Head of Enterprise Security Architecture
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base. Make an impact every day with Trust, Data and Resilience (TDR)
Our TDR team sits within the Group Operations function and is responsible for mission-critical areas including cyber, information, data, privacy and resilience. These are challenges that impact our clients globally. Our TDR team develops the platforms, drives the processes and builds partnerships to benefit millions of people every day. They thrive in providing solutions to complex issues, devote time and energy to designing new and innovative solutions, and all in an environment that demands being risk-aware, not risk-averse. TDR chooses progress over perfection and aims to always participate with a constructive purpose. The team makes an impact wherever they are based, be it in our offices around the world, our Global Business Solution centres in China, India, Malaysia and Poland, or even from our home.
Now you have an opportunity to make a meaningful impact with a diverse and passionate team of creators, innovators and achievers. With us, you'll learn, be inspired, and make an impact every day. The success of our work hinges on how we use the unique diversity of our people to realise the effects we seek to achieve: Always on. Always safe. Always Simple. The Role Responsibilities
The Head of Enterprise Security Architecture is a key function within CSS and requires a highly skilled and experienced Security Architecture thought leader to lead the team and build a robust security architecture practice to drive architectural quality, repeatability, automation and resilience across the CSS service lines. In addition, this role oversees all security capability governance for the Bank ensuring alignment to the Enterprise Architecture Strategy and Principles and provides bespoke security consulting services for emerging technologies and threats. Strategy
- Provide leadership and oversight by setting the direction, people strategy, stakeholder engagement and operating model of the Security Architecture function within Cyber Security Services (CSS).
- Drive the creation and delivery of Enterprise Security Architecture with Technology including definition of frameworks, principles and security capability model, delivery of reference architectures, reviewing enterprise technology solutions for adherence to security principles, and supporting the creation of a group-wide technology strategy.
- Ensure CSS and STS technology standards are fit for purpose and meet stakeholder and governance expectations.
- Proactively engage with senior stakeholders to obtain buy-in for the service and manage expectations and escalations accordingly.
People and Talent
- Review the definition of service line architectures, product catalogues, detailed capability roadmaps, target operating Models and security service patterns delivered from CSS and STS Service Lines.
- Establish criteria for evaluating the quality, robustness and alignment to group standards for Project artefacts, RFPs and Technical Standards.
- Plan and manage the financing (RtB, Continuous Improvement budget, CtB) within the applicable financial framework.
Provide Leadership and functional responsibility for a team of 10 Security architects including:
- Lead through example and build the appropriate culture and values.
- Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.
- Promote and embed a culture of openness, trust and risk awareness, where ethical, legal, regulatory and policy compliant conduct is the norm.
- Stimulate an environment where forward planning, prioritisation, deadline management and streamlined workflows and collaborative, inclusive yet effective and efficient work practices are the norm.
- Ensure the provision of ongoing training and development to ensure that team members are competent, suitably skilled and qualified for their roles, ensuring that they have effective supervision in place to mitigate any risks.
- Review team structure / capacity plan to ensure an effective and efficient risk management framework and manage attrition when needed.
- Ensure security engineers are engaged and have opportunities for recognition and advancement
- Provide Security Consulting Services to construct position papers, best practices, establish patterns, and enable secure adoption of emerging technologies and to address new or emerging threats.
Regulatory & Business Conduct
- Drive the creation and delivery of a consistent, coherent and fit-for-purpose Enterprise Security Architecture, by establishing and operating architectural governance over technical security standards, reviewing security patterns, roadmaps and solution architecture, reviewing service target state architecture, reviewing Request For Proposals (RFPs), Project Execution Documents (PEDs) and Business Requirements Documents (BRDs).
- Establishing architecture criteria for project governance, including expectations for solution reliability, APIs and automation, design reviews, standardisation, operating model definition, preparedness for SDF and readiness for production.
- Establish governance over requirements lifecycle management, including engagement of relevant stakeholders, evidence capture, and mapping of solutions against requirements.
- Display exemplary conduct and live by the Group's Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Cyber Defence Centre (CDC)
- Cyber Threat Intelligence & Countermeasures
- Cyber Advisory & Testing
- Access Management and Data Protection
- Security Engineering
- Security Transformation Programme
- Cyber Risk and Control Team
- Enterprise Technology teams and wider ITO/CIO stakeholder teams
- Regulators across multiple countries
- TDR Management Team
Our Ideal Candidate
- Represent Standard Chartered at trusted forums, regulator briefings and external groups as a security architecture thought leader.
- Bachelor's degree in Computer Sciences / Technology / Engineering
- At least 10 years of experience in leading technology security strategy, architecture and/or engineering in a global financial organisation
- Broad technical knowledge of the cyber threat landscape including threat actors, attack types, tactics, tools and procedures, and effective counter measures in a banking environment.
- Broad technical experience in security technology domains, including identity and access management, privacy and data protection, application security, threat management, cryptography and risk management.
- Broad knowledge of multiple technology domains, including networks, technology platforms, cloud platforms, systems development, and operations.
- Experienced in building security capability models covering business and technical requirements.
- Experience with all aspects of secure design, build, engineering and deployment of Security Architecture at an enterprise level.
- Knowledge of secure cryptographic engineering to international standards such as NIST, FIPS, PCI.
- Experience with modern solution engineering approaches such as build and test automation, continuous integration, continuous deployment, Blue-Green, Agile, DevOps, Site Reliability Engineering, virtualization, containerization, serverless, and the technologies that support these approaches
- Excellent communication and briefing skills at senior executive and board level - oral, written and presentation; technical reporting writing across various types of target audiences.
- Entrepreneurial thinking, able to rapidly adapt to and adopt new technology concepts, and consistently find value creation opportunities.
- Strong sense of personal ownership and responsibility in accomplishing the organisation's goal. Is confident and will roll-up his/her sleeves to drive success. Able to get things done in a fast-paced environment. Is transparent and open around what doesn't work and what does.
- Excellent organizational and leadership skills (successfully lead and managed end-to-end technology services and or technology operations) with ability to manage multiple deadlines and effectively prioritise
- Experience of developing a people strategy, influencing relevant stakeholders and decision makers, and executing decisions efficiently and consistently
- Experience engaging directly with regulators
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our career pages . We welcome conversations on flexible working.