Key Responsibilities

• The Group Chief Information Security Officer (CISO) organisation is instrumental in protecting and ensuring the resilience of Standard Chartered Bank’s data and IT systems by managing Information and Cyber Security (ICS) risk across the enterprise. 
• ICS Protect domain is central to ensuring the Bank’s ability to meet its ICS commitment to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board, and that is supported by the Group ICS Risk & Governance Function.

Strategy

• Develop and implement comprehensive strategies for endpoint protection and threat configuration aligned with the overarching cyber defence goals.
• Drive innovative approaches incident response, and preventive measures, ensuring they align with business objectives.
• Collaborate with executive leadership to integrate cutting-edge technologies and proactive methodologies within the endpoint security framework.
• Build strong working relationship with other IT, 2nd & 3rd Line of Defence and business stakeholders (such as Cyber Defense Center, cloud team, application team, database, end-user support) to ensure that endpoint security solutions are integrated into the Bank’s overall security posture for detection and prevention.
• Development of procedures and roadmap that align with bank’s architecture and security policy/standards for any future initiatives such as technology refresh, new emerging technology, etc.

Business

• Define and communicate the business impact of endpoint security posture, both in risk mitigation and business continuity.
• Implement frameworks for secure business operations, ensuring that security measures complement and enable seamless business activities.
• Regularly assess and communicate the business value and ROI of endpoint security investments

Processes

• Oversee the development and enhancement of robust processes for endpoint protection, incident response, and threat configuration.
• Establish and optimize procedures for continuous monitoring, analysis, and adaptation to evolving cyber threats.
• Streamline and automate processes to enhance efficiency while maintaining the highest level of security standards.

People & Talent

• Foster a culture of excellence, mentorship, and continuous learning within the team.
• Attract, retain, and develop top-tier talent in the field of endpoint security, ensuring a diverse and skilled workforce.
• Cultivate a collaborative and inclusive environment to maximize team productivity and effectiveness.
• Lead through example and build the appropriate culture and values. Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.
• Ensure the provision of ongoing training and development of people and ensure that holders of all critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks.
• Employ, engage and retain high quality people, with succession planning for critical roles.
• Responsibility to review team structure/capacity plans.
• Set and monitor job descriptions and objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectives.

Cost and Investment Management

• Deliver cost targets as per the direction from the Group CISO
• Ensuring ICS Protect is appropriately funded, resourced, prioritised, integrated, managed, and delivered across the Group.

Risk Management

• Identify and evaluate emerging cyber threats and strategize for proactive risk mitigation.
• Implement and oversee risk management protocols to minimize potential vulnerabilities.
• Regularly assess the risk landscape and adapt strategies to address new and existing threats.

Governance

• Enforce and maintain governance protocols to ensure adherence to the highest security standards.
• Oversee the compliance and alignment of endpoint security with industry standards and best practices.
• Establish governance frameworks to manage security policies, procedures, and controls effectively.
• responsible for assessing the effectiveness of the Group's arrangements to deliver effective governance, oversight and controls in the business and, if necessary, oversee changes in these areas
• Awareness and understanding of the regulatory framework, in which the Group operates, and the regulatory requirements and expectations relevant to the role.

Regulatory & Business Conduct

• Ensure compliance with regulatory requirements and industry standards, managing audits and certifications related to endpoint security.
• Advise on regulatory changes impacting endpoint security and lead adaptations accordingly.
• Uphold ethical conduct and adherence to all applicable laws and regulations in the implementation and management of endpoint security strategies.
• This role demands a strategic visionary with a strong understanding of both technology and business, capable of leading and driving change in the ever-evolving landscape of cybersecurity, particularly in the realm of endpoint protection and threat configuration within a tier-one banking institution.

Key stakeholders

• Global Head, ICS Protect
• ICS Protect Management Team
• Global Head, CyOPS
• Group CISO and ICS MT
• HR Business Partners
• Sourcing & Vendor Management
• Essential stakeholders, including Microsoft for cutting-edge endpoint security technologies, enterprise technology teams to align strategies, cyber defence teams for a holistic defence strategy, security monitoring and analytics teams for real-time threat analysis, cloud platform teams for secure cloud operations, and risk management 2nd and 3rd line of defence. Effective coordination with these stakeholders is critical in ensuring a cohesive, robust, and holistic approach to endpoint protection and threat configuration within the bank's cyber defence operations.

Our Ideal Candidate

• 10+ years experience in designing, implementing, and managing Next Generation Endpoint Security solutions in enterprise environments, with a focus on EDR platforms. 
• Good understanding of endpoint security technologies, including antivirus, malware protection, endpoint detection and response (EDR), endpoint protection platforms (EPP), and threat intelligence.
• Supporting knowledge and experience on mail-security and database activity monitoring (DAM) solution to build up the protection policies and deployment with hands on troubleshooting skills.
• Strong understanding with endpoint security management frameworks (e.g., MITRE ATT&CK, NIST) and threat hunting methodologies.
• Managing of more than 100,000 endpoint (ranging from user’s machine to physical/virtual servers in cloud and on-premise datacenter) with various operating system variant in the Bank by ensuring the endpoint security technology is deployed to protect the Bank’s asset from various internal/external threat. 
• Managing a global team of 25 security professionals ranging from band 5 to 8 with roles as endpoint security engineer, enterprise endpoint security architects and endpoint security analyst

Role Specific Technical Competencies

• Product management 
• Malware analysis 
• Cloud security 
• Risk management 
• Security architecture 
• SRE
   

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Recruitment Assessments

Some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

Visit our careers website www.sc.com/careers