The Role Responsibilities
· Become a trusted advisor and subject matter expert (SME) on security architecture. provide deep architectural expertise on complex cloud and on-premises projects,
· Deliver workable risk/threat-driven solutions with cost/benefit analysis.
· Communicate with both technical and non-technical stakeholders, provide guidance on proper architectural patterns. Identify and mitigate anti-patterns, redundancies, and duplications.
· Perform gap analysis for specific domains, identify gaps in existing capabilities, service maturity.
· Identify missing cybersecurity and cyber-resilience capabilities in alignment with changing business needs, threat land scape and technical requirements to increase the quality of the selected solutions also including topics such as products’ convergence over time and products decommissioning.
· Define and manage architecture artefacts including reference architecture documents, blueprints, technical and non-technical security requirements aligned to the corresponding strategic roadmap.
· Aligns architecture principles with our cybersecurity strategy, ensures alignment to roadmaps, cyber security, and resiliency standards as well as to our architectural framework.
· Responsible for security architectural design, realisation of the architecture in the solution implementation roadmap.
· Analyse market trends and threat landscape, provide meaningful insights, opportunities, and risks.
· Represent the architecture group in key internal service architecture governance forums.
· Work closely with your pears in the security architecture group, service and solution architects, engineers, project teams.
Strategy
· Define and manage architecture artefacts including reference architecture documents, blueprints, technical and non-technical security requirements aligned to the corresponding strategic roadmap.
· Aligns architecture principles with our cybersecurity strategy, ensures alignment to roadmaps, cyber security and resiliency standards as well as to our architectural framework.
· Responsible for security architectural design, ensures appropriate documentation as well as reflection of the architecture in the solution implementation roadmap.
· Analyse market trends and threat landscape, provide meaningful insights, opportunities, and risks.
· Represent the architecture group in key internal service architecture governance forums.
Business
· Become a trusted advisor and subject matter expert (SME) on security architecture.
· Provide deep architectural expertise on complex cloud and on-premise projects,
· Work closely with peers in the security architecture group, service and solution architects, engineers, project teams.
Processes
· Perform gap analysis for specific domains, identify gaps in existing capabilities, service maturity.
· Identify missing cybersecurity and cyber-resiliency capabilities in alignment with changing business needs, threat land scape and technical requirements to increase the quality of the selected solutions also including topics such as products’ convergence over time and products decommissioning.
Governance
· Awareness and understanding of the regulatory framework, in which the Group operates, and the regulatory requirements and expectations relevant to the role.
Regulatory & Business Conduct
· Display exemplary conduct and live by the Group’s Values and Code of Conduct.
· Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
· Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Key stakeholders
· Security services, security programmes, engineering teams, enterprise architecture, CISRO, etc.
Other Responsibilities
· Embed Here for good and Group’s brand and values in TTO/ Security Architecture; Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures.
Our Ideal Candidate
· 5+ years of experience in security architecture roles, leading complex architectural projects with multiple stakeholders, utilizing various security tools/technologies.
· Bachelor's degree in engineering, computer science, preferably majoring in cybersecurity.
· Experience on enterprise architecture framework such as TOGAF or SABSA .
· Hands-on experience (coding in Java, JS, Python) ideally full stack development.
· Proven threat modelling experience using STRIDE/MITRE/OWASP and/or other threat modelling methodologies for complex systems (ideally MITRE ATT&CK Defenders (MAD) Certified).
· Experience in networking architecture and/or networking security architecture and/or AWS networking specialty certified / Cisco CCNP Security / etc.
· Deep technical skills with good understanding in cross-functional technologies (IAM, data protection, threat management, vuln management, etc.) ability to dive into technical engineering details.
· Experience in offensive tactics, techniques, and procedures (TTPs), pen-testing / hacking background or (OSCP, CEH master) certified.
· Excellent communication skills, ability to explain complex topics to both technical and non-technical audiences. Proven ability to influence relevant stakeholders and decision makers.
· Excellent organisational skills, ability to manage deadlines and effectively prioritise multiple projects
Role Specific Technical Competencies
· Experience working in security architecture / engineering roles for financial institutes.
· Relevant cybersecurity certifications (AWS/Google/Microsoft Certified Security specialist, architect, GDSA, SANS GIAC, CISSP-ISSAP)
· AWS/Azure solutions architect professional certified and 3 years of experience in AWS/Azure environment.
· In depth understanding of threat-attack methodologies (STRIDE, DREAD, OWASP, Attack trees, MITRE ATT&CK, etc.) and corresponding mitigations in an enterprise environment.
· Experience with cybersecurity frameworks e.g. NIST cybersecurity framework, NIST 800-53v5, NIST 800-37, ISO 27xxx, etc.
· Knowledge of offensive tactics, techniques, and procedures (TTPs), ideally completed training and/or certifications (OSCP, CEH, Pentest+, etc.)
About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 160 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion. Together we:
· Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
· Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
· Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
· Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations
· Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum
· Flexible working options based around home and office locations, with flexible working patterns
· Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
· A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning
· Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.
Visit our careers website www.sc.com/careers
