Lead Information Security Officer

About Citi:

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

Overview of Chief Information Security Office (CISO):

The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.

Overview of the Role:

We're looking for a Lead Information Security Officer to join Citi's expanding Wealth cybersecurity team and build the future of secure software.The Lead Information Security Officer will be responsible for protecting Citi's information assets by collaborating with business and technology teams to assess and mitigate risks, manage security incidents, and ensure compliance with security policies, standards, and regulations mandated by the CISO Organization. This includes driving the information security program, improving application and architecture security, providing risk guidance on projects, conducting security reviews and exercises, defining secure configurations, and overseeing security assessments across applications, infrastructure, and business processes, ensuring any non-compliant items are resolved. The officer will also contribute to technical strategy, participate in application selection, and provide security awareness training.

Responsibilities:

• Work directly with business, functions and technology units and relevant stakeholders to facilitate/ perform Citi’s IS risk assessment and risk management processes in order to protect information assets

• Work with business and technology management to drive the information security program and information risk management activities

• Work with the internal Applications Development function to drive the development of strategies and plans for improving both architecture and application security

• Provide strategic risk guidance for business and technology projects, including the evaluation and recommendation of security controls and corrective actions to mitigate or remediate risks

• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation

• Conduct and facilitate security reviews and table-top/red-team/scenario analysis exercises in conjunction with other Subject Matter Experts by monitoring changes in the risk profile and exposure for the application

• Define secure configurations leveraging technical knowledge and problem solving skills in the network, database, API, Mobile and Web technology areas in accordance with the secure process and develop functional specifications and documentation

• Assist with responsibilities over the technical strategy for an area, technical integrity of process, operations, and associated results

• Participate in the evaluation and selection of applications and systems with specific focus on IS implications

• Participate/provide, as required, IS awareness training programs for employees, contractors and approved system users.

• Facilitate compliance with all Information Security policies, standards and regulations / directives as mandated by Global CISO Organization

• Provide oversight of Information Security Assessments across applications, infrastructure and business process. Ensure non-compliant items are resolved through coordination with Business Manager and business staff

Qualifications:

• 10+ years of proven professional experience as an Information Security Officer or Security Engineer, including secure system design and development.

• 4+ years of hands-on experience focused on Cybersecurity, Application Security, or DevSecOps.

• Proficiency in one or more programming languages (Java, Python, JavaScript, Go, etc.).

• Deep understanding of Secure Coding Practices, OWASP Top 10, and Common Software Vulnerabilities.

• Experience with DevSecOps toolchains and CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab, Azure DevOps).

• Strong understanding of cloud security (AWS, GCP, or Azure), API security, and Identity & Access Management (IAM).

• In-depth understanding of secure architecture patterns and infrastructure-as-code security.

• Excellent problem-solving, communication, and collaboration skills.

• Demonstrated ability to take ownership and follow up on issues

• Demonstrated ability to work in a team while working well under pressure to meet tight deadlines

• Consistently demonstrates clear and concise written and verbal communication

• Proficient in interpreting and applying policies, standards and procedures

• Demonstrated ability to remain unbiased in a diverse working environment

• Ability to manage multiple activities and changing priorities

• Self-starter with ability to take the initiative and master new tasks quickly

• Experience with threat modeling and risk assessments is a plus.

• Experience working with SaaS and/or Public Cloud is a plus

Education:

• Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or related field.

• Master’s degree preferred

• Technical certifications preferred e.g., CISSP, or any Public Cloud related certifications (AWS, GCP, Azure/M365)

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Primary Location:

------------------------------------------------------

Primary Location Full Time Salary Range:

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Most Relevant Skills

------------------------------------------------------

Other Relevant Skills

------------------------------------------------------

Anticipated Posting Close Date:

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.