Vice President, Security Remediation & Analytics
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
Our Ideal Candidate
- Define, implement and maintain the Security Remediation & Analytics Strategy and Roadmap for the Bank
- Manage, oversee and direct a security remediation team (approximately 10) that proactively monitors tracks and reports vulnerability remediation progress on the Bank's infrastructure and systems
- Define resource, training, and technology requirements to ensure the success of the team's mission.
- Working across the Bank to design and implement best practices including adherence to Bank's policies and standards for proactively ensuring new products and services are rolled out in a vulnerability free manner.
- Overall global responsibility for the Security Remediation & Analytics services covering end user devices, infrastructure and applications and vulnerabilities associated with Common Vulnerabilities and Exposures (CVE), Vulnerability Scanning, Infrastructure Configuration Validation, Security Penetration Testing and Secure Code Reviews
- Oversee Remediation Activities such as management of tracking and remediation of vulnerabilities by leveraging agreed upon action plans and timelines with stakeholders within the Bank and where required third parties providing services to the Bank.
- Validate remediation by reviewing vulnerability results and providing status updates
- Recommend appropriate policy, standards, process and procedural updates as part of comprehensive remediation solutions and through mature root cause analysis and trending processes
- Partner with Security Governance to ensure appropriate visibility and currency of remediation information and risk exposure to the Bank
- Responsible for operation of vulnerability remediation tools, corrective action recommendations, summarizing and reporting results
- Analyse vulnerabilities and engage with the Technology teams and Business units to resolve identified vulnerabilities within SLAs.
- Develop, build and implement a mature and robust set of remediation metrics and reports
- Consolidate remediation progress on application and infrastructure vulnerabilities into one risk focused view to help guide senior management risk and remediation decisions.
- Provide thought leadership, research and report on current SC exposure to vulnerabilities and emerging threats and vulnerabilities through periodic management briefings and bulletins and working closely with relevant teams to implement short-gap remediation activities and compensating controls to reduce risk while identified vulnerabilities are being addressed
- Ensure vulnerability remediation services are agile to cater for remediation requirements for DevOps and cloud based environments
- Maintain and evolve a mature set of vulnerability remediation processes covering all areas of technology.
- Deliver continuous improvement through process re-engineering, technology transformation, integration and exploitation to deliver optimised yet robust services to mitigate threats to the Bank
- Manage and influence stakeholders in understanding risk exposure, remediation prioritisation and importance from vulnerabilities the Bank could be exposed to
- Bachelor Degree in Engineering, Computer Science/Information Technology or its equivalent.
- Industry certifications will be a plus e.g. CISSP, SANS certifications
- Between 10 - 12 years of in-depth, hands-on working knowledge in Security assurance, technologies and Operational experience in a global environment.
- Basic experience in cloud security and a good understanding of DevSecOps principles including Continuous Integration/Continuous Deployment practices (CI/CD)
- Good working knowledge in:
- The threat and vulnerability landscape including malware, emerging threats, attacks and vulnerability management
- Vulnerability Management processes and technologies
- Patch Management processes and technologies
- Operating system security concepts
- Experience in working with cross-border teams, preferably in the Financial Services industry.
- Broad understanding of security related regulatory requirements from MAS, HKMA, RBI, PRA and DFSNY
- Fundamental skills of Task prioritization, Time management, Customer focus.
- Detailed oriented, Strong deductive reasoning, critical thinking and problem solving skills.
- Ability to work in a fast-paced team environment
- Proven ability to manage diverse stakeholder expectations
- Excellent oral/written communication skills for articulating thoughts clearly with stakeholders ranging from engineers to senior business management
- Exceptional interpersonal, team building, mentoring and leadership skills with a demonstrated ability to gain the confidence and respect of senior level executives
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages .