מציאת משרת הייטק בחברות הטובות ביותר מעולם לא הייתה קלה יותר
The Info Sec Prof Senior Analyst is an intermediate level position responsible for leading efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy. The Suspicious Activity Management (SAM) is a regulatory Governance program which Identifies Critical Internet Facing Applications within CITI and make sure they are compliant within the Citi’s requirements and regulatory standards for monitoring and detecting suspicious activities. The SAM Analyst will rely on knowledge of Citi's SAM (Suspicious Activity Management) program to manage the assessment process and implementation of security Solutions for in-scope applications that require detective (category 1) and preventative (category 2) monitoring of online customer sessions at the application layer.Responsibilities:
Identify potential information security (IS) risks and make recommendations for enhancement
Collect and analyze security risk evidence and coordinate with internal and external compliance and auditing agencies / officials
Execute meetings and communicate complex security topics and safe IS practices with all levels of the organization
Ensure that controls are utilized daily and that non-compliance remediation is addressed
Provide IS consulting services, including interpreting and/or clarifying information security policy, procedures, standards or concepts
Assist with defining and implementing IS standards to align procedures and practices in compliance with Citi standards
Educate and advise on safe information security practices and current, changing, and/or recommended information security requirements
Validate compliance with IS policies, practices, and procedures, and resolve a variety of IS related issues in coordination with the business
Assume informal/formal mentorship role within teams and assist with the coaching and training of new team members
Has the ability to operate with a limited level of direct supervision.
Can exercise independence of judgement and autonomy.
Acts as SME to senior stakeholders and /or other team members.
Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
Drive application security assessments by analyzing the current application architecture to determine the nature of risk and requirements (exhaustive list of events and data elements) for onboarding on to SAM monitoring tools
Based on the SAM assessment advise the application team on the controls necessary to achieve SAM compliance and help build a plan for the same;
Qualifications:
3-5 years of relevant experience
Applicable Certifications(Security+, CISM, CRISC, CISSP)or willingness to earn within 12 months of joining
Consistently demonstrates clear and concise written and verbal communication
Proven influencing and relationship management skills
Proven analytical skills
Education:
Bachelor’s degree/University degree or equivalent experience
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
The Suspicious Activity Management (SAM) is a regulatory Governance program which Identifies Critical Internet Facing Applications within CITI and make sure they are compliant within the Citi’s requirements and regulatory standards for monitoring and detecting suspicious activities. The SAM Analyst will rely on knowledge of Citi's SAM (Suspicious Activity Management) program to manage the assessment process and implementation of security Solutions for in-scope applications that require detective (category 1) and preventative (category 2) monitoring of online customer sessions at the application layer.
As a SAM Analyst you will
Based upon FFIEC (Federal financial Institutions Examination Council) guidelines, develop and manage detective and preventative monitoring solution for online customer sessions, at the application layer, where there is either exposure of Confidential PII online and/or the existence of Payments and Transfer to non-linked accounts
Drive application security assessments by analyzing the current application architecture to determine the nature of risk and requirements (exhaustive list of events and data elements) for onboarding on to SAM monitoring tools
Based on the SAM assessment advise the application team on the controls necessary to achieve SAM compliance and help build a plan for the same;
As SME provide inputs for resolution of pending technical issues during SAM assessment and onboarding of in-scope applications on to monitoring tools for both Category 1 and 2;
Coordinate with Splunk onboarding team or CSAP (Citi Secure Authentication Platform) Operations team where data or applications need to be clarified or reviewed for additional clarification or updated status;
Extensive use of the SAM Tracker in Archer to archive status of compliance, actions, deliverables and to manage the queue for follow-up tasks;
Prepare slides for the weekly SAM(Suspicious Activity Management) Committee reviews as well as for other management, audit or regulatory reviews;
Prepare metrics and GISMR report to the senior management;
Provide businesses with full description of the SAM Program in as much detail as is necessary, when needed.
Ideal background
Bachelor’s or Master’s degree in Computer Science/Technology or related field, or
3-5 years of experience in IT Risk Management/Information Security specifically performing IT Risk Assessment for web applications/infrastructure;
3-5 years of experience in IT program management;
Thorough understanding of web application design and architecture as well as application and network level nomenclature and models, including Mobile technology channels, API’s, SDK’s, middleware, authentication protocols and more;
Thorough understanding of Software Development Lifecycle (SDLC) including Agile Methodology and Cloud sourcing;
Strong MS Excel and PowerPoint skills;
Experience in the use and knowledge of Archer is a bonus;
Financial services experience is strongly preferred; including familiarity with FFIEC guidelines (Authentication in an Internet Banking Environment);
A confident, dynamic individual capable of defining, building and matrix managing a global program across technology and business organizations in a constantly evolving global enterprise.
Time Type:
View the " " poster. View the .
View the .
View the
משרות נוספות שיכולות לעניין אותך