JOB SUMMARY
· The Cyber Security Assessment (CSA) is an integral part of Cyber Security with an aligned goal to ensure secure by design as relates to any software we build or buy or connect to in the Bank. To that end the CSA needs to ensure all security controls related to security threats are being adhered to by projects and application development teams. As part of CSS, we work effortlessly in ensuring the Bank soundly meets its commitments to internal and external stakeholders and maintains an appropriate cyber security defence posture through as part of our 'Secure by Design' initiatives.
· The role is expected to be a chapter lead for Cloud and Container policy and control governance and implementation in the tools and services that we own and embed as part of the build pipeline and platform. The incumbent will provide direction to Security champions in ICS as well as federated security champions on which controls are most appropriate for Cloud and containers as well as define how best to initiate the control checks in the pipeline and platform. The role requires the ability to communicate and build relationships with technology product owners and support teams across geographies mainly ADO, AWS, Azure, SKE, CIO domains and other ICS control leads related to secure by design.
· The Lead, Principal Cyber Security Consultant needs to be a DevOps, Cloud and Container SME with institutional and industry knowledge. Ability to drive product development, security as policy coding requirements as well as influence security champions to #doTheRghtThing in their reviews. Coding capability is essential
RESPONSIBILITIES
Strategy
· Develop and implement a comprehensive strategy for security as code and policy as code practices, aligning with the overall ICS objectives
· Lead the adoption of automated security and compliance solutions across the development lifecycle
· Drive innovation in integrating security into CI/CD pipelines, facilitating a shift-left approach to security
Business
· Collaborate with key business stakeholders to understand business objectives, providing insights on how security as code can support these goals
· Translate business requirements into secure, scalable, and reliable security practices
· Foster a culture of security awareness and ensure security best practices are incorporated into business operations
Processes
· Establish and refine processes for integrating security tools and practices into the software development and deployment processes
· Develop and maintain policy-as-code frameworks to enforce security policies automatically within the infrastructure
· Ensure continuous improvement of security processes through regular review and incorporation of feedback mechanisms
People & Talent
· Conduct comprehensive risk assessments and enforce risk management policies to identify and mitigate potential security threats
· Develop metrics and reporting frameworks to monitor the effectiveness of security measures
· Liaise with the risk management team to integrate cybersecurity risk into the organizations overall risk profile
Risk Management
· Conduct comprehensive risk assessments and enforce risk management policies to identify and mitigate potential security threats
· Develop metrics and reporting frameworks to monitor the effectiveness of security measures
· Liaise with the risk management team to integrate cybersecurity risk into the organizations overall risk profile
Governance
· Ensure compliance with relevant ICS policies and, regulations and standards related to cyber security and data protection
· Establish governance frameworks for policy as code to ensure consistent application and enforcement of security policies across all assets being built on the central devops pipeline
Regulatory & Business Conduct
· Display exemplary conduct and live by the Group’s Values and Code of Conduct.
· Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
· Lead the DevSecOps Automation Cloud and Container Policy checks to achieve the outcomes set out in the Bank’s Conduct Principles
· Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Key Stakeholders
· ICS Control owners
· Cloud Platform
· ADO Engineering
· Security Architecture
· CIO Domains
Other Responsibilities
· Embed Here for good and Group’s brand and values in ICS-CS; Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures; Multiple functions (double hats);
Our Ideal Candidate
· 5+ years of experience in Information security, preferably in Banking and Financial services sector.
· 5+ years of hands-on experience on application/ infrastructure risk assessments, Along with 3 years of experience in implementation or management of security tools/ projects.
· Proven experience in leading security initiatives
· Subject matter expert in DevOps, AWS, Azure and Kubernetes especially EKS and AKS
· Familiar with policy as code
· Self-starter, capable of working without direction and able to deliver projects from scratch
· Full Software Development Lifecycle experience in a mature Continuous Integration and Continuous Delivery environment, probably as a developer
· Strong DevOps toolchain experience: ADO, Artifactory, Sonaqube, Nexus, Aqua
· Configuration and deployment tools experience – Ansible or Puppet
· Strong scripting skills – Python, Ruby, or similar; Perl .
· Breadth of knowledge – operating systems, networking, distributed computing
· Cloud deployment and systems management experience – AWS, Azure
· Container orchestration expertise – EKS, AKS
· Strong knowledge of UNIX and TCP/IP – understand strace and tcpdump output
· Bachelor’s Degree in engineering, Computer Science/Information Technology or its equivalent.
· CSPM, CISSP, nice to have
Role Specific Technical Competencies
· DevOps
· Cloud
· Containers
· Security
· Policy as Code
About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 160 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion. Together we:
· Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
· Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
· Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
· Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations
· Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum
· Flexible working options based around home and office locations, with flexible working patterns
· Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
· A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning
· Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
· Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.
Visit our careers website www.sc.com/careers
