The Info Security Tech Sr Analyst is an intermediate level position responsible for leading efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.Responsibilities:
- Provide BAU support for secrets management applications like CyberArk, HashiCorp Vault.
- Collaborate with various internal and external stakeholders/support teams as required to support the application and business needs.
- Work with client applications to provide integration/onboarding guidance.
- Facilitate security assessments and collaborate on remediation with involved support teams to ensure safety and soundness.
- Document the product, process, and work with L1/2 teams to provide day to day BAU support for customer reporter issues.
- Perform BAU validations and work with support teams on automation of manual tasks.
- Be responsible to assess the risk and associated impact of all operational issues and change events and react quickly to escalate to technology management in a timely manner when required.
- Provide on-call support in rotation as required.
- Gather requirements and provide walkthroughs to businesses on usage of various SDKs and API services available for integration with Secrets/Identity and Access Management applications.
Critical Competencies:
- CyberArk, HashiCorp Vault experience will be a big plus.
- Basic experience working with one or more of these scripting languages – Python, Unix Shell, Perl & PowerShell scripting.
- Experience with one or more server operating system like Linux, Windows.
- Experience/basic understanding of CHEF, Ansible, CI/CD.
- Basic understanding of virtualization concepts and technologies such as VMware.
- Basic experience with one or more cloud providers such as AWS, GCP, AZURE.
- Understanding of containers and associated technologies like Kubernetes/OpenShift.
- Excellent written and verbal communication skills
- Ability to work across all levels of the organization.
- Must have good analytical skills
- Strong customer and quality-focus
- Sound problem resolution, judgment, and decision-making skills
- Ability to work well individually and as part of a team
- Assist Security Incident Response Teams with incident investigations and aid in technical risk assessments
- Coordinate with system development and infrastructure units to identify Information Security (IS) risks and the appropriate controls for development, day-to-day operation, and emerging technologies
- Perform regular assessments based on changes in the threat landscape
- Monitor vulnerability assessments and ethical hacks, ensuring that issues are addressed for the applications that they support
- Provide information security support with related activities during systems development (e.g. authentication, encryption)
- Identify and develop new and improved technical procedures and process control manuals
- Identify significant IS threats and vulnerabilities
- Assume informal/formal mentorship role within teams and assist with the coaching and training of new team members
- Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
Qualifications:
- 8 years of relevant experience
- Consistently demonstrates clear and concise written and verbal communication
- Any trainings/certifications in Cybersecurity will be considered a plus.
- Proven influencing and relationship management skills
- Proven analytical skills
Education:
- Bachelor’s degree/University degree or equivalent experience
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
Information Security
Time Type:
Full timeView the " " poster. View the .
View the .
View the