Cyber Security Services part of Chief Information Security Office provides end-to-end governance for key Information Security programs, standards and technologies associated with Infrastructure Defense, Data Security, Identity & Access Management, Cloud Security and DevSecOps
This position requires a strong leadership and prior management experience in operating a full-featured Cyber Security Services using a wide variety of security tools for a large-scale global enterprise environment. This role requires a highly motivated candidate who possesses a strong leadership background and the ability to manage a diverse team of cyber security services analysts in a 24x7x365 operating model, responsible for plan, build and operations of cyber security technologies of a large-scale network.
The successful candidate reports to the Global Head Cyber Security Services and regional CISO.
A fine balance between technical, business and leadership skills is a key to provide overall governance for cyber security service function including but not limited to :
Strategic planning of technologies, standards & process addressing emerging regional cyber & information security risk.
Plan, Build, Execute & Operate action plans in close collaboration with regional stakeholders for deployment of new cyber security controls and/or enhancement of existing controls.
Organization Safety & Soundness - governance over change, incident & problem management
Risk Management - assessing and addressing gaps with control design & implementation under defined corrective action plans.
Stakeholder management - Partner/ collaborate with regional / global business and technologies stakeholders on deployment of cyber security technologies; ensuring defined business objectives are met.
Solid Interpersonal Skills - communication skills, including the ability to write and verbally articulate industry terminology to successfully brief management staff.
To best perform this role the candidate will be required to stay up to date with emerging information & cyber risk landscape (including regulatory) which is a must for planning, implementing & operating controls ( process & technology). The ideal candidate will be a technically experienced and innovative security professional who has the ability and experience to lead a team of security professionals and execute broad security goals within a global team. Candidates should be experienced in coaching team members at all levels (analyst, team lead, manager).
High level responsibilities :
Regional APAC point of contact for Cyber Security Services function.
Govern deployment of next generation cyber risk management program for the region.
Collaborate with Citi's incident management function (including security) for plan, build, operations of security controls.
Review and maintain up-to-date security policies, standards and guidelines, while oversee the training, and dissemination of those documents.
Work closely with regional business and global CISO leadership to identify implement process changes, improvements and efficiencies and ensure solid security practices.
Govern financial & workforce planning aspect for APAC Cyber Security Services.
Closely track technology stack remediation efforts including vulnerability management, end of life and vendor support.
Collaborate with sector / business risk & controls teams to address internal / external audits issues.
Closely work with Cyber Security Operations for enhancement and deployments of cyber security technologies and associated uses cases.
Support audits / inspections including timely deliverables and walkthroughs.
Execute cyber security services processes, identify, and measure key indicators and continually improve the efficiency and effectiveness of all core services in scope. Oversee the development and maintenance of standard procedures.
Lead the regional cyber security services organization, which includes hiring, staff development, performance management, diversity, equity, and inclusion.
Provide security expertise / advise to stakeholders.
Desired Skills and Experience :
Experience with the selection, implementation, and management of enterprise security technologies, including but not limited to SIEM, anti-virus, anti-malware, Data Leakage Prevention, Intrusion Detection / Prevention System, vulnerability scanners, firewalls, proxy, identity & access management, network access controls, configuration management, and encryption is a must.
Global financial institution Cyber Security Services experience in mid to senior level management is required.
Experience with managing 24x7 Cyber Security Services.
Experience in management major incidents including post mortem analysis.
Experience in governing defined business SLA and managing Key Indicators.
Experience with leading the development, implementation, and management of processes that ensure security countermeasures and monitoring are effective and sustained on all applicable systems.
Experience with leading the development, implementation, and management of incident response plans and response activities.
Experience working with log management, security monitoring, vulnerability management and security incident/event management, identity & access management tools
Proven leadership, communication, issue resolution and performance management skills
Travel requirements ~15% that would include team offsite meetings, training and presentations.
Candidate should have strong communication skills and exhibit a professional demeanor.
Ability and willingness to think outside of the box to find creative and innovative solutions to reduce costs with a minimal impact on reliability.
Excellent project management skills, ability to work in a fast-paced and hectic work environment, ability to prioritize tasks effectively; and an ability to work seamlessly across organizational boundaries.
Must be flexible in outlook and attitude.
Excellent Presentation skills and ability to present to senior management.
Excellent planning/time management skills.
Excellent client-facing skills.
Very good understanding of the compromises between reliability, efficiency and cost.
15+ years of experience in information/ cyber security engineering or operations.
Certifications: CISSP, CISM, CRISC, CGEIT, CDPSE, GCIH or similar certification preferable.
Self-motivated and goal-oriented with the ability to seize the initiative, garner consensus and develop and implement an effective strategy. Demonstrates a high level of analytical rigor in formulating strategies, goals and measuring results. Sense of urgency in implementing programs and evaluating priorities; decisive, action-oriented and practical. Willingness to challenge and question the status quo, making recommendations for options and best solutions.
Demonstrated strategic thinking skills. Organizationally astute, with influencing, collaboration and communication skills. Personal presence, intellect, energy and drive to succeed in a high-performance environment. Able to analyze and think through highly complex issues, but then appropriate execute and implement against a well thought through framework in a seamless manner. A global citizen who is comfortable in all geographies, regions and cultures. Able to adapt his/her style to suit the different needs of any audience.
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
Job Family Group: Technology
Job Family: Information Security
Time Type: Full time
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .
View the " EEO is the Law " poster. View the EEO is the Law Supplement .