The ICG Technology Information Security Team is responsible for managing risk and providing controls and compliance guidance and support to Technology Development Units by ensuring compliance with Citi standards, policies, and procedures, liaising with internal and external auditors. The Senior Technology Information Security Officer (Sr. TISO) will have strong technical acumen and should establish relationships with Information Security officers, domain architects, project managers and other disciplines within the Application Technology units. The Sr. TISO will be a focal point for ensuring that there is a strong Information Security environment as well as ensuring applications, or systems, deployed in support of a business provide a level of protection appropriate to the class of information managed in those systems.
Work directly with IT development units and relevant stakeholders (e.g. Technology Mgmt) to facilitate the execution of Citi's IS risk assessment and risk management processes
Perform IS assessments, in conjunction with Sr. Application Security Architect, for key business applications to determine the appropriate technical/process solutions are in place to protect assets.
Work with business and technology management to drive the information security program and information risk management activities
Provide strategic risk guidance for business and technology projects, including the evaluation and recommendation of IS controls.
Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
Leadership and management, including hiring, training, staff development, and performance management of IS staff (e.g. TISOs).
Participate/provide, as required, IS awareness training programs for employees, contractors and approved system users.
Reporting and Governance Responsibilities
Compile data and prepare application IS risks reports for management
Analysis and identification of potential non-compliance issues
Monitor progress of corrective action plans and risk exceptions
Lead and /or contribute to ad-hoc requests and projects as required
Act as subject matter expert on Application Information Security topics during Audit meetings
Identify opportunities for process improvement
Alignment of processes across regions and globally, where possible
Participation in Corporate and ICG-level working groups
10+ years in Information Technology and/or Information Security as Security Architect or Application Architect with Security knowledge and skill
BS degree in Information Security/ Computer Science/Electronics and Engineering /Information Technology
Industry certification such as CISSP, CISM
Experience in research and development. Understanding of information security and risk analysis processes (e.g. threat modeling)
Self-motivated with the ability to work independently and as a team member with minimal direction
Excellent writing and interpersonal skills
Strong knowledge of software development/deployment methodologies in web/mobile based environments.
Strong knowledge of software security for web and mobile applications
Thorough understanding of industry and corporate technology standards for Information Security
Strong judgment and decision-making skills
Excellent skills in preparing and present strategies, recommendations, and value propositions to senior leadership teams
Job Family Group: Technology
Job Family: Information Security
Time Type: Full time
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .
View the " EEO is the Law " poster. View the EEO is the Law Supplement .