← back to jobs
> job detail
S
👽Other

Insider Threat Analyst (Malaysia/India) (Bukit Jalil KL, MY)

Standard Chartered · Bukit Jalil KL, MY
// classified as
Other (Adjacent or hard to classify.)
posted
1d ago
location
Bukit Jalil KL, MY
languages
tools
> description
<div><div style="padding:10.0px 0.0px;border:1.0px solid transparent"><div style="font-size:14.0px;word-wrap:break-word"><H2 style="font-size:1.0em;margin:0.0px"><b>Job Summary</b></H2> </div><div><p><span style="font-size:10.0pt;font-family:arial, helvetica, sans-serif"><strong><span>This </span></strong></span><span style="font-size:10.0pt;font-family:arial, helvetica, sans-serif;color:black"><strong><span>role could be based in Malaysia or India. When you start the application process you will be presented with a drop down menu showing all countries, please ensure that you select a country where the role is based.</span></strong></span></p> <p> </p> <p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black"><strong>Ready to take the next step in your career with us?  </strong></span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, here for good.  </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black"><strong>About the team </strong></span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    The Insider Threat Team (part of the Cyber Security Operations function within Transformation, Technology &amp; Operations) is a relatively new team, which has started to make a big impact. The team works with stakeholders and peers across the Bank to detect, investigate and manage events which may harm the Bank or its’ assets. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black"><strong>About the role </strong></span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    We now need a Senior Insider Threat Investigator to help us grow further. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    In this role, you will be responsible for leading the day-to-day efforts to identify and assess insider risks, threats, and events as well as help identify control weaknesses and drive control enhancements across a wide variety of business and functions at Standard Chartered. As a senior specialist in the team you will be involved in complex investigations and surveillance of known or suspected threats as well as escalation to relevant stakeholders and partner functions including outcome management. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    The successful candidate will have experience in conducting investigations, including forensics, applying risk assessment methodologies to uncover control gaps in business processes, applications, and assets.</span></p></div></div><div style="padding:10.0px 0.0px;border:1.0px solid transparent"><div style="font-size:14.0px;word-wrap:break-word"><H2 style="font-size:1.0em;margin:0.0px"><b>Key Responsibilities</b></H2> </div><div><p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black"><strong>Strategy</strong></span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Design, develop, and enhance the organization’s insider threat detection and prevention framework.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Create long-term strategies for identifying and mitigating emerging insider risks.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Design and deliver insider threat awareness and training programs to educate employees and foster a security-conscious culture.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Identify patterns and trends in insider threat incidents to inform strategic decision-making.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Continuously monitor user activity and system logs for suspicious behaviours using insider threat detection tools.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Analyse behavioural and digital data to identify high-risk individuals or activities.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Provide actionable insights to senior leadership, including quarterly and annual reports on program effectiveness.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black"><strong>Business</strong></span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Collaborate with HR, Legal, and IT teams to align insider threat policies with organizational goals and compliance requirements.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Facilitate cross-functional communication and ensure alignment on mitigation strategies.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Responsible for partnerships with stakeholders to ensure timely and appropriate collaboration and consistent consequence management is taking place. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Responsible for investigating a diverse range of insider incidents, including physical policy violations, data leaks, espionage, frauds, and theft of IP. Gather and analyze evidence, conduct interviews, apply technical expertise to identify root cause(s) and present legally compliant, objective findings and recommendations to stakeholders at all levels. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Ensure compliance with regulatory requirements and internal policies during investigations and program development.</span></p></div></div><div style="padding:10.0px 0.0px;border:1.0px solid transparent"><div style="font-size:14.0px;word-wrap:break-word"><H2 style="font-size:1.0em;margin:0.0px"></H2> </div><div><p><span style="font-size:10.0pt;color:black"><strong><span style="font-family:arial, helvetica, sans-serif">Processes</span></strong></span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Responsible for case management portal integration and the development of metrics to support risk reporting and consequence management. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Responsible for logging, prioritising and managing incidents reported by stakeholders and those received by the Insider Team via various channels. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Responsible for escalation of major incidents to the relevant stakeholders, ensuring proper communication and coordination throughout the incident resolution process.  </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Provide consultation on analysis of incident data to identify trends, recurring issues, and areas requiring improvement. