Information and Cyber Security Testing Manager
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
THE ROLE RESPONSIBILITIES
• Contribute to plan and deliver regulatory driven Cyber Stress Testing activities.
• Contribute to plan, execute and evaluating red team exercises, penetration tests and vulnerability assessments
• Support the senior information and cyber security testing manager to manage the third-party suppliers for stress testing, red team exercise, vulnerability assessments and penetration tests
• Contribute to the design and implementation of the Information and Cyber Security (ICS) testing methodology and ensure that the ICS testing deliveries meet the quality standards set out in the methodology
• Performs security risk reviews of application designs, business process design and deployments as required
OUR IDEAL CANDIDATE
• Ability to conduct penetration tests and full-scale red team exercises in various environments using automated and manual methods
• Good knowledge of major operating systems and infrastructure components
• Good knowledge of security technologies such as firewalls, IDS/IPS, EDR, proxies and DLP
• Ability to perform security threat analysis and threat modelling
• Ability to provide detailed solutions to identified security issues
• Good communication, writing and presentation skills.
• Familiarity with Security Testing methodologies such as PTES, OWASP-TG, etc.
• Ability to work effectively with a variety of stakeholders' interests within the enterprise
• Experience in the financial or other regulated industry
• Experience with risk frameworks by NIST, ISO, etc.
• Experience in utilizing the MITRE ATT&CK framework
• Reverse engineering and exploit development experience is preferred
• Operational knowledge of security distributions such as BackBox, PenToo, Kali, CAINE, etc. is preferred
• Certification: OSxx, CREST, GIAC, ISC2 is preferred