Role Overview

This role could be based in Singapore or Malaysia. When you start the application process you will be presented with a drop down menu showing all countries, Please ensure that you select a country where the role is based.

Identity and Access Management (IAM) is a critical function within Standard Chartered Bank operating under the overall purview of Group CISO. We are seeking a strategic, technically strong leader to head our Identity and Access Management (IAM) Threats, Architecture, and Controls function. This role is accountable for defining and driving the enterprise IAM security architecture and threat response strategy, ensuring that controls are effective, scalable, and aligned to the dynamic cyber threat landscape.
You will lead the identification and prioritization of IAM initiatives based on threat intelligence, risk posture, and emerging technology trends—including the potential risks and impacts of artificial intelligence (AI), machine learning, and quantum computing. You will also lead the required controls onboarding and operating effectiveness validation of controls. This is a critical leadership role that requires technical depth, architectural vision, and the ability to engage and influence a wide range of stakeholders across the enterprise.

RESPONSIBILITIES

Strategy
•    Develop and lead a multi-year strategy for IAM Threats, Architecture, and Controls that aligns with enterprise security goals, ICS priorities, regulatory requirements, and real-world threat intelligence.
•    Continuously review and reprioritize the IAM book of work based on risk impact, threat evolution, business needs, and technology innovation.
•    Ensure alignment with emerging cyber security risks—including those associated with AI-driven identity attacks, adversarial machine learning, synthetic identities, and quantum cryptography threats.
•    Provide the Security Solution Architecture and frameworks aligned with Zero Trust principles, ensuring scalable and consistent policy enforcement across hybrid and multi-cloud environments.

Business
•    Own the enterprise IAM security architecture design patterns, spanning workforce, privileged, and non human identities domains across all lines of Businesses in the Bank
•    Design robust, resilient identity security models incorporating Zero Trust, cloud-native IAM (AWS, Azure), and federated identity systems.
•    Define and maintain oversight of controls across authentication, authorization, secrets management, session lifecycle, access governance, and identity federation (OAuth2, SAML, OIDC).
•    Understand Business Strategies and Priorities and develop technical IAM security roadmap in line with business strategies and use of emerging technologies 
•    Integrate threat intelligence and adversary techniques (MITRE ATT&CK) into IAM design and monitoring practices.
•    Lead the analysis and partner with Cyber Ops on integration of IAM signals into detection and response pipelines via SIEM/SOAR and security analytics platforms.

Processes
•    Responsible for executing and supervising the framework and process execution for all IAM Global Process Owner (GPO) responsibilities, overall controls onboarding and operating effectiveness of front to back IAM controls and processes as defined in the Group’s Operational Risk Framework and ICS RTF.

Technology
•    Lead the development of IAM security architectural design patterns in partnership with T&A, DevSecOps, and cloud security teams to ensure business applications and technology assets are secure-by-design in the following areas: Edge devices / ORB (Routers, Switches, FW, etc.), Platforms (Windows, Unix, VM), DB, APIs, AI agents, Applications, Endpoints, Devices, IoT, IaaS, PaaS, SaaS
•    Embed IAM security requirements in DevOps and CI/CD environments, including but not limited to access governance, secrets management, modern authentication and API token governance.

•    Lead a team of SMEs that drives controls onboarding and controls operating effectiveness review across the organisation for authorisation, authentication and secrets security in design reviews, transformation initiatives, and cloud migrations.
•    Monitor, assess, and advise on the security implications of emerging technologies such as AI, deepfake-enabled identity fraud, generative threats, and post-quantum cryptographic disruption.
•    Collaborate with research, architecture, and risk functions to prepare the IAM program for next-generation attack vectors and regulatory shifts.
•    Plan and oversee the delivery of a robust set of security technologies across IAM to enable delivery of IAM mission and vision. 
•    Embed anomaly detection and telemetry into access governance, privileged identity management, authentication and secrets systems to enable proactive monitoring and alerting.

