Job Description

Role Responsibilities

Strategy

• Security Technology Services (STS) is a critical function within Standard Chartered Bank operating under the overall purview of Enterprise Technology (ET). ET is accountable for enterprise wide infrastructure, data centres, Cloud, network, end-user services (EUS) and security (STS).
• The STS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products to maintain and continuously improve Bank's cyber security posture in today's ever evolving cyber security landscape.

Business

• The STS team protect the Bank from cyber security threats by delivering effective information security technology services, managing, and responding to security incidents to ensure, and support the continuity and growth of Bank's business operations; and meet the both internal and external stakeholders' expectations across 70+ countries and territories, in which SCB operates.
• STS Operations function is a transversal service with a primary objective of managing operational activities for all STS owned products and services.
• This technical SME role is responsible for operational activities (service requests, change requests etc.) of Authentication and PIM function (listed later in the document). This role supports 24x7 BAU operational activities for existing services/technologies and automating routine with a key focus on end-user experience and self-service.

Processes

• This role is accountable for ensuring the STS services are adherent to all relevant Group standards, processes, and policies. The criticality of services provided by STS means there is emphasis, diligence and rigor on process adherence and risk management. The performance of STS services is audited and often reported to regulators.

People and Talent

• This role is accountable of leading a team of technical people in delivering STS services. The focus on people development and people leadership is a significant part of this role.

Risk Management

• This role is responsible for ensuring all Authentication and PIM services adhere to Group Risks Management Standards and all services are audit ready at any given time.

Governance

• This role is responsible for ensuring all Authentication and PIM STS services adhere to Group standards and all services are audit ready at any given time.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group's Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Help the Authentication and PIM operations team with specific technologies to achieve the outcomes set out in the Bank's Conduct Principles: [Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment.] *
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders

• Architecture, Site Reliability Engineering and Service heads who own the strategy and roadmap for STS
• Project teams that deliver new services or improve existing services via projects or initiatives
• Infrastructure support teams (servers, databases, networks, etc.)
• Service Management team (change management team, major incident management team, support teams locally in countries where we operate, and STS services are consumed)
• Application support teams (other application teams that rely on STS services)
• Internal Risk Management teams and auditors
• Technology and Innovation (CIO Function) team

Other Responsibilities

• Accountable for managing the SME team, address the gaps in the process, automate manual tasks and address any failures in the automation or systems supporting it.
• Responsible for managing SME tasks for some of the below services:
• Authentication and PIM technologies BeyondTrust, ForgeRock, HashiCorp Vault. Secret Double Octopus
• Identify tasks with repetitive nature and automate wherever feasible
• Align and adopt SRE practices in day-to-day operations
• Work closely with related teams, viz. platform, infra, SCM on a day to day basis
• Able to Provide artefacts from the service when required.
• Work closely with business and other stakeholders to deliver their security requirements
• Participate in security incident response activities.
• Be a subject matter expert within security production support by providing solutions to complex problem statements
• Adoption of standard tools and techniques for support management including event monitoring, batch management for routine activities, resiliency, capacity and for other standard core support processes like Incident, Problem and Change
• Ensure IT assets of STS are appropriately recorded and recertified; This includes maintaining list of security services, service and support ownership, assets - servers, software and relationship with upstream and downstream systems
• Proactive review of production platform related risks or non-compliances like resiliency, capacity, obsolescence, event monitoring and reporting controls, and ensure full risks awareness is in place
• Take part in on-boarding newer capabilities/products into production support by reviewing all non-functional requirements, service validation and ensuring compliance to technology delivery assurance
• Contribute to product strategy and lifecycle, wherever applicable; Also ensure there are no redundancies of services within STS products and services
• Conduct production service level reviews with all key stakeholders with STS
• Contribute in security product roadmap and strategy
• Support on-boarding of all newer capabilities into STS
• Engage with other transversal technology services teams like data centre, database and platform support, ensuring there is adequate awareness of security tools, products and services, its significance to the security ecosystem for the bank
• Establish and govern all service reviews with suppliers/vendors providing support services for STS
• Plan and manage the financials (budget, forecasts, actuals) for Security Production Support and ensuring the spends do not overrun
• Adoption of DevOps and industry standards and practices for Security Production support

Our Ideal Candidate

Qualifications

Technical Skills

• Minimum 5 years of deep technical experience in Cybersecurity design, architecture, and operations.
• Must have hands on experience in designing, delivering, or managing (operations) in more than one of the following
• Authentication and PIM - BeyondTrust, ForgeRock, HashiCorp Vault, Cyber Ark. Secret Double Octopus.
• Should have knowledge of SRE practices and has hands-on experience with managing production as per SRE standards and best-practices.
• Good knowledge and understanding on the below.
• Understanding on Linux/UNIX basics
• Understanding of networking concepts
• Working knowledge on Windows OS
• Understanding of Information Security concepts
• Basic understanding of Web Applications
• Have good understanding of ITIL practices and ITSM tools
• Has excellent track record in running complex application production / support environment
• Has performed production tasks within the SDF/SDLC process
• Has supported Problem Management, Change Management and Incident Management functions

Communication and Interpersonal Skills

• Ability to organise thoughts and coherently communicate ideas both verbally and in writing
• Ability to manage personal emotions and that of the team in stressful circumstances (High EQ)
• Self-starter with a strong sense of ownership
• Customer driven with the ability to view the service from an end-to-end perspective with objectivity and view to improving the services for end-users (could be other technical teams).
• Ability to lead people (not manage) and treat the team with respect and dignity.

Role Specific Competencies

• Managing cybersecurity BAU operations
• Design and deliver cybersecurity technologies
• Automation, SRE and DevOps

About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 160 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion. Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations
• Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum
• Flexible working options based around home and office locations, with flexible working patterns
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

Visit our careers website www.sc.com/careers