About Citi:

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

The Info Sec Tech Lead Analyst is a senior level professional position responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

Responsibilities:

• Perform security reviews on assigned applications according to Security Policy and Practices established by Citigroup to ensure all requirements are met.
• Ability to complete a review of development projects during the SDLC and make actionable recommendations to the project team, understand the technology and drive solutions. Be the primary security officer responsible for providing security development and testing requirements to the project teams on multiple, concurrent Agile and waterfall projects.
• Work with multiple teams to develop processes and procedures to ensure information security policies and standards are integrated within the organization’s applications.
• Promote awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to technology teams and business personnel.
• Interfaces with the business where technical IS solutions are required and advises on the impact to the bottom line while satisfying business objectives.
• Defines secure configurations leveraging technical knowledge and problem-solving skills across all technology supported areas in accordance with the secure SDLC process.
• Respond to internal and external audits of security procedures and application security configurations.
• Establish and maintain relationships with domain architects, project managers, and others within the technology development unit.
• Manage risk by analyzing the root cause of security issues, impact to technology, and required corrective actions leveraging advanced analytical skills.
• Schedule, host, and drive meetings with multiple levels of technology management, from individual contributors to senior management; requires strong communication, influence, and diplomacy skills to ensure that secure development procedures are addressed.
• Ability to keep Sr ISO updated on existing or emerging risk and issues in a concise and timely manner, supporting a proactive, no surprise, security control objective.
• Ability to periodically work across different time zones and areas globally in an international environment.
• Reports IS issues to IT as applicable with appropriate recommendations and documentation.

Qualifications:

• Undergraduate Degree with 5+ years of Information Security experience or strong IT knowledge
• Experience with interpretation and application of IS Policy and Standards.
• A solid understanding of application security and development processes and proven ability to identify security threats in technology environments such as web applications,
  Cloud, Service based architecture, mainframe, databases, ATM and voice.
• Application security architecture/engineering/consulting, working knowledge in all areas of current technology focus, e.g.:
  Web, (REST, JSON), API, Micro services, Cloud (AWS, Azure, GCP), Containerization, Docker, Kubernetes, etc.
• Knowledge/hands on in security relevant areas: Pen Test procedures (static and dynamic), Automated vulnerability scanning tools, Threat modeling,
  Risk assessment techniques.
• Proven ability in guiding development teams in security assessment requirements, security test cases and security requirements,
  while adhering to established Corporate Policies/Standards and industry standards/best practices.
• Proven ability to contribute productively in a fast-paced, Agile SDLC development environment.
• Knowledge/hands-on experience in Continuous Integration/Continuous Deployment (CI/CD) environments.
• Application development experiences a plus.
• Regulatory financial experience a plus.
• Experience working under minimal supervision from management with a strong commitment to team participation.
• Maintaining a no surprise, proactive awareness and communication channel to management regarding existing or emerging risk and issues.
• Leadership skills and ability to work with and influence developers, development managers, project managers, technology peers, and business contacts are required.
• Strong risk analysis and problem-solving skills.
• Excellent Verbal and written communication skills.
• Solid knowledge of industry IS standards.
• CISSP, CCSP, CSSLP or equivalent certifications (preferred or active plan to obtain).
  
  All applicants must be a U.S. citizen, U.S. permanent resident or be otherwise authorized to work in the U.S. without restriction as to duration.

Education:

• Bachelor’s degree/University degree or equivalent experience
• Master’s degree preferred

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

-

Job Family Group:

-

Job Family:

-

Time Type:

-

Primary Location:

-

Primary Location Salary Range:

-

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting