Citi Group ISO - Cybersecurity SME VP C13 

United States, Florida, Jacksonville 

515575611

ISO - Cybersecurity SMEis a highly technical ISO position that works with multiple technology development areas to ensure proper technology risk considerations are addressed at each phase of the systems/software development life cycle, while providing proactive solutions to correct exposures and/or mitigate risk. The ideal individual should demonstrate a strong understanding of application and infrastructure security to most effectively exercise judgment in alignment to existing practices and policies.

Excellent enterprise communication skills are critical to the's success in effectively negotiating internally often at a senior level. These well-developed communication and diplomacy skills are required to best guide and influence colleagues most often, and occasionally the external customers. This role necessitates a degree of responsibility over technical strategy.

Responsibilities

• Perform Information Security (IS) Risk Assessment on new applications and changes to existing applications
• Reports IS gaps to Technology teams as applicable with appropriate recommendations
• Interpret and communicate security standards, procedures, and guidelines for multiple platforms and diverse environments (e.g., client server, distributed, mainframe, etc.) around designing solutions, recommending enhancements, or defining mitigating controls to existing systems
• Create corrective action plans (CAPs) for non-compliant issues working with application development team
• Recommend security solutions according to Security Policy and Practices established by Citigroup
• Consult on AI, Cloud, and Mobile initiatives
• Promote awareness of current policies and standards including revisions and developments to provide consistent interpretation of policy to IT
• Establish and maintain relationships with domain architects, project managers, and others within the technology development unit
• Support and facilitate Threat Modeling assessments as needed

Qualifications

• 5+ years' experience working in Information Security, Technology Risk, IT Risk and Controls with 3+ years' experience working with Cybersecurity teams or products
• Must be well-versed in Technology Risk policies, requirements, standards, patterns and be able to provide base level security services to clients
• Familiarity with cyber security frameworks (e.g., NIST, ISO/IEC 27001, SOC2, etc.)
• Strong understanding of software development processes, integration of security assessments in SDLC process, secure coding isrequired
• Knowledge of Threat Modeling, OWASP Guidelines and other related cybersecurity processes
• Experience in Application Security risk assessments is highly preferred
• Strong understanding of the Information control areas including Authentication, Authorization, Access Control, auditing, cryptography for applications is highly preferred
• Experience with vulnerability assessment and related risk assessment tools and/or application development experience is a plus
• Proficient in MS Office products, particularly PowerPoint & Excel
• Exhibit strong influencing and negotiation skills via excellent written and verbal communication skills
• Ability to engage in deep technical discussions with other Engineering groups, while translating the same concepts and issues at an elevated level to senior leadership and less-technical stakeholders
• Ability to execute technical responsibilities including Design, Architecture reviews, Code/Configuration reviews and vulnerability assessment independently or in collaboration with technical teams
• Demonstrated excellence in analytical, presentation, and communication skills, as well as influencing broad technical discussions and decisions, across all levels

Education

• Bachelor's degree in Information Security, Computer Science, Electrical/Mechanical Engineering, Information Technology/other related field or equivalent experience required
• Professional certifications (e.g., CISSP, CSSLP, etc.) are a plus or must be willing to obtain certification within 12-18 months of the start date

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Anticipated Posting Close Date: