About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.The Role ResponsibilitiesStrategy
- Security Technology Services (STS) is a critical function within Standard Chartered Bank operating under the overall purview of Enterprise Technology (ET). ET is accountable for enterprise wide infrastructure, data centres, Cloud, network, end-user services (EUS) and security (STS).
- The STS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products to maintain and continuously improve Bank&rsquos cyber security posture in today&rsquos ever evolving cyber security landscape.
- The STS team protect the Bank from cyber security threats by delivering effective information security technology services, managing, and responding to security incidents to ensure, and support the continuity and growth of Bank&rsquos business operations and meet the both internal and external stakeholders&rsquo expectations across 70+ countries and territories, in which SCB operates.
- STS Operations function is a transversal service with a primary objective of managing operational activities for all STS owned products and services.
- This role is responsible for setting up and leading the Operations function for multiple security services that are provided by STS. This role will involve transitioning all the BAU operational activities for existing services from siloed services to a central Operations function and then automate the services provided with a key focus on end-user experience and self-service.
People and Talent
- This role is accountable for ensuring the STS services are adherent to all relevant Group standards, processes, and policies. The criticality of services provided by STS means there is emphasis, diligence and rigor on process adherence and risk management. The performance of STS services is audited and often reported to regulators.
- This role is accountable of leading a team of technical people in delivering STS services. The focus on people development and people leadership is a significant part of this role.
- This role will ensure all STS services adhere to Group Risks Management Standards and all services are audit ready at any given time.
Regulatory & Business Conduct
- This role will ensure all STS services adhere to Group standards and all services are audit ready at any given time.
- Display exemplary conduct and live by the Group&rsquos Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Lead the STS Operations team for specific technologies to achieve the outcomes set out in the Bank&rsquos Conduct Principles: [Fair Outcomes for Clients Effective Financial Markets Financial Crime ComplianceThe Right Environment.] *
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
- Architecture, Site Reliability Engineering and Service heads who own the strategy and roadmap for STS
- Project teams that deliver new services or improve existing services via projects or initiatives
- Infrastructure support teams (servers, databases, networks, etc.)
- Service Management team (change management team, major incident management team, support teams locally in countries where we operate, and STS services are consumed)
- Application support teams (other application teams that rely on STS services)
- Internal Risk Management teams and auditors
- Technology and Innovation (CIO Function) team
Our Ideal CandidateTechnical Skills
- Accountable for setting up and running 24x7 operations for some of the services provided by Security Technology Services. The primary focus of this role will be to stabilise the new operations function swiftly and move towards automation, self-service and SRE. Success in role is defined by the ability to improve the services for our end-users through automation or self-service and reduce BAU operational costs.
- Responsible for managing BAU operational tasks for some of the below services:
- Data security technologies &ndash Fortanix, Vormetric, Protegrity, N Cipher, PKI (Microsoft), Key Management Systems, Certificate Lifecycle Management.
- Network and perimeter security technologies - zScaler, Akamai, Broadcom, Imperva, etc.
- Endpoint Encryption &ndash Broadcom and Secret Double Octopus
- Authentication and PIM &ndash Beyond Trust, ForgeRock and HashiCorp Vault
- Cloud Security in AWS and Azure
- Identify tasks with repetitive nature and automate wherever feasible
- Align and adopt SRE practices in day-to-day operations
- Work closely with related teams, viz. platform, infra, SCM on a day to day basis
- Able to Provide artefacts from the service when required.
- Work closely with business and other stakeholders to deliver their security requirements
- Participate in security incident response activities.
- Be a subject matter expert within security production support by providing solutions to complex problem statements
- Adoption of standard tools and techniques for support management including event monitoring, batch management for routine activities, resiliency, capacity and for other standard core support processes like Incident, Problem and Change
- Ensure IT assets of STS are appropriately recorded and recertified This includes maintaining list of security services, service and support ownership, assets &ndash servers, software and relationship with upstream and downstream systems
- Proactive review of production platform related risks or non-compliances like resiliency, capacity, obsolescence, event monitoring and reporting controls, and ensure full risks awareness is in place
- Take part in on-boarding newer capabilities/products into production support by reviewing all non-functional requirements, service validation and ensuring compliance to technology delivery assurance
- Contribute to product strategy and lifecycle, wherever applicable Also ensure there are no redundancies of services within STS products and services
- Conduct production service level reviews with all key stakeholders with STS
- Contribute in security product roadmap and strategy
- Support on-boarding of all newer capabilities into STS
- Engage with other transversal technology services teams like data centre, database and platform support, ensuring there is adequate awareness of security tools, products and services, its significance to the security ecosystem for the bank
- Establish and govern all service reviews with suppliers/vendors providing support services for STS
- Plan and manage the financials (budget, forecasts, actuals) for Security Production Support and ensuring the spends do not overrun
- Adoption of DevOps and industry standards and practices for Security Production support
Communication and Interpersonal Skills
- Minimum 15 years of deep technical experience in Cybersecurity design, architecture, and operations.
- Must have hands on experience in designing, delivering, or managing (operations) in more than one of the following
- Network and perimeter security technologies (zScaler, Akamai, Broadcom, Imperva, etc)
- Endpoint Encryption &ndash Broadcom and Secret Double Octopus
- Authentication and PIM &ndash Beyond Trust, ForgeRock and Secret Management
- Certificate Lifecycle Management
- Key Management Systems
- Cloud Security (AWS and Azure)
- Hands-on knowledge of Java, Python and related tools (bitbucket, antifactory, etc.) with ability to automate manual tasks is preferred.
- Should have knowledge of SRE practices and has hands-on experience with managing production as per SRE standards and best-practices.
- Good knowledge and understanding on the below.
- Understanding on Linux/UNIX basics
- Understanding of networking concepts
- Working knowledge on Windows OS
- Understanding of Information Security concepts
- Basic understanding of Web Applications
- Have good understanding of ITIL practices and ITSM tools
- Has excellent track record in running complex application production / support environment
- Has performed production tasks within the SDF/SDLC process
- Has supported Problem Management, Change Management and Incident Management functions
- Experience with enterprise data centre design, DevOps, and Cloud Computing
- Ability to organise thoughts and coherently communicate ideas both verbally and in writing
- Ability to manage personal emotions and that of the team in stressful circumstances (High EQ)
- Self-starter with a strong sense of ownership
- Customer driven with the ability to view the service from an end-to-end perspective with objectivity and view to improving the services for end-users (could be other technical teams).
- Ability to lead people (not manage) and treat the team with respect and dignity.
&ndash CISSP or CISM
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our . We welcome conversations on flexible working.