Cyber Security Specialist, SC Ventures

About SC Ventures

SC Ventures is Standard Chartered’s innovation, fintech investment and ventures arm. We were established to reinvent banking, as the significant technological disruptions to the industry was impacting its ability to serve clients and customers, in the ways they needed to be served.

We are a unique ecosystem of innovators, banking experts, business builders and partners who are focused on rewiring the DNA in banking and bringing breakthrough ideas to scale, together.

We are building ecosystems around four high conviction themes: Online Economy & Lifestyle, SMEs & World Trade, Digital Assets, and Sustainability & Inclusion.

We are a global team of "Members" (excluding individual ventures), including dedicated colleagues from the Group's support functions, based in Singapore, Hong Kong, London, and the United Arab Emirates.

Purpose

The cyber security specialist is a thought-leader, who is accountable for the provision of cyber security services and controls to maintain and continuously improve Ventures’ cyber security posture in today’s ever evolving cyber security landscape.

The role is to protect our Ventures and the Platform from cyber security threats by delivering effective information security technology services, managing and responding to security incidents to ensure, and support the continuity and growth of innovation’s arm operations; and meet both internal and external stakeholders’ expectations within SC Ventures, the SC Ventures CTO and bank leadership.

Standard Chartered is innovating within SC Ventures and requires a forward thinking “Secure by Design” and ‘Compliant by Default’ function to embed Security in its portfolio of technology investments and projects. Reporting directly to the SCV Technology and ICS Operating Lead, and dotted line to the SCV CISO you will be part of dynamic team and expected to effective and efficient security solutions for Ventures of varying size from conception through development to operational production systems.

Responsibilities

• Provide deep consulting expertise on complex projects, delivering workable and risk/threat-driven solutions;
• Conduct various threat modelling techniques at an application, system and enterprise level;
• Create and harvest reusable Security Patterns through projects and bank security team;
• Provide thought leadership on emerging technologies and how they can be secured;
• Work in an Agile environment to drive continuous improvement (efficiency and effectiveness) to align to System Readiness Assurances (SRA) and perform Security Impact Assessments (SIA);
• Maintain and grow a centralised knowledge repository of Security Requirements, Patterns, Threat Models and Capabilities;
• Be a Secure by Design Champion and promote secure software development practices within each Venture, and its sub-contractors.
• Cloud Identity and Access and Provisioning for new and on-going ventures
• SaaS Security Risk Assessment tools Support the Architecture team from an ICS perspective

ICS and Governance

• Define and maintain an efficient technical assurance methodology which delivers risk focused, timely and re-performable assurance on key controls, to support and maintain risk reduction
• Proven experience identifying solutions for complex problems in enterprise environments.
• Proven ability to map and understand complex relationships and interactions between Enterprise Architecture, business direction, emerging trends, emerging technologies, and legacy systems
• Proven ability to do research and documentation on emerging trends and their impact
• Strong technical knowledge and confidence in communicating with highly technical audiences.
• Highly meticulous and detail oriented.
• Excellent analytical and problem solving skills.
• Proven experience and desire to operate as a self-starter and be comfortable working in an ambiguous, yet fast-paced, environment.
• Superb speaking, writing and influencing skills are required as the opportunity often presents or interacts verbally or in written form to CTO, CISO/CIS, and business leadership.
• Proven ability to identify and develop clear and understandable security capabilities and strategic views from high-level business objectives and technology constraints.
• Developing knowledge of information security principles, frameworks and best practices and how those principles support the Group's Information & Cyber Security Strategy and Vision.
• Proven ability to pull a diverse group of individuals with different goals together to facilitate, moderate, and influence productive discussions driving towards results
• Strong business acumen to quickly learn new business processes and understand how information security can support the business in achieving revenue and profit goals
• Superior communication and collaboration skills, ability to explain complex concepts in plain language and graphics.
• Demonstrated relevant security expertise in designing security solutions for a mix of technology areas, with a focus on application, network and cloud security.
• Demonstrated ability to develop expertise on the job and supporting security programs in a mix of technology areas

Our Ideal Candidate

• 10+ years' experience in information security or information technology disciplines
• 5+ years of Information Security architecture and / or strategy
• Experience running cyber security (1st line) in a start up / fintech
• Experience working in a regulated banking / financial services environment

Role Specific Technical Competency

• Familiarity with ISO27001, ISO27017 and ISO27018 is beneficial
• CISSP / GSEC / SABSA / TOGAF certifications highly beneficial
• Advanced Identity & Access Management (SAML, SSO, AD)
• APIs, Web Services, REST Endpoints, HTTP Headers
• Cloud Service, Provider, and Platform Security (SaaS, FaaS, PaaS & IaaS)
• Application Security (Secure SDLC, DevSecOps, and IaC Automation)
• Next Generation Network Security (Software Defined Perimeter, Zero Trust/BeyondCorp, SDWAN)
• End User Technology, Productivity & Collaboration Security
• Hands-on experience with Cloud configuration (Azure, AWS, GCP)
• AWS SCP/ JSON Policies, and Identity and Access Management (IAM) experience
• Bachelor's degree in Computer Science or related field, or equivalent work experience