The point where experts and best companies meet
Share
Responsibilities:
Work within a dedicated security engineering function that accelerates and delivers creative and secure capabilities to unlock the value of Gen AI
Perform security assessments including threat modelling and security integration of Gen AI platforms and business solutions.Ensure that security design and controls areconsistent with organization's security architecture principals.
Perform model input and output security including prompt injection and security assurance
Provide thought leadership and creativity to mature Gen AI security governance embedding into our existing cyber security risk appetite framework
Build internal and external networks to ensure alignment across programs, industry best practices, and to maintain current knowledge regarding cybersecurity threats and risks. Communicate with peers, regulators, law enforcement etc., when necessary.
Understand the current external threat environment and advise relevant stakeholders on the appropriate courses of action, promoting security as an enabler for business innovation and digitization, including the evaluation and recommendation of technical controls. Leverage threat intelligence to enhance engineering and operations
Identify, assess, track and report on security issues identified in supplier/third-party due diligence processes, self-assessments, architectural reviews, application testing, vulnerability scans, bug bounty programs, penetration testing, change management, cyber exercises, reviews and audits. Technically advise stakeholders on recommendations andremediation/mitigationplans.
Ideate and leverage Gen AI to solve cybersecurity problems at scale for Citi
Support Global Information Security policies, standards, and initiatives development and implementation by representing in different Citi action groups such as Delegated Action Groups (DAG).
Partner with CISO engineering and Gen AI engineering organizations, directly embedded, in both leading and supporting capacities
Serve as a technology subject matter expert for internal and external stakeholders and provide direction for all firm mandated controls and compliance initiatives, all projects within the group and in creating a technology domain roadmap
Ensure that all integration of functions meet business goals
Define necessary system enhancements to deploy new products and process enhancements
Recommend product customization for system integration
Identify problem causality, business impact and root causes
Exhibit knowledge of how own specialty area contributes to the business and apply knowledge of competitors, products and services
Advise or mentor junior team members
Impact the engineering function by influencing decisions through advice, counsel or facilitating services
Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
Qualifications:
6+ years of Information Security experience in areas ofInformation/ApplicationSecurity
5+ years of Software engineering and/or Software Development experience is required
Good understanding of Application Security and Data Security , Generative AI , Machine Learning or Data Science
Demonstrated knowledge of Software Development Processes
Experience of delivering end-to-end Security Solution Architecture .
Threat Modelling using industry standard methodologies (e.g. STRIDE/DREAD )
Security Architecture Assessments for one or more IT systems such as Web , Mobile , APIs/Microservices , Cloud(AWS/GCP/Azure/Oracle )
Experience developing Reference Security Architecture and Design Patterns to support proactive and automated controls
Demonstrated experience with Cyber engineering and Operations , which could include DevSecOps and MLSecOps
A demonstrated knowledge of information security standards, rules and regulations related to information security and data confidentiality and other various security standards and policies.
Ability to keep up to date with technology and security. Make informed decision and appropriate adjustments.
Ability to operate effectively across a highly matrixed, global business environment.
Good leadership, strategic thinking, and large-scale planning abilities.
Good interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex IS topics
Excellent problems solving abilities and analytical skills
Ability to apply a broad and comprehensive understanding across multiple functional areas.
Strong work ethic, and an excellent use of discretion and judgment.
Ability to organize, prioritize, and lead multiple deliverables simultaneously across a large, global corporate environment.
Education:
Bachelor’s degree/University degree or equivalent experience
Master’s degree preferred
Anticipated Posting Close Date:
View the " " poster. View the .
View the .
View the
These jobs might be a good fit