SVP - GEMS/VTM- Hybrid

Safety and Soundness is part of the Personal Banking and Wealth Management Technology Engineering Risk & Controls and Transformation organization. Safety and Soundness (S&S) provides services and products to technology ensuring the oversight and execution of application security and technology governance, risk and compliance. As a member of S&S, you will be an integral member of the Engineering Risk & Controls and Transformation organization. S&S collaborates with other technology, risk and controls, and business leaders to identify and propose solutions that ensure strict adherence to Citi policies, standards, and regulatory commitments.

Manager will lead a team of engineers who will oversee the execution of the oversee the execution of information security requirements and serve as VA experts by defining solutions that can be used by application development team to be compliant to the security requirements. The role is to support businesses and functions in maintaining the confidentiality, integrity, and availability of Citi's information resources and assets

Candidate for the role should be able demonstrate and develop a strong working relationship with businesses and be responsible for stakeholder management, execution of IS activities, and remediation and reporting of IS risks.

A day in the life of an Application Security Manager , Vulnerability Management at Personal Banking and Wealth Management

• The Manager of Vulnerability Management will be supporting the Director in managing and reporting on team activities and projects that support internal and external vulnerability scanning, perimeter assessments, penetration testing, and timely vulnerability remediation.
• Drives vision and plans to implement, mature, and maintain the Vulnerability Assessment Product for PBWM
• Addresses need for process or workflow changes to support continuous delivery of vulnerability scanning, remediation, and reporting across various platforms and architectures.
• Ability to conduct root cause analysis against vulnerabilities and determine feasible technical solutions.
• Partner with technology teams to assess application and system configurations by leveraging technical knowledge and problem-solving skills in the network, database, server, and desktop technology areas in accordance with the secure SDLC process.
• Partner with Citi Technology Infrastructure (CTI) to evaluate and recommend new products and technologies to address current and emerging IS risks affecting supported business (es).
• Provide guidance using expertise in technology platforms (Oracle, UNIX, etc.) and secure technology solutions (email encryption, access management tools, etc.).
• Collaborate with domain architects, project managers, and ISOs to provide technical IS expertise when needed.
• Developing rapport with others by demonstrating an understanding of their concerns, needs and issues, and focusing on developing an internal network of relationships that can provide advice and support.
• Scans the external IT environment to provide a common set of planning assumptions.
• Works on internal communications. Manages mergers & acquisitions and outsourcing activities.
• Ensures business unit is meeting or exceeding components of service level agreements. Resolves complex and varied issues with substantial potential impact.
• Uses in depth understanding of concepts and procedures within own area and basic knowledge of other areas to resolve issues that have impact beyond own area.
• Applies in depth understanding of how own sub function integrates within technology and has commercial awareness.
• Has full management responsibilities for team (includes people, budget and planning).
• Monitor progress, manage risk, and ensure key stakeholders are kept informed about progress and expected outcomes.
• Impacts the area through responsibility for planning, finances/budget, end results, setting policies and contribution to strategic decisions.
• Persuades and influences others through communication and diplomacy skills; may negotiate with external parties.
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.

Preferred Experience:

• Bachelor's Degree (4-year degree equivalent) in Computer Science, Software Engineering, Information Systems
• At least 10 or more years of experience in Information Security Management, Cybersecurity or Risk Management with focus on application and platform security.
• Working knowledge and experience with multiple security domains (e.g., application security, vulnerability reduction, data protection, encryption, logging and monitoring, network security)
• Subject Matter Expert (SME) experience with Secure Software Development Life Cycle (SSDLC) (e.g. risk assessments, threat modeling, static code analysis, code reviews and dynamic application scanning)
• Experience working with modern development practices (e.g. New Banking Architecture, micro services, containers, orchestration, continuous integration & delivery pipelines)
• Working knowledge of enterprise Identify and Access Management solutions, (e.g. Federated Identity, Privileged Access management, Active Directory, Role Based Access Control)
• Experience working in regulated industries leveraging information security management frameworks and industry recognized best practice / standards (e.g. NIST, ISO, PCI, SOC)
• Experience working in a matrix environment across globally dispersed teams.
• Strong written and verbal communication skills in order to effectively community technology risk to business and other stakeholders.
• Strong problem solving, analytical skills in order to drive continuous improvement.
• Experience as a direct or matrixed leader of other junior ISOs a plus.
• Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA

Education:

• Bachelor's/University degree, Master's degree preferred

Job Family Group:
Technology

Job Family:
Technology Management

Time Type:
Full time

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting

Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.