and demonstrating positive risk, control and Conduct behaviours as part of their role.  Examples include:
o    Timely escalation and proactive management and mitigation of risks and issues.
o    Sharing lessons learnt with colleagues to prevent future errors.
o    Raising concerns and dealing with mistakes in a timely manner and encouraging others to speak up.
o    Cooperating fully with requests from regulators and Group Internal Audit.  
o    Promoting an inclusive culture, encouraging colleagues to act ethically, learn from mistakes, and set the right example to their teams.
o    Responsibility to conduct and complete the Mandatory Conduct Affirmation (MCA) annually, as part of the year- end review to affirm the following:
o    Risk & control and Conduct behaviours have been considered and assessed as part of continuous performance management.
o    Colleagues approach to risk, control and Conduct was considered when making Total Variable Compensation (TVC) proposals during year-end review.  
o    Responsibility for recognizing and providing positive feedback through feedback 365 channels and Going the Extra Mile (GEM) award
 
Key stakeholders
•    Cloud Platform, DevOps, security, and software engineering teams

Other Responsibilities
Embed Here for good and Group’s brand and values in the Cloud Platform team

Skills and Experience

• Software Engineering
  Cloud Technologies
  Cloud Security
  Resiliency and Security
  Security Compliance & Governance
  DevOps
  Security Architecture & Design
  Threat Detection & Response
  Mentoring and Coaching
  Advocacy

Qualifications

• EDUCATION     Bachelor of Engineering
  TRAINING     Cloud, Security, AI/ML
• CERTIFICATIONS     AWS, AZURE, CCSK, CCSP, CISSP
  LANGUAGES     JAVA, C#, PYTHON, GOLANG, INFRASTRUCTURE AS CODE

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.