Application Information Security Risk Posture (ISRP) Operations Lead

We are building a new, dynamic Application Information Security Risk Posture (ISRP) Operations team within our global Security Assessments organization. As the lead for this team, you will play a pivotal role in establishing and driving the application security assessment program across our enterprise. This critical C14 role requires a highly experienced and driven leader to define, implement, and manage the processes for assessing the security posture of both internal and third-party applications and will collaborate closely with application development teams, technology architects, risk stakeholders, and other cybersecurity functions to ensure that applications are designed, developed, and deployed securely, adhering to Security Assessments standards, policies and regulatory requirements. This is a unique opportunity to shape the future of application security within our organization.

Key Responsibilities:

• Establish and Lead the Application ISRP Operations Team: Build and manage a high-performing team of application security assessors. Provide mentorship, coaching, and technical leadership to team members. Define roles, responsibilities, and performance expectations.
• Work with Security Assessments Leads to define and Implement the Application Security Assessment Program: Develop and implement comprehensive methodologies, processes, and standards for assessing the security posture of internal and third-party applications. 
• Lead Application Security Assessments: Oversee the end-to-end planning, coordination, and execution of application security assessments across a diverse portfolio of applications.
• Conduct detailed technical security reviews and risk assessments in collaboration with cybersecurity, development and infrastructure teams. Cybersecurity will cover relevant CISO teams such as ISO and threat modelling
• Analyze Security Testing Results: Interpret results from dynamic and static application security testing (DAST/SAST) tools, manual reviews, and other scanning technologies to provide actionable guidance.
• Drive Remediation Efforts: Champion security remediation efforts and provide expert security advisory throughout the software development lifecycle (SDLC). Collaborate with application development teams to prioritize and address identified vulnerabilities.
• Develop and Enhance Security Assessment Practices: Continuously improve and refine security assessment methodologies, templates, reporting standards, and tools to ensure alignment with industry best practices and evolving threats.
• Maintain Awareness of Emerging Threats: Stay abreast of emerging application security threats and technologies, and proactively integrate relevant insights into the assessment process.
• Ensure Regulatory Compliance: Collaborate with cybersecurity governance, compliance, governance and audit functions to ensure adherence to internal controls, external regulations, and industry standards.
• Communicate Risk Posture: Present findings and risk posture summaries to technology stakeholders, senior management, and other key stakeholders, clearly articulating potential risks and recommending appropriate mitigation strategies.

Qualifications:

• Bachelor's or Master's degree in Computer Science, Information Security, or a related discipline.
• 10+ years of experience in information security, with at least 6 years specifically in application security assessments and leading security teams.
• Deep understanding of web and mobile application architectures, common vulnerabilities (e.g., OWASP Top 10), and secure coding practices.
• Strong familiarity with DevSecOps integration and secure CI/CD pipelines.
• Comprehensive knowledge of regulatory frameworks and standards (e.g., FFIEC, MAS TRM, ISO 27001, NIST).
• Relevant certifications such as CISSP, CSSLP, OSWE, or GIAC GWAPT are highly preferred.
• Exceptional communication, stakeholder engagement, presentation, and reporting skills.
• Proven leadership experience in building and managing high-performing security teams.

What we can offer you:

By joining Citi Hungary, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive compensation package and enjoy a whole host of additional benefits that support you (and your family) to be well, live well and save well:

• Cafeteria Program
• Home Office Allowance (for colleagues working in hybrid work models)
• Paid Parental Leave Program (maternity and paternity leave)
• Private Medical Care Program and onsite medical rooms at our offices
• Pension Plan Contribution to voluntary pension fund
• Group Life Insurance
• Employee Assistance Program
• Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
• Flexible work arrangements to support you in managing work - life balance
• Career progression opportunities across geographies and business lines
• Socially active employee communities with diverse networking opportunities

Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self every day.  We want the best talent around the world to be energized to join us, motivated to stay, and empowered to thrive. 

Sounds like Citi has everything you need?

Then apply to discover the true extent of your capabilities.

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Most Relevant Skills

------------------------------------------------------

Other Relevant Skills

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.