Security Solutions Architect (Hybrid)

Overview of the Role

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

USPB Cyber Security Architect

The Security Solutions Architect (SSA)  is a senior-level CISO professional and this position supports the US Personal Banking (USPB) segment.

A core responsibility for the SSA is to partner with the Enterprise Architecture team in CISO and the Solutions Architects in the USPB segment. The SSA works as a trusted security advisor to the USPB Application Development and Engineering teams to ensure solutions are developed in line with security requirements, architecture principals as well as policy/standards, and facilitate security-related discussions. The SSA will engage with stakeholders throughout the system development lifecycle to ensure proper technology information security risk considerations are addressed at each phase of the system development life cycle and provide proactive solutions to remediate or mitigate risk. The individual should demonstrate an understanding of application security and will exercise judgment within existing practices and policies.

You will join an experienced team of IS specialists that have been tasked with performing Is assessments including threat modeling and proposing technical controls for our business critical applications. You will work on some of the most cutting-edge technologies and provide value by solving real world problems. Your key stakeholders will be application development teams, product, the CISO, Risk and Control partners.

Responsibilities

• Plan, research, and design security architecture for IT systems and applications (internally developed as well as vendor supplied) for processing multiple classification levels of data on prem, and cloud.

• Determine the security controls for above, document appropriately and partner with IT architecture/development stakeholders to implement during early in system development life cycle

• Perform security architecture and risk assessment of internally developed or acquired IT systems and applications using best practices including threat modelling. Ensure that security design and controls are consistent with organization's security architecture principals.

• Provide security recommendations including automated controls, configurations on projects, processes, risk exceptions, corrective action plans, and risk reduction initiatives

• Collaborate with the internal and external technology teams to drive the development of strategies and plans for improving both architecture and application security

• Establish relationships with cross-functional areas including Business, Technology, and Compliance stakeholders and serve as a SECURITY subject-matter expert

• Promote awareness and provide consistent interpretation of security policy to technology and business teams

• Manage risk by analyzing the root cause of security issues, determining compensating controls, and driving remediation

• Support Global Information Security policies, standards, and initiatives development and implementation by representing in different Citi action groups such as Delegated Action Groups (DAG).

Qualifications:

• BS degree in Computer Science (or related Information Technology field)

• Good understanding of Information security domains such as Identity access management, Cryptography, Data protection, Application Vulnerability Assessment, Audit Logging/Monitoring, etc.

• 7+ years of Application Security and/or Information Security experience in areas of IT is required

• Experience as Security Architect or Application Architect with Security Knowledge is required

• Good knowledge of software development processes (SLDC/Agile/Iterative/DevOps)

• Good understanding of IT Security frameworks such as NIST SP-800, ISO 27001 required and Industry attestations like SWIFT CSP, target 2, CHAPs will be a plus

• Experience of delivering security solution architecture from end-to-end.

• Threat modelling using industry standard methodologies (e.g. STRIDE/DREAD)

• Experience developing Reference Security Architecture and Design Patterns to support proactive and automated controls

• Security architecture assessments for one or more IT systems such as Web, Mobile, APIs/Microservices, Cloud (AWS/GCP/Azure/Oracle)

• Strong knowledge of iOS & Android ecosystem with emphasis on security for mobile applications related to authentication / authorization (biometric emphasis), data protection, session management, data validation, and end point protections.

• Strong understanding of mobile payment systems and supporting ecosystems (i.e. Mastercard / Visa).

• Hands on experience with security controls to defend against mobile attack surface related to end point devices, network APIs/  Micro services, and network.

• Good understanding of mobile security trends and threats/vulnerabilities and corresponding risk analysis processes  and threat modelling techniques.

• Must be proficient in applying application security knowledge to improving security in software development phases such as requirements, test cases, assessment, remediation.

• Industry certification such as CISSP, CCSP, and other vendor certification are highly preferred

• Strong inter personnel skills and ability to influence outcomes in the collaborative environment

• Strong communication skills interacting with senior technology and business management

• Ability to prioritize in multi-task environment

• Strong problem solving/analytical skills

• Proficient in MS Office products, particularly PowerPoint & Excel

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Primary Location:

------------------------------------------------------

Primary Location Full Time Salary Range:

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Anticipated Posting Close Date:

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting