Job Description

Job : Operations
Primary Location : Asia-Malaysia-Bukit Jalil KL
Schedule : Full-time
Employee Status : Permanent
Posting Date : 10/Apr/2023, 8:38:04 PM
Unposting Date : Ongoing


The Role Responsibilities Cyber Security Defensive Operations

• Responsible for People and Operations Management for a Security Operations Centre (SOC) providing 24x7 Defensive Cybersecurity Operations with global coverage.
• Acts as a central point of contact for the Cyber Threat Response team to manage security event monitoring and incident response.
• Ensures the timely and effective identification, triage, containment, remediation, and recovery of security incidents, leveraging process improvisation to address novel situations.
• Ensures that operational objectives are met in compliance with Service Level Agreements (SLAs), process adherence.
• Develops, maintains and continuously improves service delivery processes and Incident Response and Automation playbooks.
• Analyses lessons learned from previous incidents, tracks remediation actions to closure, and ensures that relevant findings are addressed, and playbooks updated accordingly.
• Responsible for strategic planning, leadership, organization, and governance for the team, and accountable for organizational performance and human capital management.
• Liaises with relevant support groups to coordinate cybersecurity incident response within a collaborative working environment.
• Liaises with Operations Management and other stakeholders to furnish evidence for relevant regulatory requirements. Ensures that processes in scope integrate with re.lated processes and generate such evidence.
• Liaises with vendors, suppliers, and service providers to optimize existing solution implementations and ensure ongoing currency of analyst skills.
• Acts as hiring manager for new employees and trains and evaluates existing employees to improve performance and foster professional development.
• Directs and controls Service Operation and Continual Service Improvement.
• Develops, implements, and maintains Security Operations policies, procedures, and service documentation for the team.
• Train and mentor junior analysts.

Regulatory and Business Conduct
Display exemplary conduct and live by the Group\xe2\x80\x99s Values and Code of Conduct.
Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters. Key Stakeholders

• As designated in this global coverage role.

Other Responsibilities

• Provide after-hours rotational coverage when required

Our Ideal Candidate

• Diploma or higher educational qualification in Engineering, Computer Science / Information Technology or an equivalent qualification in a relevant discipline.
• 9 years of experience in Information Security, preferably in the Banking and Financial Services sector, with 4 years of hands-on experience working in a Security Operations Centre (SOC).

The following certifications are desirable but not mandatory

• ISC2 Certified Information Systems Security Professional (CISSP), ISACA Certified Information Security Manager (CISM), EC Council Certified Ethical Hacker (CEH), EC Council Certified Security Analyst (ECSA), SANS GIAC Certified Incident Handler (GCIH), CERT Certified Computer Security Incident Handler (CSIH), Axelos Information Technology Infrastructure Library (ITIL) v3 Foundation.

Role Specific Technical Competencies

• Knowledge in breadth and reasonable depth of Cybersecurity Incident Analysis and Response and Cybersecurity Defensive Operations (Blue Team) in complex organizations.
• Strong understanding of the current cyber threat landscape as well as current risks, vulnerabilities, and threats.
• Comprehensive knowledge of IT Service Management (ITSM) processes within a recognised framework (ITIL, COBIT).
• Strong understanding of core Enterprise Information Technology and Computer Networking concepts (Desktop / Laptop, Mobile Device, Server, Network Device, LAN and WAN).
• Strong understanding of enterprise directory management solutions (e.g., Active Directory, LDAP) and related functions such as Group Policy and Single Sign On.
• Working understanding of digital forensics.
• Working understanding of application security within the OWASP framework.
• Exposure to working with Managed Security Service Providers (MSSPs) and third party vendors and suppliers.
• Strong understanding of Audit, Compliance, Governance, and reporting.
• Exposure to Endpoint Security and Endpoint Detection and Response solutions, preferably Symantec.
• Exposure to Network and Email Security solutions, preferably Symantec.
• Exposure to Security Information and Event Management (SIEM) solutions, preferably Splunk ES.
• Exposure to Security Orchestration, Automation, and Reporting (SOAR) solutions, preferably Splunk Phantom.
• Exposure to case management solutions.
• Exposure to Database Activity Monitoring solutions.
• Exposure to Privileged Session Management solutions.
• Exposure to WAN traffic management and DDoS mitigation solutions.
• Demonstrated ability to solve multiple, interconnected problems of high complexity and come up with innovative, forward-thinking solutions.
• Self-motivated and able to work independently. Comfortable with working remotely for extended periods if required.
• Excellent oral and written communication skills, with English at ILR Level 4 or better. Basic familiarity with Microsoft Office or similar productivity software, with the ability to produce documents, spreadsheets, and presentations of high complexity.
• Demonstrated ability to work with a diverse, geographically-dispersed team.

About Standard Chartered We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you\'ll see how we value difference and advocate inclusion. Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations
• Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum
• Flexible working options based around home and office locations, with flexible working patterns
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process. Visit our careers website www.sc.com/careers