The Information Security Officer is a senior level professional position responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi’s data security policy.

QUALIFICATIONS:

• 6-10 years of relevant experience as an ISO officer
• Proficiency in application, architecture, information, and cyber security
• Proficiency in one or more: GCP, AWS and Azure
• Advanced proficiency with Microsoft Office tools and software
• Consistently demonstrates clear and concise written and verbal communication
• 5-10 years of experience in Application Security and/or Security Architecture
• 5-10 years of experience Public & Private Cloud Security

EDUCATION:

• Bachelor’s degree/University degree in Information Security/Computer Science/Electrical, Mechanical Engineering /Information Technology or equivalent experience
• Master’s degree preferred
• Professional certifications, such as CISSP and CSSLP, or willingness to obtain certification within 12-18 months of start date.
  This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required

MOST RELEVANT SKILLS

Please see the requirements listed above.
-

OTHER RELEVANT SKILLS

For complementary skills, please see above and/or contact the recruiter.
-

• Perform security reviews on SaaS and PaaS products
• Performing security assessment on Saas & Paas
• Ability to engage in deep technical discussions with other Engineering groups, as well as ability to convey the same concepts and issues at an elevated level to senior leadership.
• Ability to execute technical responsibilities, including, Design / Architecture reviews, Code / Configuration reviews and vulnerability assessment.
• Develops security architecture, strategy, planning, and problem-solving solutions on an enterprise level.
• Identify opportunities to automate and standardize information security controls and for the supported groups
• Resolve any vulnerabilities or issues detected in an application or infrastructure
• Analyze source code to mitigate identified weaknesses and vulnerabilities within the system
• Review and validate automated testing results and prioritize actions that resolve issues based on overall risk
• Scan and analyze applications with automated tools, and perform manual testing if necessary
• Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions
• Direct the development and delivery of secure solutions by coordinating with business and technical contacts
• Recommend security solutions according to Security Policy and Practices established by Citigroup.
• Establish and maintain relationships with domain architects, project managers, and others within the technology development unit.
• Maintains continuous awareness of business, technical, and infrastructure issues and acts as a sounding board or consultant to aid in the development of creative GCP security architecture solutions.
• Interfaces with vendors to security assess their technology and to guide their product roadmap based on Citi’s security requirements.