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Consult, provide recommendations, and assist leadership in the design, implementation, and execution of solutions to achieve the objectives of the Insider Threat Team. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Consult the Head of Insider Threat in developing trends and insights based upon datasets to drive continual improvements. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Accountable for the development of Playbooks and Standard Operating Procedures for dealing with insider incidents. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Provide consultation to the Insider Team in support of creating the insider threat assessment framework, methodology, gather and report on security metrics that demonstrate the relative cost/benefit of the security operations and other cybersecurity initiatives. </span></p></div></div><div style="padding:10.0px 0.0px;border:1.0px solid transparent"><div style="font-size:14.0px;word-wrap:break-word"><H2 style="font-size:1.0em;margin:0.0px"></H2> </div><div><p><span style="color:black"><strong><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt">People and Talent</span></strong></span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Foster a culture of excellence, mentorship, and continuous learning within the team.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Attract, retain, and develop top-tier talent in the field of endpoint security, ensuring a diverse and skilled workforce.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Cultivate a collaborative and inclusive environment to maximize team productivity and effectiveness.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Lead through example and build the appropriate culture and values. Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Ensure the provision of ongoing training and development of people and ensure that holders of all critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Responsible for providing case consultations to other member of the team on challenging Insider Threat investigations. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Employ, engage, and retain high quality people, with succession planning for critical roles.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Responsibility to review team structure/capacity plans.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Set and monitor job descriptions and objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectives.</span></p></div></div><div style="padding:10.0px 0.0px;border:1.0px solid transparent"><div style="font-size:14.0px;word-wrap:break-word"><H2 style="font-size:1.0em;margin:0.0px"><b></b></H2> </div><div><p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black"><strong>Risk Management</strong></span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Create operational plans and reports for business and functions in respect of Insider Threat Risk management.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Implement and oversee risk management protocols to minimize potential vulnerabilities.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Regularly assess the risk landscape and adapt strategies to address new and existing threats.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Conduct regular risk assessments to identify vulnerabilities and threats to the organization’s data.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Provide consultation in support of status reporting to senior management, relevant working groups and Committees. Responsible for escalation of any material blockers and impediments in a timely manner. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Be aware of, identify and escalate all risk issues and concentrations in accordance to the firm’s Group Information and Cyber Security Policy. Where appropriate, direct remedial action and/or ensure adequate reporting to Risk Committees. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Develop and implement mitigation strategies to address identified risks.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Monitor and analyse security incidents to improve response strategies.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black"><strong>Governance</strong></span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Promote an environment where compliance with internal control functions and the external regulatory framework is a central priority of the service.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black"><strong>Regulatory and Business Conduct</strong></span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Display exemplary conduct and live by the Group’s Values and Code of Conduct. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Exercise authorities delegated by the Board of Directors and act in accordance with Articles of Association (or equivalent) </span></p></div></div><div style="padding:10.0px 0.0px;border:1.0px solid transparent"><div style="font-size:14.0px;word-wrap:break-word"><H2 style="font-size:1.0em;margin:0.0px"><b></b></H2> </div><div><ul style="margin-bottom:0.0in;margin-top:0.0px"> <li style="margin:0.0in 0.0in 0.0in 0.0px;font-size:11.0pt;font-family:Arial, sans-serif;color:#525355;text-indent:24.0px"><span style="font-size:10.0pt;color:windowtext">Support the configuration, maintenance and ongoing refinement of insider risk detection workflows, including policy logic, risk indicators, alert thresholds and case triage processes, using relevant enterprise platforms such as <strong>Microsoft Purview Insider Risk Management </strong>where applicable.</span></li> <li style="margin:0.0in 0.0in 0.0in 0.0px;font-size:11.0pt;font-family:Arial, sans-serif;color:#525355;text-indent:24.0px"><span style="font-size:10.0pt;color:windowtext">Support the development, maintenance and continuous improvement of <strong>insider threat dashboards and data visualisations</strong> to enable risk reporting, trend analysis, case oversight and management decision making.</span></li> <li style="margin:0.0in 0.0in 0.0in 0.0px;font-size:12.0pt;font-family:&#39;Times New Roman&#39;, serif;text-indent:24.0px"><span style="font-size:10.0pt;font-family:Arial, sans-serif">Collaborate with HR, Legal, and IT teams to align insider threat policies with organizational goals and compliance requirements.