Info Security Prof Group Mgr
§ Manages IS risk during the development of new products and applications, ensuring that risks are mitigated during the development process
§ Manage escalations across product lines and work collaboratively with stakeholders while ensuring information security risks are managed.
§ Lead information security solution, process and risk discussions with Consumer Technology management, Audit and other key stakeholders in region and global.
§ Drive go to green roadmap for key information security metrics.
§ In partnership with Application group leads, works to ensure that specified Citi technical IS controls are properly embedded in application portfolios and that the remediations of identified non-compliance issues are documented and/or addressed.
§ Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
§ Provides oversight to ensure IS processes and projects are completed in a timely manner.
§ Facilitates the implementation of approved tools and identifies innovative and enhanced security solutions / emerging technologies (identity management, access control, confidentiality and security administration) for CTI review and certification.
§ Engages SME, or other senior ISOs when additional business knowledge is required. Establishes and maintains relationships with tech product leads, project management leads, and TISOs to provide technical IS expertise when needed.
§ Manages risk by analyzing the root cause of issues, impact to technology, and required corrective actions. Ensure effective management of the IS programs including metrics to provide early and timely detection, reporting, escalation and remediation of Risks and unresolved issues
§ Demonstrates deep understanding with technological controls such as authentication, authorization, encryption and related technologies Leadership Responsibilities:
§ Manages one or more ISO teams for multiple IT / business areas. Demonstrate effective people and organizational skills. Able to manage and direct a team of ISOs and influence management decision making.
§ Persuades and influences others through strong interpersonal skills; may negotiate with external parties.
§ Contributes to the review and enhancement to Citi's IS security standards.
§ Demonstrates knowledge of globally accepted IS principles.
§ Contributes information on direct reports' performance and makes decisions on pay increases, hiring, promotions, terminations, and other personnel actions. Skills:
§ 12+ years of Information/Cyber Security experience with strong background in application development
§ 3+ years of people management / leading a team experience.
§ Must have demonstrated ability to coach and lead cross functional team in the area of technology Information security.
§ Proven influencing and relationship management skills are a must
§ Ability to lead difficult discussions with senior stakeholders across various groups and drive information security priorities.
§ Must have strong experience with deep technical procedures, Security in Agile SDLC projects; Web, Mobile and API Development architecture/designs, Cloud and Containerization security, Ethical Hacking, and potentially with DevSecOps
§ Good understanding of Information security control areas such as Authentication/ Authorization/Access Control, Entitlement, Cryptography for applications (including web applications, mobile technology, and cloud) is a must.
§ Must have a strong knowledge in clear practical understanding of OWASP top 10 or CWE top 25 vulnerabilities and prevention strategies, strong applied Crypto/Key management knowledge, Interface Security, Application security (development and interfaces), SSL, HTTPS, VPNs. Job Family Group:
Technology Job Family:
Information Security Time Type:
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi
View the " EEO is the Law
" poster. View the EEO is the Law Supplement
View the EEO Policy Statement
View the Pay Transparency Posting