People & Talent
•    Act as the strategic and technical advisor to stakeholders across security, IT, enterprise architecture, legal, HR, and business leadership.
•    Translate complex IAM security issues into business-relevant narratives to influence leadership and secure program support.
•    Represent IAM security in architecture governance forums, risk committees, and strategic project reviews.
•    Lead, mentor, and grow a team of IAM security solution designers, IAM risk analysts and threat and control analysts.
•    Foster a collaborative and high-performance team culture.
•    Manage key vendor relationships related to cyber security solutions, tools, and managed services.
•    Lead through example and build the appropriate conduct, culture and values.  Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.
•    Employ, engage and retain high quality people, with succession planning for critical roles

Financial Management
•    Manage annual budget in excess of USD5m.

Risk Management
•    Align and maintain IAM security standards and practices in line with evolving Cyber Threat landscape and Emerging Technologies. 
•    Establish and manage IAM standards exceptions, deviations, and remediation timelines through formal governance processes.
•    Drive secure-by-design and secure-by-default principles across the organization, and ensure enforcement of controls for the organisation to stay within Risk appetite 
•    Ensure continuous controls testing and improvement through feedback loops from audit findings, red/purple team exercises outcome, and real-world incidents.

Governance
•    Define, assess, and govern the operationalisation of IAM controls based on industry standards (NIST 800-63, NIST CSF, ISO 27001, CIS Controls, MITRE, etc.) and regulatory requirements (MAS, PRA, HKMA, GDPR, SOX, etc.).
•    Ensure effective IAM inputs into Governance Boards exists providing evidence of high-level and low-level security technical standards being met, stakeholder requirements being met and transparency of critical service metrics.
•    Lead internal and external audits representing IAM SME Executive and ensure resolution of IAM related findings or control gaps.

•    Stay abreast of emerging access technologies, industry threats, and regulatory developments, and translate them into actionable IAM strategies.

Regulatory & Business Conduct

•    Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
•    Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
•    Lead the Team to achieve the outcomes set out in the Bank’s Conduct Principles 
•    Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
•    Display exemplary conduct and live by the Group’s Values and Code of Conduct. 

•    Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
•    Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
•    Lead to achieve the outcomes set out in the Bank’s Conduct Principles

Key Stakeholders

•    Group CISO, TTO Group CISO MT
•    CIO, Technology & Architecture, TTO CIA TSA
•    CCO, TTO & Global Head Group Transformation, TTO COO
•    Global Head, IAM, TTO Group CISO MT
•    Global Head, Cyber Security Services, TTO Group CISO MT
•    Global Head, Group Threat Management, TTO Group CISO MT
•    CISO, WRB & Markets, TTO Group CISO MT
•    CISO, CIB, Core Technology & Functions, TTO Group CISO MT
•    Global Head, ICS Risk & Governance
•    Global Head Cyber Operations, TTO Group CISO MT
•    Global Head Audit, GSF Internal Audit 
•    Key Business Stakeholders including: All Business and Function COOs

Other Responsibilities
•    Firm leadership, team-building, and cross-functional communication skills.
•    Experience operating in large, complex, and regulated environments.

Our Ideal Candidate
 
•    15+ years of cybersecurity experience, including helming roles in Cyber threats analysis, Cyber security architecture or Cyber security leadership roles.
•    Expertise in bridging cyber risk buy down with appropriate IAM security controls.
•    Strong knowledge of identity-related threat vectors, insider risks, attack surface reduction, and security detection patterns.
•    Experience integrating identity telemetry with threat detection and response platforms (e.g., SIEM/SOAR).
•    Awareness of AI/ML security challenges and quantum-related cryptographic impacts is highly desirable.

•    Certifications:    CISSP, CCSP, CISM, GIAC GDSA, or equivalent 

Role Specific Technical Competencies

•    Manage Vendors
•    Information Security Policy and Strategy
•    Manage Change
•    Management of Front-Line Risk
•    Strategy & Business Model

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Recruitment Assessments

Some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

Visit our careers website www.sc.com/careers