Information Security Officer Lead

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do. We keep the bank safe and provide the technical tools our workers need to be successful. We design our digital architecture and ensure our platforms provide a first-class customer experience. Our operations teams manage risk, resources, and program management. We focus on enterprise resiliency and business continuity. We develop, coordinate, and execute strategic operational plans. Essentially, Enterprise Operations & Technology reengineers client and partner processes to deliver excellence through secure, reliable, and controlled services.

Trust is part of our DNA at Citi. As such, we take safeguarding our customer data very seriously. The Chief Information Security Office (CISO) is made up of deeply dedicated and talented colleagues who work together to ensure the safety of Citi’s and our clients’ assets and information. We manage information security as an end-to-end program – one with a clear mandate and accountability. Our mission is to continually execute and enhance a global security program that is fully anchored to modern control and security frameworks, fully aligned with the technology of the firm, threat-focused and data-driven, and deeply integrated across all Citi businesses globally.

Being talent-driven, we are focused on attracting, developing, and retaining diverse and inclusive talent with a high technical skill level. As a member of our team, we will provide you with career development opportunities at all stages of your career. Our employees model a passion for protecting Citi and our clients and believe in treating others with dignity and respect.

Our commitment to diversity includes a workforce that represents the clients we serve globally from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

The Info Security Ops Group Mgr is a senior management level position responsible for accomplishing results through the management of a team or department in an effort to prevent, monitor and respond to information/data breaches and cyber-attacks.The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

Responsibilities:

• Establish relationships with cross-functional areas including Business, Technology, and Compliance stakeholders and serve as a security subject-matter expert
• Promote awareness and provide consistent interpretation of security policy/standards/processes to business and technology teams
• Develop threat models, document risks, and develop corrective action plans
• Define secure application configurations and review development projects within Citi’s secure SDLC process to make actionable recommendations that enhance security
• Provide security development and testing requirements to the project teams on multiple concurrent agile and waterfall projects
• Work with business and technology teams to drive risk remediation
• Conduct and facilitate security reviews in conjunction with other subject matter experts by monitoring changes in the risk profile and exposure for SaaS and other technology platforms.
• Monitor vulnerability assessments and ethical hacks, ensuring that issues are addressed
• Partner with applicable stakeholders to ensure application security assessments, including vulnerability assessments, are completed and issues are remediated in a timely manner
• Provide expertise in technological controls such as encryption, access, and secure server and desktop configurations to implement effective security solutions
• Serve as a contact to report suspected or actual breach of confidentiality, integrity, or availability of Citi information
• Manage risk by analyzing the root cause of security issues, determining compensating controls, and driving remediation
• Perform security risk assessments
• Support Global Information Security policies, standards, and initiatives development and implementation. 
• Communicate effectively with the business, technology, and others within the security organization

Qualifications:

• 7+ years experience in information security with a broad understanding of information security disciplines and domains
• 3+ years of security leadership experience
• Experience with application security and cloud security
• Knowledge of software development processes (SDLC/Agile/Iterative/DevOps)
• Experience identifying security threats in technology environments (web applications, cloud, mainframe, databases, mobile)
• Experience threat modeling using industry standard methodologies
• Strong problem solving, analytical skills, and attention to detail
• Strong inter-personal skills and ability to influence outcomes in a collaborative environment
• Strong oral and written communication skills interacting with business and technology stakeholders
• Ability to prioritize in a fast-paced environment and rapidly learn new security concepts/technologies
• Ability to work across different time zones in a global organization

Below Skills/Experience is Desired

• Previous experience working as an ISO
• Experience working in a highly regulated environment preferred (e.g.  Financial Services)
• Degree in Cyber Security, Computer Engineering, or Computer Science
• Security Certification preferred (CISSP, CCSP)
• Previous application development experience

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned, as required.

This position is required to work in the office at least three days each week.

About Citi

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

Additional information may be found at www.citigroup.com | Twitter: @Citi | YouTube: www.youtube.com/citi | Blog: http://blog.citigroup.com | Facebook: www.facebook.com/citi | LinkedIn: www.linkedin.com/company/citi.

-------------------------------------------------

Job Family Group:

Technology

-------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting