Senior Digital Trust & Application Resilience

Key Responsibilities

Security Strategy and Group Assessments

• Support regular group assessments to evaluate security risks, security maturity and compliance gaps across SCBX Group.

Policy, Procedures, Standards & Guidelines

• Support the development, review, and update of security policies, procedures, standards, and guidelines to ensure robust organizational controls.

• Regularly update documentation to reflect the evolving threat landscape and regulatory requirements.

Security Consultation

• Lead conversation with senior leadership across SCBX Group and provide value-added insights to delivered outcome.

• Develop a comprehensive proposal and project plan that secures buy-in from senior stakeholders, while establishing an effective delivery approach for the working group to ensure successful project delivery and valued outcomes.
  

SDLC Security & DevSecOps Integration

• Develop and implement security frameworks and best practices within the SDLC to minimize vulnerabilities.

• Collaborate with development, operations, and security teams to embed security controls and processes within continuous integration/continuous deployment (CI/CD) pipelines.

• Advise on the integration of automated security testing tools and manual assessments throughout development, staging, and production phases.

Pentester Governance & Annual Panel Selection

• Oversee and manage the overall pentesting program, including planning, scoping, and executing external and internal penetration tests.

• Develop and enforce governance policies for third-party penetration testing, ensuring compliance with internal and industry standards.

• Lead the annual selection process of the pentester panel by evaluating vendor capabilities, reviewing performance metrics, and coordinating panel evaluations.

Application Security Testing

• Define and maintain comprehensive application security testing strategies, including static and dynamic code analysis, vulnerability assessments, and risk management.

• Coordinate regular security assessments, penetration tests, and vulnerability remediation efforts.

• Analyze findings from testing activities and provide actionable recommendations to mitigate risks.
  

Identity Architecture & Strategy

• Define and implement enterprise-wide identity governance frameworks, access models, and role designs.

• Develop future-ready IAM architectures to support Zero Trust security, cloud adoption, and business scalability.

• Design identity lifecycle processes such as automated provisioning, de-provisioning, RBAC, and approval workflows.

• Align IAM practices with global standards (NIST, ISO 27001, CIS) and regulatory mandates (PCI-DSS, GDPR, BOT).

IAM Solution Delivery & Operations

• Lead the design, deployment, and integration of solutions including SSO, MFA, PAM, and CIAM.

• Oversee directory services and federation platforms such as Active Directory, Azure AD, and cloud identity providers.

• Collaborate with implementation teams and vendors to configure and deploy IAM technologies that ensure security, scalability, and operational excellence.

If you meet below qualifications and are ready to take on a challenging role, we encourage you to apply.

• Minimum of 12+ years in information security consultancy, with a proven track record in Application security, DevSecOps integration, Vulnerability Management, Penetration testing and Digital Identity.

• Demonstrated expertise in developing and implementing security frameworks and policies that embed secure coding practices and automated security testing within complex, enterprise-level SDLC environments.

• Demonstrates a deep understanding of global security frameworks, including NIST, ISO 27001/27002, PCI-DSS, BOT and CIS Controls.

• Extensive experience in conducting large-scale security assessments, performance measurements, risk management, and security strategy development that align with organizational objectives.

• Relevant certifications such as CISSP, CISM, CRISC, OSCP, or equivalent are highly desirable.