AVP, Security Operations SPS

Job Description

The Role ResponsibilitiesStrategy

• Security Technology Services (STS) is a critical function within Standard Chartered Bank operating under the overall purview of Technology Services .
• The STS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products to maintain and continuously improve Bank s cyber security posture in today s ever evolving cyber security landscape.

Business

• The STS team protect the Bank from cyber security threats by delivering effective information security technology services, managing, and responding to security incidents to ensure, and support the continuity and growth of Bank s business operations; and meet the both internal and external stakeholders expectations across 70+ countries and territories, in which SCB operates.
• Security Production Support within STS is a transversal service with a primary objective to provide Production Support Services (PSS) for all STS/CSS owned products and services. The PSS function requires an experienced leader to setup a production support team, Run and Govern the minimum production support controls defined by the bank across all security products and services. This includes managing all day-to-day production support operations covering event, incident, problem, release and change activities. In addition to business-as-usual activities, the role is also expected to drive support improvement initiatives for all the security service domains

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Lead to achieve the outcomes set out in the Bank s Conduct Principles: [Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment.] *
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders

• Services Domain Heads within Cyber Security Services
• Other relevant functions with Technology Services including Infrastructure Services (database, network, servers), In-Country Technology teams and End user services

Key Responsibilities

• Leading and managing shift operations and members
• Identify innovation and automation champions within the team and continuously investigate ways in automating repetitive tasks to relax the workload and invest valuable time into other growth areas which benefit the team and people
• Review processes and identify ways to streamline and improve efficiency
• Management escalation POC for tools and application listed above
• Conduct focal point review once a year, communicate individual performance with a rating, share achievement within the team and highlight gaps and/or provide improvement plan
• Manages security incidents, leads investigation, coordinates incident response and remediation activities, recommends required actions and supports and follows up to ensure these are implemented.
• Conduct threat hunting, threat intelligence analysis and log analysis to proactively identify suspicious activities in the environment.
• Proactively identify cyber security improvements and recommends appropriate control improvements.
• Ensure all security related planned and emergency changes been implemented successfully within the bank
• Manages all project transitions to support operations (BAU) as per TDA ensuring all checks comply to bank policy
• Ensure all tools/applications are up to date avoiding obsolesces as per the roadmap provided by engineering/product team
• Drive and coordinate upgrade/migration activity for applications managed within portfolio on top of BAU activity
• Contributes to development of information security policy, standards, and guidelines.
• Support the Production Engineering (PE) team to provide coverage on a 7 day a week, 24 hour per day (24/7) basis
• Ability to work on 24*7 rotating shift is a MUST
• Take End to End ownership of Security Technology Services incidents and Requests to resolve them within agreed objectives and to the satisfaction of customers
• Working in a business environment responds to incident reports issued by User/stakeholders who have encountered suspicious computer behaviour.
• Support the PE team to debug challenging and complex issues to achieve resolution
• Meet or exceed the SLA
• Improve stability of applications through root-cause analysis and undertaking preventive / perfective maintenance activities
• Look at ways of improving the processes to achieve continuous productivity and quality improvements
• Adherence to the specified standards of Quality and Audit / Risk requirements
• Upholding the Values of the Group and Company always and Compliance with all applicable Rules/ Regulations and Company and Group Policies.
• To build relationship & network with stakeholders within & outside STS. Communicates effectively to positively influence peers and stakeholders.
• Ensure customer satisfaction through improved service and quality; interact with senior stakeholders and leadership teams as part of the response efforts
• Develop themselves by actively seeking opportunities for growth, shares knowledge and experiences with others
• Work effectively in diverse teams within a highly inclusive team culture where everyone is supported, respected, and recognized for their contribution
• Assist during noncore business hours during an emergency, critical or large-scale incident
• Fine tune and strengthen Security infrastructure for the betterment of the bank

Our Ideal Candidate

• Minimum over-all 10 years experience in Information Technology
• Minimum 5 years experience in leading and driving a team support 24/7 operations
• Minimum 3 years direct people management experience
• Competency in Windows- server and clients operating systems.
• Good understanding of BAU support processes like SLA management, incident/ problem management. Experience managing tool within Cyber Security (Security Monitoring Tools, DLP, Authentication, Data Protection, Network Security etc.).
• Excellent interpersonal skills with proven ability to interact with remote vendor and technical team members at all levels.
• Able to get things done in a quick-paced environment. Be transparent and open around what doesn t work and what does
• Good knowledge and understanding on the below.
  • Understanding on Linux/UNIX basics
  • Understanding of networking concepts
  • Working knowledge on Windows OS
  • Understanding of Information Security concepts
  • Basic understanding of Web Applications.
• Has excellent knowledge of cloud environment and cloud security
• Excellent communication skills oral, written and presentation; technical reporting writing across various types of target audiences.
• Have good understanding of ITIL practices and ITSM tools
• Has excellent track record in running complex application production / support environment
• Knowledge of SIEM tools - Has supported Problem Management, Change Management and Incident Management functions
• Highly motivated and results-driven
• Excellent communication and interpersonal skills, and able to work well with cross-organizational teams
• Strong analytical and quantitative skill
• Strong sense of personal ownership and responsibility in accomplishing the organisation s goal. Is confident and will roll-up his/her sleeves to drive success.
• Preferred Security certification e.g. SSCP/CISM/CEH/CISSP
• Added advantage: SRE practices and has hands-on experience with managing production as per SRE standards and best-practices. Performed in SRE driven environment in past
• Added advantage: Hands-on knowledge of Java, Python and related tools (bitbucket, antifactory, etc.) with ability to automate manual tasks

,

Keyskills :
windows osfocal pointlog analysiscyber securitysla managementsecurity policynetwork securitysupport servicesmonitoring toolschange managementpeople management