Senior Information and Cyber Security Testing Manager
About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base. THE ROLE RESPONSIBILITIES
• Managing the third-party suppliers for stress testing, red team exercise, vulnerability assessments and penetration tests
• Design and implement the Information and Cyber Security (ICS) testing methodology and ensure that the ICS testing deliveries meet the quality standards set out in the methodology
• Develop knowledge base of technical and operational controls for ICS tress testing and red team exercise
• Support the Global Head of Information and Cyber Security Assurance and Testing to plan and deliver regulatory driven Cyber Stress Testing activities.
• Support the Global Head of Information and Cyber Security Assurance and Testing to plan, execute and evaluating red team exercises, penetration tests and vulnerability assessments
• Maintain strong stakeholder engagement with internal and external stakeholders to ensure successful delivery of each exercise
• Lead the ICS testing team in Poland OUR IDEAL CANDIDATE
• Highly proficient in conducting penetration tests and full-scale red team exercises in various environments using automated and manual methods
• Expert knowledge of major operating systems and infrastructure components
• Expert knowledge of security technologies such as firewalls, IDS/IPS, EDR, proxies and DLP
• Ability to perform security threat analysis and threat modelling
• Ability to provide detailed solutions to identified security issues
• Good communication, writing and presentation skills.
• Ability to work effectively with a variety of stakeholders' interests within the enterprise
• Ability to lead the team to achieve successful deliveries. Ability to mentor and develop team members.
• Familiarity with Security Testing methodologies such as PTES, OWASP-TG etc.
• Experience in the financial or other regulated industry
• Experience with risk frameworks by NIST, ISO, etc.
• Experience in utilising the MITRE ATT&CK framework
• Reverse engineering and exploit development experience is preferred
• Operational knowledge of security distributions such as BackBox, PenToo, Kali, CAINE, etc. is preferred
• Certification: OSxx, CREST, GIAC, ISC2 is preferred