Citi

Lead Information Security Officer

Citi

full-time

Posted on:

Origin:  • 🇺🇸 United States • Florida

Visit company website
AI Apply
Manual Apply

Salary

💰 $141,440 - $212,160 per year

Job Level

Senior

Tech Stack

AWSAzureCloudCyber SecurityGoGoogle Cloud PlatformJavaJavaScriptJenkinsPython

About the role

  • Work directly with business, functions and technology units and relevant stakeholders to facilitate/ perform Citi’s IS risk assessment and risk management processes in order to protect information assets
  • Work with business and technology management to drive the information security program and information risk management activities
  • Work with the internal Applications Development function to drive the development of strategies and plans for improving both architecture and application security
  • Provide strategic risk guidance for business and technology projects, including the evaluation and recommendation of security controls and corrective actions to mitigate or remediate risks
  • Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation
  • Conduct and facilitate security reviews and table-top/red-team/scenario analysis exercises in conjunction with other Subject Matter Experts
  • Define secure configurations leveraging technical knowledge and problem solving skills in the network, database, API, Mobile and Web technology areas
  • Assist with responsibilities over the technical strategy for an area, technical integrity of process, operations, and associated results
  • Participate in the evaluation and selection of applications and systems with specific focus on IS implications
  • Participate/provide, as required, IS awareness training programs for employees, contractors and approved system users
  • Facilitate compliance with all Information Security policies, standards and regulations / directives as mandated by Global CISO Organization
  • Provide oversight of Information Security Assessments across applications, infrastructure and business process and ensure non-compliant items are resolved

Requirements

  • 10+ years of proven professional experience as an Information Security Officer or Security Engineer, including secure system design and development.
  • 4+ years of hands-on experience focused on Cybersecurity, Application Security, or DevSecOps.
  • Proficiency in one or more programming languages (Java, Python, JavaScript, Go, etc.).
  • Deep understanding of Secure Coding Practices, OWASP Top 10, and Common Software Vulnerabilities.
  • Experience with DevSecOps toolchains and CI/CD pipelines (e.g., Jenkins, GitHub Actions, GitLab, Azure DevOps).
  • Strong understanding of cloud security (AWS, GCP, or Azure), API security, and Identity & Access Management (IAM).
  • In-depth understanding of secure architecture patterns and infrastructure-as-code security.
  • Excellent problem-solving, communication, and collaboration skills.
  • Demonstrated ability to take ownership and follow up on issues.
  • Demonstrated ability to work in a team while working well under pressure to meet tight deadlines.
  • Consistently demonstrates clear and concise written and verbal communication.
  • Proficient in interpreting and applying policies, standards and procedures.
  • Demonstrated ability to remain unbiased in a diverse working environment.
  • Ability to manage multiple activities and changing priorities.
  • Self-starter with ability to take the initiative and master new tasks quickly.
  • Experience with threat modeling and risk assessments is a plus.
  • Experience working with SaaS and/or Public Cloud is a plus.
  • Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or related field (Master’s degree preferred).
  • Technical certifications preferred e.g., CISSP, or any Public Cloud related certifications (AWS, GCP, Azure / M365).