Citi Group Senior Vice President Security Architect 

United States, Florida, Fort Lauderdale 

359979771

Overview of the Organization:

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

Overview of Chief Information Security Office (CISO):

The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.

Overview of the Role:

The Security Architect is a senior level CISO professional that supports Enterprise Security Architecture across the organization. The Security Architect works as a trusted advisor to Application Development, Engineering and Operations teams to establish security requirements, design reference architectures, evaluate new technology, reduce the attack surface and mitigate risk to the company. This position is a cross functional role that requires excellent communications skills, ability to lead high visibility initiatives, manage stakeholders with competing priorities and ability to provide subject matter expertise in the Cyber Security Architecture and Engineering domain with a focus on Application Security and Vulnerability Management.

Responsibilities:

• Define architecture vision for Application Security and Vulnerability Management
• Develop security architecture, strategy, planning, and problem-solving IT solutions including emerging technologies for processing data on prem, and cloud.
• Evaluate, design and architect security systems to protect Citi's most critical applications and APIs.

• Perform security architecture and risk assessment of internally developed, and vendor IT systems and applications leveraging best practices including threat modelling. Ensure that security design and controls are consistent with organization's security architecture principals.

• Develop strategies and security controls partnering with IT architecture/development stakeholders to implement during early in system development life cycle.
• Ensure that security architectures are resilient, reliable, and scalable.
• Provide security recommendations including automated controls, security configurations and advise on strategies as well as compensating controls to manage risk to acceptable tolerance levels.
• Perform root cause analysis, identify thematic security architecture improvements, and create security patterns as well as frameworks that can accelerate faster secure delivery of products to market.
• Influence Global Information Security policies, standards, and program leveraging subject matter knowledge, as well as industry partnerships.
• Establish relationships with cross-functional areas including Business, Technology, and Compliance stakeholders and serve as a security subject-matter expert.
• Interfaces with vendors to assess their technology and to guide their product roadmap based on Citi requirements.
• Impacts the technology function through contribution to technical direction and strategic decisions.
• Uses developed communication skills to negotiate and often at higher levels.

Qualifications:

• Experience developing Reference Security Architecture and Design Patterns to support proactive and automated controls.
• Sound understanding of Information security domains: Application Security, Vulnerability Management, Identity access management, Cryptography, Data protection, Infrastructure Defense, Security Operations, etc.
• Experience with security frameworks and standards (e.g. TOGAF, SABSA, MITRE ATT&CK, NIST 800-53, ISO 27001),
• 10+ years as Security Architect or within a similar capacity
• Knowledge of software development processes (SLDC/Agile/Iterative/DevOps)
• Threat modelling using industry standard methodologies (e.g. STRIDE/DREAD/MITRE)
• Experience of security architecture/engineering with one or more IT systems such as
  • Cloud (e.g. AWS/GCP/Azure)
  • Containerization and Virtualization technologies such as Kubernetes (OpenShift, AWS EKS, Google GKS)
  • API Gateway technologies such as Apigee, Kong and AWS API Gateway.
  • Enterprise Web and Mobile applications
  • Authentication security patterns involving OpenID connect, OAuth, SAML, Kerberos, etc
  • Application Security Testing (SAST/DAST/SCA, etc)
  • Vulnerability Scanning & Management, Penetration Testing, Red Teaming

Highly Desired:

• Software development experience is a plus.
• Strong inter personnel skills and ability to influence outcomes in the collaborative environment.
• Strong communication skills interacting with senior technology and business management.
• Consistently demonstrates clear and concise written and verbal communication.
• Management and prioritization skills
• Ability to manage multiple activities and changing priorities.
• Ability to work under pressure and to meet tight deadlines.
• Self-starter with ability to take the initiative and master new tasks quickly.
• Methodical, attention to detail

• Bachelor degree, Masters preferred, or equivalent experience.

• Industry standard security certifications is a plus (e.g. ISACA, ISC2, CSPs)

Anticipated Posting Close Date:

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review .

View the " " poster. View the .

View the .

View the