Information Security Incident Manager (AVP)
Citi's Security Incident Management Team is a global team that manages all information security incidents for Citigroup and its affiliates with team members located globally. As a member of the Security Incident Management (SIM) Team, you participate in overseeing the SIRT process globally to provide oversight of emergency response to information security incidents to quickly identify, respond, and mitigate the risk from Information Security incidents that impact the firm.
In order to achieve the above results, this position will be responsible for the below functions:
- Act as the central point of contact for these activities and coordinate with other groups such as Information Security Officers (ISOs), Security Operations Center (SOC), CIRT (Cyber Investigations Response team) and the broader Global Information Security Threat Management group
- Take charge of implementation of various related projects, such as the implementation of the Security Incident Severity Calculator by leading the discussions with other areas for its development and enhancement
- Reviewing and analyzing IS Incidents to identify those that pose a significant risk to the Citigroup franchise and its affiliates, and escalating those IS Incidents in accordance with Citigroup policy and procedures
- Reviewing the details of all reported incidents to determine whether they constitute an IS incident
- Reviewing and verifying the accuracy of the reported severity level of an incident
- Providing technical subject matter expertise to mitigating risk to impacted parties throughout an incident
- Working with internal and external constituents to minimize risks associated with IS incidents including convening appropriate Subject Matter Experts to assist investigations and ensuring that all relevant facts of the IS incident are properly communicated and reflected in the SIM application
- Tracking follow-up documentation related to an IS incident including Root Cause Analyses (RCAs), lessons learned and SIRT Remediation Plans throughout the incident lifecycle till closure
- Overseeing the quality, availability and integrity of the data in the Security Incident Management Application (SIM application)
Non-Technical Skills Required:
- 4 or more years working in an Incident Response role with experience in examining suspicious/malicious network events, analyzing malicious code/exploits, and system/network forensics
- 5 or more years working in IT/IT Security, preferably a 24x7 operational environment, or educational equivalent
- Ability to communicate technical issues to technical and non-technical business representatives is a must.
- Experience in security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination of education and work experience
- Understanding of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols
- Experience with Reverse Engineering malicious code and Web/Network Penetration Testing is a plus
- Experience with Databases, SQL knowledge is a plus
- Experience writing Perl, Python, scripting, programming, or other languages is a plus. Any scripting language is okay.
- Experience administering and troubleshooting operating systems, including Solaris, Linux, and Microsoft Windows Server is a plus
- Certified Information Systems Security Professional (CISSP) certified/qualified or ability to actively work towards obtaining certification- preferred
- Certified GIAC Certified Incident Handler (GCIH) or demonstrated skills and ability to obtain certification - preferred
- Ability to understand strategic objectives and vision, and work towards those goals
- Dedicated and self-driven desire to research current information security landscape.
- Excellent communication skills, analytical ability, strong judgment and leadership skills, and the ability to work effectively with clients and IT management and staffs
- Strong customer and quality focus is a must
- Sound problem resolution, judgment and decision making skills are required
- Excellent organizational, interpersonal and project management skills
- Excellent communication skills both written and oral
- Self-starter and ability to work in a team environment
- Hard working and self-motivated
- Able to work effectively under pressure
#CISO Job Family Group:
Technology Job Family:
Information Security Time Type:
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi
View the " EEO is the Law
" poster. View the EEO is the Law Supplement
View the EEO Policy Statement
View the Pay Transparency Posting