Job Description

b'


Job : JOT to update
Primary Location : Asia-India-Bangalore
Schedule : Full-time
Employee Status : Permanent
Posting Date : 24/Aug/2023, 9:41:49 PM
Unposting Date : Ongoing


The Role Responsibilities Job Role This exciting opportunity within Group Threat Management (part of the Information and Cyber Security (ICS) function within Transformation, Technology and Operations) is to lead the new Threat Assessment and Countermeasures (TAC) service and processes. The role reports to the Head of Threat Assessment and Countermeasures. The TAC service enables synergies between strategic processes and technology orchestration across cyber security functions and ensures that consumers of threat intelligence (processes and products) can make informed decisions about the risk and required countermeasures. In this role, you will be responsible for leading the efforts to assess and mitigate the impact of cyber threats on the Group. You will influence the team efforts, investment decisions, control design, processes, technology choices and training across the Group, including lines of business, to ensure that decisions are aligned to maximising threat reduction. As this is a new team, the role holder will need to help establish the methodologies for threat capability assessment and research. They will support the creation of the capability that provides a single pane of glass for threat and defence posture and gap analysis, along with proposed countermeasures and prioritization. They will lead the efforts to investigate incidents that expose potential gaps in the current organizational security posture, plans and procedures. They will also act as the Group\xe2\x80\x99s subject matter expert in threat-informed defence, and they will lead and leverage the Group\xe2\x80\x99s strategic partnerships in this field. Strategy

• Support development of the overall threat-informed defence strategy and apply this methodology by driving and influencing cybersecurity activities across ICS and the wider Group relative to the threat landscape.
• Familiarity with structured analysis techniques for intrusion analysis e.g. Kill Chain, Diamond Model, MITRE ATT&CK.
• Ability to analyse Threat Actors TTPs, process large data sets to identify patterns and anomalies indicative of malicious activities.
• Proficient in technical investigations.
• Knowledge or experience in understanding attack techniques.
• Work with stakeholders to influence their respective strategies based on identified emerging threats.
• Manage requirements, complete relevant impact assessments and ensure clear plan in place to track to execution.
• Support with status reporting to senior management, relevant working groups and Committees. Escalate any material blockers and impediments in a timely manner.
• Collaborate with the teams within the ICS Risk and Control function to drive a threat-led approach to risk management.

Business

• Lead a comprehensive and on-going review of existing resources and practices across ICS to produce an action plan for building or enhancing threat mitigation initiatives and programs.
• Apply knowledge of tactical to strategic level intelligence analysis of cyber threats, vectors, and actors in support of cyber defence and computer network operations.

Processes

• Oversee the development of the processes and methodology for on-going threat assessment and countermeasure prioritisation.
• Lead the creation of clear, effective, and proactive plans for avoiding or mitigating newly emerged or evolving threats.

People and Talent

• Lead through example and build the appropriate culture and values. Set appropriate tone and expectations from their team and work in collaboration with risk and control partners. Manage the scope, schedule, and resource allocation for projects, daily tasks and sustaining activities.

Risk Management

• Effectively manage, monitor, and communicate the Bank security posture by maintaining visibility across the threat landscape and corresponding security controls.
• Be aware of, identify and escalate all risk issues and concentrations in accordance to the firm\xe2\x80\x99s Group Information and Cyber Security Policy. Where appropriate, direct remedial action and / or ensure adequate reporting to Risk Committees.
• Exemplify the Group\xe2\x80\x99s values and code of conduct and develop a robust culture to ensure that adherence with the highest standards of ethics, and compliance with relevant policies, processes and regulations among team members.

Governance

• Support with creating the threat assessment framework, methodology, gather and report on security metrics that demonstrate the relative cost/benefit of the security operations and other cybersecurity initiatives.
• Agile change mindset to enable continuous improvement.

Regulatory and Business Conduct

• Display exemplary conduct and live by the Group\xe2\x80\x99s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders

• Group CISO aligned functions including Cyber Security, Architecture, ICS Risk and Control, Identity and Access Control, ICS Portfolio, Heads of Information and Cyber Security (HICS) and other business stakeholders

Other Responsibilities

• Embed Here for good and Group\xe2\x80\x99s brand and values in Group Threat Management, Threat Assessment and Counter measure.

Our Ideal Candidate

• Bachelor\xe2\x80\x99s degree in Cyber Security, Information Technology, or related field preferred and a minimum of 5 years of progressive information security experience.
• Experience working in Threat Intelligence, Security Operations, Threat is essential, and a minimum of 3 years\xe2\x80\x99 related experience is preferred.
• Over five years of cyber security operations experience, preferably in the Banking and Financial Services sector.

Role Specific Technical Competencies

• Ability to understand complex challenges and develop out-of-the-box solutions to solve them
• Ability to conceptualize, identify, evaluate and synthesize information to formulate unbiased judgements, analytic lines and relevant recommendations.
• Thorough understanding of cyber threat actors and their tactics, techniques and procedures (TTPs) as well as existing CTI frameworks, CTI tools and IT systems.
• Ability to determine whether existing constructs, frameworks or tools require uplift, or if there is the need to develop new ones in response to innovations in adversary tradecraft or technologies.
• Ability to present analytic conclusions, research and methodologies to various audiences in an effective manner.
• Ability to identify and adapt communication style. This covers medium, language, message, cadence and preference for different audiences, ranging from the strategic, executive level to highly technical practitioners, such as detection engineers and security architects.
• Ability to understand operating systems principles, which include
  
  • Design decisions inherent to system architecture
  • How identities, access and authorization are administered
  • How systems communicate with one another and the protocols used for certain types of communications
• Ability to identify the core concepts, components and conventions associated with cyber defensive measures and cyber security processes, technologies
• Knowledge of industry best practices and frameworks such as the NIST, Cyber Security Framework (CSF), MITRE ATT & CK
• Ability to understand business decisions around enterprise architecture design
• Provide peer mentoring and learning opportunities to fill knowledge and skills gaps while building a culture of cohesion and trust
• Ability to identify and apply appropriate CTI terms and frameworks to track and communicate adversary capabilities or activities
• Thorough knowledge of the Lockheed Martin Cyber Kill Chain, MITRE ATT & CK framework to visually create playbooks through phases of an adversary\xe2\x80\x99s TTPs
• The ability to interact effectively with peers and leadership to build a collaborative culture that embraces diversity in backgrounds, skills, knowledge, and experiences to identify and answer key intelligence questions

About Standard Chartered We\'re an international bank, nimble enough to act, big enough for impact. For more than 160 years, we\'ve worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you\'re looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can\'t wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you\'ll see how we value difference and advocate inclusion. Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations
• Time-off including annual, parental / maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum
• Flexible working options based around home and office locations, with flexible working patterns
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you\'ve applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process. Visit our careers website www.sc.com/careers