Phishing Operations Specialist

Job Description

*About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East. To us, good performance is about much more than turning a profit. Its about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good. Were committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.Make an impact every day with Trust, Data and Resilience (TDR)Our TDR team sits within the Group Operations function and is responsible for mission-critical areas including cyber, information, data, privacy and resilience. These are challenges that impact our clients globally. Our TDR team develops the platforms, drives the processes and builds partnerships to benefit millions of people every day. They thrive in providing solutions to complex issues, devote time and energy to designing new and innovative solutions, and all in an environment that demands being risk-aware, not risk-averse. TDR chooses progress over perfection and aims to always participate with a constructive purpose. The team makes an impact wherever they are based, be it in our offices around the world, our Global Business Solution centres in China, India, Malaysia and Poland, or even from our home. Now you have an opportunity to make a meaningful impact with a diverse and passionate team of creators, innovators and achievers. With us, you ll learn, be inspired, and make an impact every day. The success of our work hinges on how we use the unique diversity of our people to realise the effects we seek to achieve: Always on. Always safe. Always Simple.Training and Awareness The Training and Awareness (T&A) team is responsible for fostering a data-ready, security-aware and resilient culture that protects the Bank and our clients. It does this through creating risk-based, targeted campaigns for ICS, Data and Privacy, Resilience and 3 rd Party Risk, to drive behavior change amongst employees, executives, third parties and customers. The team drives the design, development, deployment and enablement of delivery via virtual, instructor-led, and digital campaigns, enabled by global awareness communities of practice, based on employees roles and risk types. Their remit spans general employee awareness, role-based training, executive engagement, phishing awareness and simulation exercises, field enablement, communications, assessing and remediating behaviour change, and T&A risk reporting, operations and strategy. BackgroundWe are hiring someone to work alongside and support the Head of Social Engineering & Emerging Threats. The team runs Bank-wide and targeted phishing simulations that address specific audiences, high risk users and emerging threats. In particular, they will be responsible for ensuring the technical aspects i.e. URL whitelisting, have been approved in advance, as well as being the main contact point with internal security teams. The role will be varied: learning how to design and implement phishing simulations for both Bank-wide and targeted audiences, using live threat intelligence to ensure the Bank is using the most appropriate templates to mimic genuine threat actors. Also, they will learn how to develop detailed tailored reports that will highlight specific areas of the Bank that need additional training and awareness. They will need to understand how awareness tactics align with the appropriate regulations, standards, policies and risks and how phishing can be used as both an education tactic as well as an assurance tool. Main Purpose of Role:

• Support the design and implementation of Bank-wide and targeted phishing simulations using data gathered from numerous sources both internally and externally to the Bank, driving down the overall threat of phishing to the Bank.
• Ensure the relevant technical elements for each simulation have been approved in advance i.e. URL whitelisting
• Align awareness efforts to cyber security policy and standards, industry framework and security threats, business requirements, technology enhancements and desired behaviour list.
• Define, monitor, and publish key performance metrics and key control indicators to measure effectiveness, and showcase successes and opportunities for improvement that clearly demonstrate behavioural change and help foster a robust security culture. Demonstrate that the awareness programme is addressing the right risks, meeting clear learning objectives and delighting audiences.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders

• ICS Training and Awareness teams
• 2L assurance and risk teams
• Heads of ICS
• Information and Security Risk Officers (country, region, group, business and functions)
• ICS Regional Awareness Leads and Security Champions
• Group Learning, people Capability and HR
• Threat Intelligence Team
• Policy & Governance Team
• Corporate Affairs and Brand & Marketing Team (country, region, group, business and functions)
• Compliance, Conduct and Fraud Awareness Teams
• Extended CISO Awareness Teams: Resilience, TPSR, Automation, Data & Privacy
• CISO & COO, CISRO, CRO MT (country, region, group, business and functions)

Our Ideal Candidate

• Minimum a Diploma holder in any discipline
• At least 2 years of mandatory experience in Phishing
• Knowledge of cyber learning and development, with ability to design and run successful phishing awareness and simulation campaigns to all Bank staff as well as high risk roles;
• Creative, out of the box thinking with an unstoppable desire to constantly re-invent the Bank s cyber learning approach to phishing;
• Experience with communicating technical jargon as well as non-technical jargon to a wide array of different stakeholders such as the Email Exchange Team, People Capability and Group Policy Team;
• Competent and comfortable with a very dynamic and demanding environment
• A holistic, customer-first view to planning and execution process: ability to define clear learning objectives, identify relevant tactics, set out what good looks like (targets/metrics/output and outcome)
• Experience with working alongside third party vendors.

Apply now to join the Bank for those with big career ambitions. To view information on our benefits including our flexible working please visit our career pages . We welcome conversations on flexible working.,

Keyskills :
customer servicecustomer relationssecurity riskcyber securitysecurity policybehavior changeequipment supplyfield enablement