About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 160 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion. Together we:
In line with our Fair Pay Charter,
- Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
- Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
- Be better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term
we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.
Recruitment assessments -
- Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations
- Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with with minimum global standards for annual and public holiday, which is combined to 30 days minimum
- Flexible working options based around home and office locations, with flexible working patterns
- Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills,global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
- A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning
- Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.
some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.The Role ResponsibilitiesBusiness
- Integration Service, being part of Bank&rsquos Enterprise Technology, is considered as the veins and arteries of the bank&rsquos IT systems &carriersof data for bank's global system. The critical service offerings deal with transportation of real time transactions, reports, file transfers, emails, SMS, synchronous and asynchronous events, batch transactions, east-west and north-south traffic and much more.
- We are looking for Integration Service security engineer who are well-versed in cyber security and possess deep technical and operational hand-on skillset to assist in embedding security into the design, engineering, and operation of various service offerings in Integration Services.
- In this role, not only you will have great exposure to learn the most advanced integration technology such as IBM MQ, Solace messaging, Webmethod broker, APIs gateway, Cloud, and DevSecOp, but also the opportunity to work with most talented people from a diverse background including solution architects, developers, engineers, risk managers and other cyber security experts across the organization.
Regulatory & Business Conduct
- Perform and document Secure-by-Design architectural review for the complex interconnected systems and solutions used by Integration Services deployed both on-Prem and in the Cloud. In doing so, systemically apply threat modelling technique to proactively identify threats and recommend security controls to mitigate them.
- Develop product specific security standard and configuration guideline by taking into consideration of industry security best practices, the Bank&rsquos operating environment, as well group ICS policy/ standards. Additionally, work with product engineer to develop tooling and processes to enforce the configuration baseline and risk manage exceptions.
- Drive the adoption of the Bank&rsquos central security Policy/Standards, Services, tooling and processes within Integration Services (e.g. Security Impact Assessment, Privileged ID management, Crypto-as-a-Service, IAM service, etc) to improve the security posture. Where needed, tweak to make them fit-for-purpose to meet the specific needs of the Business.
- Analyse security requirements, contribute to architect and design of innovative solutions to meet the unique security needs of Integration Services, such as built more effective security patching methods, or implement security logging and monitoring solutions.
- Act in first line of defence capacity to continuously perform security risk assessment in diverse platform environments including cloud based, on-prem & hybrid deployment of systems including middleware, backend and application services, as well as drive related security improvement plan and project management.
- Plan and support security project/program by breaking up high level security goals into concrete executable tasks and direct project management and delivery team in successful delivery of security project/programs.
- Analyse security vulnerability and penetration testing report, audit findings. Work with Services owners to risk assess and prioritize remediation. Occasionally, handle security incident and response in collaboration with service owner and Cyber Defence Centre.
- Engage a diverse internal and external stakeholder including developers, architects, other security engineer, risk and audit function, act as focal point for all security related remediation activity.
- Promote positive security culture among Integration Services, such as conduct security awareness and education brownbag session. Take every opportunity to influence stakeholders to give adequate consideration to security in their decision making process.
- Drive end to end system security through 4D secure approach (secure by design, secure in development, secure by deployment, secure by default), by working with diverse stakeholders and navigating through complex environment.
- Provide input to project management, budget, resource, and technology selection RFP.
- Identify continuous improvement opportunity to simplify and streamline security processes while enabling Business.
Our Ideal Candidate
- Display exemplary conduct and live by the Group&rsquos Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Lead the Integration Design Engineering team to achieve the outcomes set out in the Bank&rsquos Conduct Principles: Fair Outcomes for Clients Effective Financial Markets Financial Crime ComplianceThe Right Environment.
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
- Deep technical know-how on security technology such as IAM, PKI, Cryptography, application security, networking and Cloud security.
- Capable of conducting deep technical research into advanced technology or product to understand security implications and derive implementation plan.
- Experience in working with CI/CD, DevSecOps, including Bitbucket, Jenkin, Hashicorp, container technology, OCP/Kubernetes, and deploying application in AWS/Azure.
- Familiar with enterprise integration concept such as SOA, ESB, understand how technology protocol works such as SOAP and REST web, XML, JSON, JWT, Oauth, OIDC.
- Having prior project management and delivery experience would be a plus.
- It is a plus, however not a must, to have prior hands-on experience with middleware technology such as IBM MQ, Solace, Software AG webmethod, Axway, API gateway, CDN, Reverse proxy. However, the candidate MUST be willing to invest in continuous learning and acquire new skills as needed.
- Familiar with one or more programming languages such as Java or Python, PERL, PowerShell, and able to perform coding and debugging when required.
- Good at explaining security concepts to non security people and articulate security risks to senior stakeholders in an impactful manner.
- At least 8-10 years Working experience in Technology, preferably with exposure in Banking and Finance Technology.
- Bachelor&rsquos degree (or higher) in Computer Science or related field. Relevant security certification such as CISSP, GIAC, AWS, Azure is an advantage
- Ability to work with geographically dispersed and highly varied stakeholders, able to embrace agile working in a dynamic and fast paced environment.
- Must possess sharp technical acumen, excellent interpersonal skills and multi-cultural awareness and sensitivity.
Visit our careers website