In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
Technical Information Security Officer (VP) is a senior level position responsible for driving efforts to prevent and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's security policy and standards and regulatory standards.
Ensure the technology SDLC compliance with Information security standards of the assigned set of application portfolios catering to a business stream
Acts as leader for the security of complex programs/projects for assigned portfolios
Support GISOs in managing delivery of global information security programs, KPIs and KRIs
Demonstrate effective people and organizational skills. Able to manage and direct a team of ISOs and influence management decision making.
Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
Ensure effective management of the IS programs including metrics to provide early and timely detection, reporting, escalation and remediation of Risks and unresolved issues
Direct the development and delivery of secure solutions by coordinating with business and technical contacts
Provides oversight to ensure IS processes and projects are completed in a timely manner.
Manage resolution of vulnerabilities or issues detected in an application or infrastructure
Where applicable analyze source code to mitigate identified weaknesses and vulnerabilities within the system
Review and validate automated testing results and prioritize actions that resolve issues based on overall risk
Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions
Scan and analyze applications with automated tools, and perform manual testing if necessary
Identify opportunities to automate and standardize information security controls and for the supported groups
12+ years of relevant experience with strong background in application development
Must have demonstrated ability to coach and lead cross functional team in the area of technology Information security. Proven influencing and relationship management skills
Must have strong experience with deep technical procedures, Security in Agile SDLC projects; Web, Mobile and API Development architecture/designs, Cloud and Containerization security, Ethical Hacking, and potentially with DevSecOps
Good understanding of Information security control areas such as Authentication/ Authorization/Access Control, Entitlement, Cryptography for applications (including web applications, mobile technology, and cloud) is a must.
Must have a strong knowledge in clear practical understanding of OWASP top 10 or CWE top 25 vulnerabilities and prevention strategies, strong applied Crypto/Key management knowledge, Interface Security, Application security (development and interfaces), SSL, HTTPS, VPNs.
Good understanding of JIRA and Agile concepts like Sprints, Scrum, Grooming, Epics, User stories, acceptance criteria, Tasks
Must be able to apply Risk management principles and balance IS priority
CISSP and CSSLP or SANS certifications are strongly desired
Self-motivated with the ability to work independently and as a team member with minimal direction;
Attitude to resolve problems working with multiple stakeholders and partners with proven analytical skills
Excellent written and verbal communication skills with the ability to effectively communicate with all levels.
Ability to build and maintain positive working relationships across project and control teams
Strong risk management and risk articulation skills.
Good project management and analytical skills with the ability to manage multiple priorities within targeted timeframes
Advanced proficiency with Microsoft Office tools and software
Bachelor's degree/University degree or equivalent experience
Job Family Group: Technology
Job Family: Information Security
Time Type: Full time
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .
View the " EEO is the Law " poster. View the EEO is the Law Supplement .