</span></li> <li style="margin:0.0in 0.0in 0.0in 0.0px;font-size:12.0pt;font-family:&#39;Times New Roman&#39;, serif;text-indent:24.0px"><strong><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black"><span style="font-size:10.0pt;font-family:Arial, sans-serif;color:#525355">Responsible for investigating a diverse range of insider incidents, including physical policy violations, data leaks, espionage, frauds, and theft of IP.</span></span></strong></li> </ul> <p><strong><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">Key stakeholders</span></strong><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Tech, Transform and Ops</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Information &amp; Cyber Security </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Cybersecurity Operations</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Cyber Defence Centre</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Insider threat Operations</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Security Monitoring &amp; Analytics</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Group Threat Management</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Data Loss Prevention</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Fusion Working groups</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    CISO functions</span></p></div></div><div style="padding:10.0px 0.0px;border:1.0px solid transparent"><div style="font-size:14.0px;word-wrap:break-word"><H2 style="font-size:1.0em;margin:0.0px"><b>Skills and Experience</b></H2> </div><div><p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Knowledge of industry best practices and frameworks such as the NIST Cybersecurity Framework (CSF), MITRE ATT&amp;CK, etc. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Ability to independently triage/ assess complex incidents and assign them to other members of a team, managing the overall deliverables for the team. </span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Ability to use tools, data, and best practices to identify, assess, and manage potential Insider events as well as advise and guide others.</span></p> <ul> <li><span style="font-size:10.0pt;color:windowtext">Working knowledge of insider threat platforms (e.g. Microsoft Purview Insider Risk Management), including configuring policies, tuning risk indicators and alerts, and optimising tool workflows to support effective investigations</span></li> <li><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black"><span style="font-size:10.0pt;font-family:Arial, sans-serif">Experience developing data visualisation dashboards (e.g. <strong>Power BI</strong>) to support risk reporting and management insights would be advantageous.</span></span></li> </ul></div></div><div style="padding:10.0px 0.0px;border:1.0px solid transparent"><div style="font-size:14.0px;word-wrap:break-word"><H2 style="font-size:1.0em;margin:0.0px"><b>Qualifications</b></H2> </div><div><p><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    Education: Degree or Equivalent Experience in Digital Forensics or Investigation or significant work history in related/ complementary roles.</span><br><span style="font-family:arial, helvetica, sans-serif;font-size:10.0pt;color:black">•    <span style="font-size:10.0pt;font-family:Arial, sans-serif">Cyber security certifications (e.g., CISSP, CISM, etc.), insider threat certifications (e.g., ITPM, GCITP, etc.), Incident Management, Forensics or Investigation-focused certifications will be advantageous. </span></span></p></div></div><div style="padding:10.0px 0.0px;border:1.0px solid transparent"><div style="font-size:14.0px;word-wrap:break-word"><H2 style="font-size:1.0em;margin:0.0px"><b>Competencies</b></H2> </div><div><div>Action Oriented</div><div>Collaborates</div><div>Customer Focus</div><div>Gives Clarity &amp; Guidance</div><div>Manages Ambiguity</div><div>Develops Talent</div><div>Drives Vision &amp; Purpose</div><div>Nimble Learning</div><div>Decision Quality</div><div>Courage</div><div>Instills Trust</div><div>Strategic Mindset</div><div>Technical Competencies: This is a generic competency to evaluate candidate on role-specific technical skills and requirements</div></div></div><div style="padding:10.0px 0.0px;border:1.0px solid transparent"><div style="font-size:14.0px;word-wrap:break-word"><H2 style="font-size:1.0em;margin:0.0px"><b>About Standard Chartered</b></H2> </div><div><p>We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.</p> <p>Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.</p> <p>Together we:</p> <ul> <li><b>Do the right thing</b> and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do</li> <li><b>Never settle,</b> continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well</li> <li><b>Are better together,</b> we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term</li> </ul></div></div><div style="padding:10.0px 0.0px;border:1.0px solid transparent"><div style="font-size:14.0px;word-wrap:break-word"><H2 style="font-size:1.0em;margin:0.0px"><b>What we offer</b></H2> </div><div><p><b>In line with our Fair Pay Charter,</b> we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.</p> <ul> <li><b>Core bank funding for retirement savings, medical and life insurance,</b> with flexible and voluntary benefits available in some locations.</li> <li><b>Time-off</b> including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.</li> <li><b>Flexible working</b> options based around home and office locations, with flexible working patterns.</li> <li><b>Proactive wellbeing support</b> through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits</li> <li><b>A continuous learning culture</b> to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.</li> <li><b>Being part of an inclusive and values driven organisation,</b> one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.</li> </ul></div></div><div style="padding:10.0px 0.0px;border:1.0px solid transparent"><div style="font-size:14.0px;word-wrap:break-word"><H2 style="font-size:1.0em;margin:0.0px"><b>Recruitment Assessments</b></H2> </div><div><p>Some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.</p> <p>Visit our careers website <a href="https://www.sc.com/en/global-careers/" rel="noopener" target="_blank">www.sc.com/careers</a></p></div></div></div>