Vice President, Info Sec Tech Lead Analyst - C13 - JACKSONVILLE

Overview of the Organization:

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and, in our clients’, best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

Overview of the Role:

As the Information Security Officer (ISO), you will be the technical subject matter expert for all information security and cyber efforts in Business, Functions and Technology (BFT) Information Security Office. The ISO needs to understand the latest in Public and Private Cloud, Threat Modeling, Mobile, Big Data and AI technologies to help deliver and support our IS strategy. Your primary responsibility is to perform application information security risk assessments and to ensure applications comply with Citi and Regulatory needs. Knowledge of regulations that governs that space and drive initiatives that reduce risk is necessary. The ability to build coalition and partnership between the engineering, application, product, support, Risk and Control teams is integral for success.

The ISO will work with the system development areas to ensure proper technology risk considerations are address at each phase of the system development life cycle and provide initiative-taking solutions to correct exposures or mitigate risk. Interpret security standards, procedures, and guidelines for multiple platforms and diverse environments (e.g., client server, distributed, mainframe, etc.) in designing solutions, recommending enhancements, or defining mitigating controls to existing systems. The individual should demonstrate an understanding of application security and will exercise judgment within existing practices and policies. Excellent communication skills required to negotiate internally, often at a senior level. Developed communication and diplomacy skills are required to guide, influence, and convince others, in particular colleagues in other areas and occasional external customers. Necessitates a degree of responsibility over technical strategy.

Responsibilities:

• Perform information security risk assessment on new applications and changes to existing applications.
• Consult on Public & Pvt Cloud.
• Perform Threat Modeling, as needed.
• Reports IS gaps to Technology teams as applicable with appropriate recommendations.
• Create corrective action plans for non-compliant issues working with application development team.
• Recommend security solutions according to Security Policy and Practices established by Citigroup.
• Promote awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to IT.
• Establish and maintain relationships with domain architects, project managers, and others within the technology development unit.

Skills:

• Application Security risk assessment experience is desirable.
• Good understanding of the Information control areas including Authentication, Authorization, Access Control, auditing, cryptography for applications.
• Knowledge of OWASP Guidelines for Application
• Knowledge of software development processes, integration of security assessments in SDLC process, secure coding is desirable.
• Knowledge of Threat Modeling
• Experience with vulnerability assessment and related risk assessment tools and/or application development experience is a plus.
• Proficient in MS Office products, particularly PowerPoint & Excel.
• Exhibit strong influencing / negotiation skills as well as written/verbal communication skills.
• Should be well versed in Tech Risk policies, requirements, standards, patterns and be able to provide base level security services to clients.
• Ability to engage in deep technical discussions with other Engineering groups, as well as ability to convey the same concepts and issues at an elevated level to senior leadership.
• Ability to execute technical responsibilities, including, Design / Architecture reviews, Code / Configuration reviews and vulnerability assessment.
• Familiarity with cyber security frameworks, include NIST.
• Demonstrated excellence in analytical, presentation, and communication skills, as well as influencing broad technical discussions and decisions, across all levels.
• 5-10 years of Information Security Knowledge of Information Security, IT Risks and Controls assessment

Education Level

• BS degree in Information Security/Computer Science/Electrical, Mechanical Engineering /Information Technology. An advanced degree in a relevant business area is a positive.
• Professional certifications, such as CISSP and CSSLP, or willingness to obtain certification within 12-18 months of start date.

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Primary Location:

------------------------------------------------------

Primary Location Full Time Salary Range:

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Most Relevant Skills

------------------------------------------------------

Other Relevant Skills

------------------------------------------------------

Anticipated Posting Close Date:

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.