Spl''st, Architect-2400002937

Role Responsibilities 

As a Senior Threat Modelling Security Architect, you will play a critical role in ensuring the security of our systems and networks. Your primary responsibility will be to evaluate security architectures and designs, validating their adequacy in response to requirements outlined in Requirements. You'll work closely with cross-functional teams to determine protection needs (security controls) for information systems and networks, documenting them appropriately.

RESPONSIBILITIES

• Security Architecture Evaluation:
• Evaluate proposed security designs and architectures to ensure compliance with Non-Functional Requirements.
• Identify vulnerabilities, risks, and potential gaps in security.
• Collaborate with stakeholders to address security concerns proactively.
• Threat Modelling:
• Conduct threat modelling exercises to identify potential threats and attack vectors.
• Analyse system components, data flows, and interactions to assess security risks.
• Propose mitigation strategies based on threat modelling findings
• External-Facing Application Threat Modelling:
• Specifically focus on threat modelling for applications exposed to external users.
• Consider risks related to authentication, authorization, input validation, and data exposure.
• Collaborate with Product and development teams to enhance security posture leveraging the backlog and priorotisation.
• Incident Response:
• Develop and maintain incident response plans.
• Participate in incident handling, including detection, analysis, containment, eradication, and recovery.
• Coordinate with incident response teams and external partners as needed.
• Security Controls Documentation:
• Document comprehensive security controls required for information systems and networks.
• Ensure alignment with industry best practices and standards.
• Maintain accurate records of security decisions and the rationale behind them.
• Security Testing and Validation:
• Develop and implement test scripts to validate the effectiveness of security systems.
• Participate in security testing activities, including vulnerability assessments and penetration testing.
• Verify the efficiency of security controls.
• Continuous Learning and Collaboration:
• Stay updated on emerging security practices, standards, and technologies.
• Participate in educational opportunities and professional organisations.
• Share knowledge and insights with the broader community.
• Middle-Level Mastery:
• Lead, mentor, and influence Hives/Squads with Security first
• Provide guidance, set objectives, and oversee the security symphony in project execution.
• Collaborate with senior management to align security initiatives with organizational objectives.
• . Stakeholder Enchantment:
• Engage with internal and external stakeholders, including business units, legal, compliance, and executive leadership.
• Communicate security risks, strategies, and recommendations clearly and concisely.
• Foster strong relationships to ensure security alignment across the organization.

Regulatory & Business Conduct 

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Lead the [country / business unit / function/[team] to achieve the outcomes set out in the Bank’s Conduct Principles: [Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment.] 
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key stakeholders

• Application teams, Domain CISO, Head of Security Architecture

QUALIFICATIONS

TRAINING, LICENSES, MEMBERSHIPS AND CERTIFICATIONS

• Bachelor's degree in Computer Science, Information Security, or related field.
• Certifications such as CISSP, CISM, or CEH are highly desirable.
• Experience in threat modelling, security architecture, and risk assessment.