Technology Information Security Officer VP Technology Information Security Officer VP …

Citi
in Singapore
Permanent, Full time
Be the first to apply
Competitive
Citi
in Singapore
Permanent, Full time
Be the first to apply
Competitive
Citi
Technology Information Security Officer VP
Technical Information Security Officer (VP) is a senior level position responsible for driving efforts to prevent and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's security policy and standards and regulatory standards.

Responsibilities:
  • Ensure the technology SDLC compliance with Information security standards of the assigned set of application portfolios catering to a business stream
  • Acts as leader for the security of complex programs/projects for assigned portfolios
  • Support GISOs in managing delivery of global information security programs, KPIs and KRIs
  • Demonstrate effective people and organizational skills. Able to manage and direct a team of ISOs and influence management decision making.
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
  • Ensure effective management of the IS programs including metrics to provide early and timely detection, reporting, escalation and remediation of Risks and unresolved issues
  • Direct the development and delivery of secure solutions by coordinating with business and technical contacts
  • Provides oversight to ensure IS processes and projects are completed in a timely manner.
  • Manage resolution of vulnerabilities or issues detected in an application or infrastructure
  • Where applicable analyze source code to mitigate identified weaknesses and vulnerabilities within the system
  • Review and validate automated testing results and prioritize actions that resolve issues based on overall risk
  • Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions
  • Scan and analyze applications with automated tools, and perform manual testing if necessary
  • Identify opportunities to automate and standardize information security controls and for the supported groups

Qualifications:
  • 12+ years of relevant experience with strong background in application development
  • Must have demonstrated ability to coach and lead cross functional team in the area of technology Information security. Proven influencing and relationship management skills
  • Must have strong experience with deep technical procedures, Security in Agile SDLC projects; Web, Mobile and API Development architecture/designs, Cloud and Containerization security, Ethical Hacking, and potentially with DevSecOps
  • Good understanding of Information security control areas such as Authentication/ Authorization/Access Control, Entitlement, Cryptography for applications (including web applications, mobile technology, and cloud) is a must.
  • Must have a strong knowledge in clear practical understanding of OWASP top 10 or CWE top 25 vulnerabilities and prevention strategies, strong applied Crypto/Key management knowledge, Interface Security, Application security (development and interfaces), SSL, HTTPS, VPNs.
  • Good understanding of JIRA and Agile concepts like Sprints, Scrum, Grooming, Epics, User stories, acceptance criteria, Tasks
  • Must be able to apply Risk management principles and balance IS priority
  • CISSP and CSSLP or SANS certifications are strongly desired
  • Self-motivated with the ability to work independently and as a team member with minimal direction;
  • Attitude to resolve problems working with multiple stakeholders and partners with proven analytical skills
  • Excellent written and verbal communication skills with the ability to effectively communicate with all levels.
  • Ability to build and maintain positive working relationships across project and control teams
  • Strong risk management and risk articulation skills.
  • Good project management and analytical skills with the ability to manage multiple priorities within targeted timeframes
  • Advanced proficiency with Microsoft Office tools and software

Education:
  • Bachelor's degree/University degree or equivalent experience


Job Family Group:
Technology

Job Family:
Information Security

Time Type:
Full time

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .

View the " EEO is the Law " poster. View the EEO is the Law Supplement .

View the EEO Policy Statement .

View the Pay Transparency Posting
Citi logo
More Jobs Like This
See more jobs
Close
Loading...
Loading...