Info Security Professional Senior Group Manager

About The Position

Requirements

• Requires a Master’s degree, or foreign equivalent, in Cybersecurity, Computer Science, Mathematics, Engineering or related field and 4 years of progressive experience as an Information Security Officer, Security Architect, or related position involving Security Architecture and Information Security for business applications. Alternatively, employer will accept a Bachelor’s degree in the stated fields and 6 years of the specified experience.
• Full span of experience must include: Security architecture; Application security; Information Security for business applications; Risk assessment application vulnerabilities; Open-source software security; Security in DevOps; and .NET, Java.
• 100% telecommuting permitted from any location in the U.S.

Responsibilities

• Develop and enhance the enterprise security architecture principles and ensure that the principles are adhered to for software development.
• Review the software development lifecycle for secure practices, and advise on the implementation of application security controls and DevOps practices.
• Manage a team of solutions architects to develop strategies and plans for improving architecture and application security.
• Partner with enterprise Architecture team and Emerging Technology team to drive architecture solutions with software development teams.
• Calculate the need for security measures and facilitate application security measures.
• Engage in the permit process as part of proactive risk management agenda, and conduct security reviews throughout the lifecycle for applications deployed on premise and in cloud.
• Analyze security policies, and review application development and maintenance practices.
• Revise information security policies in accordance with changing and emerging security standards.
• Conduct and facilitate information security reviews, cloud architecture reviews, and table-top, red-team, and scenario analysis exercises.
• Provide security solutions for cloud computing architecture; partner with business and technology to migrate systems to cloud providers.
• Create, review, and maintain application security reference architecture based on DevSecOps models and industry frameworks.
• Perform threat modelling for critical back-office payment processors and clearing channels.
• Prioritize architecture deliverables and establish short-term to long-term architecture.
• Maintain Information Security risk management framework and assess applications for emerging areas like cloud security and Machine Learning.
• Participate in evaluation and selection of applications and systems with a focus on IS implications.
• Identify new requirements or enhancements to information security standards and processes.
• Evaluate and recommend new and emerging vendor products and technologies to mitigate cyber risks.
• Develop training programs for cyber architects, create design patterns for solutions, promote standardization, and improve organization’s cyber architecture maturity.

Benefits

• In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards.
• Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs.
• Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays.
• For additional information regarding Citi employee benefits, please visit citibenefits.com.
• Available offerings may vary by jurisdiction, job level, and date of hire.