Info Security Senior Manager- GBS Technology
- Kuala Lumpur, Malaysia
- Permanent, Full time
- Standard Chartered Bank Malaysia Berhad
- 15 Dec 18
Info Security Senior Manager- GBS Technology
Job Description - Info Security Senior Manager, Cyber Threat Response Tier-2
Business Title: Info Security Senior Manager, Cyber Threat Response Tier-2
Business Unit: ITO, Technology Services, Security Technology Services, Cyber Defence Centre (CDC)
Job Family: Security Technology Services
Location: Kuala Lumpur, Malaysia
Reports Directly to: VP, Cyber Threat Response Tier-2, Cyber Defence Centre (CDC)
Security Technology Services (STS) is a critical function within Standard Chartered Bank operating under the overall purview of "Technology Services" .
The STS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products in order to maintain and continuously improve Bank's cyber security posture in today's ever evolving cyber security landscape.
The STS team protect the Bank from cyber security threats by delivering effective information security technology services, managing and responding to security incidents to ensure, and support the continuity and growth of Bank's business operations; and meet the both internal and external stakeholders' expectations across 70+ countries and territories, in which SCB operates.
As part of the Security Transformation activities within SCB, a new Cyber Threat Response Tier-2 within the Cyber Defence Centre is being created. This requires a highly skilled and experienced Cyber Security Professional in cyber threat analysis, security incident response & handling and security investigation & forensics.
· Handle escalated security incident investigation and response from Cyber Threat Response Tier-1.
· Oversight on security incident response activities performed by Cyber Threat Response Tier-1.
· Proactive service improvements of monitoring & response playbooks to include lessons learnt from past incidents and perform deep-dive analysis on identified/known Tools, Techniques and Procedures (TTPs) of the cyber attacks.
· Keep abreast on latest cyber security threats and vulnerabilities, in line with the changing Threat Landscape, Regulatory and Compliance requirements.
· Validates and evergreen the cyber security incident response plans, playbooks and other relevant Standard Operating Procedures within Cyber Defence Centre.
· Work closely with Cyber Defence Alliance (CDA) and Collective Intelligence & Command Centre (CnC) for collective response and situational awareness.
· Cross collaboration and participate in joint investigations with Fraud, FCC/i3 and Property
· Participate in the cyber stress testing and Table Top Exercises (TTXs)
· Security Technology Services - Service Managers (Heads) and Service Operations Managers
· Technology Services - Service Managers (Heads) and Service Operations Managers
· Office of the CISO, Group Operational Risk and other Risk & Compliance teams
· Internal and external stakeholders including Technology Services and Business functions, and vendors
COMPETENCIES (KNOWLEDGE & SKILLS):
· 7-10 years of more experience in Information and Cyber Security, preferably from Banking and Financial Services industry
· Strong analytics capability, demonstrated ability to solve complex problems and develop innovative solutions
· Strong knowledge of current threat landscape including common attack types, malware capabilities and recent well publicised security incidents
· Experience in security investigation and forensics would be a plus
· Strong knowledge and experience with security technologies including IDS/IPS, Firewalls & Log Analysis, SIEM, Anti-Virus, Malware Protection, Network Packet Analyzer.
· Strong knowledge of UNIX, Windows and Web security. Knowledge of APT response and defence would be an advantage.
· Strong sense of personal ownership and responsibility in accomplishing the organisation's goal. Shows confidence and will roll-up his/her sleeves to drive success
· Able to get things done in a quick-paced environment. Be transparent and open around what doesn't work and what does
· Excellent communication skills - oral, written and presentation; technical reporting writing across various types of tareget audiences.
· Good working knowledge of software application: Outlook (advance), Word (advance), Powerpoint (advance), Excel (advance)
· Diploma or Bachelor Degree in Engineering, Computer Science/Informaiton Technology or its equivalent
· GAIC Certified Incident Handler (GCIH) and CERT Certified Computer Security Incident Handler (CSIH) would be a plus.