About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East. To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours
- do the right thing, better together and never settle
- as well as our brand promise, Here for good. We're committed to promoting equality in the workplace and creating an inclusive and flexible culture
- one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base. Job Purpose Cyber Security Services (CSS) is a critical function within Standard Chartered Bank operating under the overall purview of “Group CISO and COO, Trust, Data and Automation”. The CSS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products to maintain and continuously improve Bank’s cyber security posture in today’s ever evolving cyber security landscape. The CSS team protect the Bank from cyber security threats by delivering effective information security technology services, managing and responding to security incidents to ensure, and support the continuity and growth of Bank’s business operations; and meet the both internal and external stakeholders’ expectations across 70+ countries and territories, in which SCB operates. Standard Chartered is transforming into a Digital Bank and requires a forward thinking “Secure by Default” function to embed Security in its portfolio of technology investments and projects. Reporting to the Head of Cloud Security you will be part of an exclusive team of highly skilled Cloud Security Consultants who are able to deliver effective and efficient security solutions for complex business and technology projects. The Role Responsibilities Proven experience identifying solutions for complex problems in enterprise environments. Proven ability to do research on various market security solutions that can enhance security on Cloud Platforms (AWS, Azure, GCP and SaaS Applications) MUST have strong technical knowledge and confidence in communicating with highly technical audiences. MUST be Highly meticulous and detail oriented. MUST have Excellent Security Auditing, Control Analysis and problem-solving skills. Proven experience and desire to operate as a self-starter and be comfortable working in an ambiguous, yet fast-paced, environment. Proven ability to pull a diverse group of individuals with different goals together to facilitate, moderate, and influence productive discussions driving towards results Strong business acumen to quickly learn new business processes and understand how Cloud security can support the business in achieving revenue and profit goals Proven ability to map security standards against the solution architecture (for both IaaS & SaaS solutions) and ability to identify the required controls to be in place as part of the Application Deployment Demonstrated relevant security expertise in designing security solutions for a mix of technology areas, with a focus on application, network and cloud security. Demonstrated ability to understand and propose security requirements on Cloud against the following (but not limited to): Open Banking/PSD2, APIs Big Data Platform/Security Components (Hortonworks/Apache) Cloud Service, Provider, and Platform Security (SaaS, FaaS, PaaS & IaaS) Advanced Identity & Access Management Cryptography & PKI Automated Vulnerability Management Solutions (Qualys, SonarQube, Open Sources, IBM App Scans, X-Ray, etc) Application Security (Secure SDLC, DevSecOps, and Automation) Next Generation Network Security (Software Defined Perimeter, Zero Trust/BeyondCorp, SDWAN) End User Technology, Productivity & Collaboration Security Being a Cloud Security Consultant he/ she need to be conducting 3rd party information security risk assessments, negotiating our security contract terms into contracts, managing that portfolio of Third parties they have reviewed including entities who have not met requirements and serving as the subject matter expert in assisting adoption and execution of Third Party security risk processes within the clients holistically. Participate in assessment of Third-party SaaS, IaaS and PaaS security risk, develop mitigation plans and partner with internal stakeholders to manage non-compliances Help ensure strong oversight of all Third-Party SaaS, IaaS and PaaS security risks in your portfolio and provide stakeholders and business partners visibility of existing and emerging risks Prepare and complete security risk assessments and assist with policy, regulatory and accreditation audit preparation Drive towards a common and consistent Third-Party SaaS, IaaS and PaaS security risk management program to effectively manage the client’s risk as introduced by the hosting or handling or direct connectivity by a third party to the client in accordance with the clients information security policy and Regulatory requirements Provide guidance to the business, procurement and other stakeholders to ensure requirements of Third-Party SaaS, IaaS and PaaS Security risks and assurance requirements are fully understood Verbal negotiation skills are a plus and Ability to effectively work with and contribute to a close-knit team while also being a self-starter are critical to success Ability to prioritize among competing priorities with organizational skills and the ability to manage multiple reviews and tasks at the same time are essential Understanding the security impact and implementation of the triad (Confidentiality, integrity, and Availability) on company networks and the appropriate risk model to present to business management and to negotiate protective language into contracts are key ingredients to this position Key stakeholders: CIOs, Delivery Heads and Teams; ITO, Governance & Change
- Risk & Control, Technology Governance & Assurance SC Ventures/eXellerator; Information Security Risk Officers Security Technology Service Heads and Management Team. Our Ideal Candidate Bachelor's degree in Computer Science or related field, or equivalent work experience Experience in information security or information technology disciplines Information Security architecture and / or strategy CISSP / CCSK / CCSP / CISA / CISM. Must Have at least two of these Certifications AWS Security / AZURE Security / Google Cloud Security. Preferred if coming with any of these certifications Strong knowledge on ISO 27K Lead Auditor, CCSK Cloud Auditor, ISO 31K Lead Auditor, NIST, CIS Benchmark Standards MUST have working experience in performing Third Party Security Assessments or Audits.
