Job Summary
We are seeking a dynamic and experienced individual to assume the role of Head of Security Engineering at our bank. Reporting directly to the Chief Architect of Security, the Head of Security Engineering will lead the design and implementation of scalable automated controls integrated into our engineering practices and processes. This pivotal role will involve managing a team of security architects and engineers, ensuring the delivery of robust security solutions aligned with industry best practices and regulatory requirements.
BUSINESS BACKGROUND
In the banking sector, the role of Head of Security Design is crucial in safeguarding sensitive financial information and ensuring compliance with regulatory standards. This role involves designing and implementing robust security frameworks that protect against cyber threats, fraud, and data breaches. By overseeing the architecture security systems and protocol, they mitigate risks associated with digital transactions, customer data handling, and infrastructure vulnerabilities. Their strategic insights are pivotal in maintaining trust, resilience, and continuity within financial institutions amidst evolving cybersecurity challenges.
KEY STAKEHOLDERS
• Executive Management - up to and including the board members.
• Tech Organization and Platform Owners
• Compliance and Risk Management
• Business Units (Domains)
• External Auditors and Regulators
Key Responsibilities
Strategy
• Develop and execute a comprehensive strategy for security engineering initiatives, in alignment with the bank’s overarching security objectives.
• Collaborate with the Chief Architect of Security to establish long-term goals and roadmaps for security engineering efforts.
• Implement security controls directly in the platforms that support the engineers.
Business
• Partner with business stakeholders to understand security requirements and translate them into effective technical solutions.
• Provide strategic guidance on security-related matters to support business initiatives and projects.
• Work with the Chief Architect of AI to bring AI workloads and designs into the bank in a secure and responsible way.
• In collaboration with the business help drive a platform strategy that embeds security within in the platform itself as guardrails and embedded controls.
• Work with 2LOD and DevSecOps on In-Control Statements, SOC2 statements and verification aligning with risk management.
Processes
• Lead the design, implementation, and enhancement of scalable automated controls within the engineering practices and processes to fortify the security posture of the bank.
• Continuously evaluate and optimize security engineering processes to enhance efficiency and efficacy.
• Continue to improve and run the security architecture review practice embedded into the enterprise architecture processes and SDLC.
• Implement scalable and robust processes that keep the bank secure without excessive manual activities using automation and simplification.
• Challenge as much as possible the conversion of processes into platform guardrails.
People & Talent
• Manage and mentor a team of security architects and engineers, fostering a culture of innovation, collaboration, and professional growth.
• Collaborate with HR to recruit top talent and build a skilled and cohesive security engineering team.
Risk Management
• Identify, assess and mitigate security risks associated with engineering practices, processes, and technologies.
• Monitor security metrics and trends to proactively identify vulnerabilities and threats, implementing appropriate countermeasures.
Skills and Experience
Governance
• Establish and enforce security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Work closely with internal and external audit and compliance teams to ensure adherence to security standards and regulatory guidelines.
• Challenge the policies and raise change requests when the policy is impractical or a better alternative exists.
Regulatory & Business Conduct
• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Our Ideal Candidate
· 10+ years’ experience to develop and execute a comprehensive strategy for security engineering initiatives, in alignment with the bank’s overarching security objectives
· Bachelor’s degree in computer science, Information Security or a related field; advanced degree preferred
· Collaborate with the Chief Architect of Security to establish long-term goals and roadmaps for security engineering efforts
· Azure and/or AWS training
· Membership in the following will improve your application: ISSA, ISACA, CSA, ISC, IAPP
· Certifications in the following will improve your application: CISSP, CISM, CIA, OSCP, CCSP, CEH, CCS
Role Specific Technical Competencies
· Security Architecture Design:
· Blueprint for robust protection of systems and the data they hold.
· Threat Modelling
· Identifying and assessing potential cyber threats and vulnerabilities systematically.
· Secure Coding Practices
· Standards ensuring software resilience against security risks that are applied during development.
· Security Testing
· Assessing system vulnerabilities and strengths through rigorous evaluation processes.
· Security Automation
· Implementing automated tools to enhance efficiency and effectiveness of security measures.
· Regulatory Compliance
· Adhering to legal requirements and industry standards for security and data protection.
About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.
Together we:
· Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
· Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
· Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
What we offer
In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
· Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
· Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
· Flexible working options based around home and office locations, with flexible working patterns.
· Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
· A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
· Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
Recruitment Assessments
Some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.
Visit our careers website www.sc.com/careers