VP - Issue Management
Company: Citi
Location: Irving
Posted on: January 26, 2023
Job Description:
Safety and Soundness is part of the Personal Banking and Wealth
Management Technology Engineering Risk & Controls and
Transformation organization. Safety and Soundness (S&S)
provides services and products to technology ensuring the oversight
and execution of application security and technology governance,
risk and compliance. As a member of S&S, you will be an
integral member of the Engineering Risk & Controls and
Transformation organization. S&S collaborates with other
technology, risk and controls, and business leaders to identify and
propose solutions that ensure strict adherence to Citi policies,
standards, and regulatory commitments.
This position will work closely with technical and application
development teams on a day-to-day basis. This position will be
required to work collaboratively with development teams to assist
with code and application design to ensure security standards are
being met consistently.
Responsibilities:
- Experience with engineering secure application systems,
application security architecture, version control, automated code
testing, database, data de-identification / tokenization, cloud
containerization, APIs, application threat modeling, encryption,
secure application development, application controls, open-source
software, and best practices for application security
- Ensure the security of application code releases with code
reviews and automated code analysis tools
- Fine-tune application security static code analysis and dynamic
code vulnerability assessment tools and associated processes
- Identify and track remediations for code and configuration
vulnerabilities, ensuring that security fixes are applied on a
timely basis
- Must be able to closely partner with peers in the engineering,
infrastructure and devOps organizations to ensure security
compliance with a 'shift left' mindset
- Perform technical security assessments, threat modeling, code
audits, design reviews with engineers to ensure effective and
secure development
- Review vulnerability and penetration testing, present
assessments reports to clearly detail security findings and work
with developers to remediates the issues found
- Analyze application security controls to identify gaps,
mitigating/compensating controls, and recommend/implement
appropriate means to mitigate security risks
- Participate throughout all phases of the system development
life cycle process to ensure that security requirements are being
met
- Identify and promote tools and processes to further application
software quality and enhance SDLC activities
- Guide application penetration testing and attack simulation
activities
- Be the primary security representative on SecDevOps teams
- Provide the subject matter expertise and advocate for the
security controls needed for designing and enhancing application
systems
- Partner with Citi Technology Infrastructure (CTI) to evaluate
and recommend new products and technologies to address current and
emerging IS risks affecting supported business (es).
- Provide guidance using expertise in technology platforms
(Oracle, UNIX, etc.) and secure technology solutions (email
encryption, access management tools, etc.).
- Collaborate with domain architects, project managers, and ISOs
to provide technical IS expertise when needed.
- Lead information security assessments on cloud computing
technologies; partnering with business and technology on migrating
systems to cloud providers such as Amazon Web Services (AWS),
Google Cloud, and RedHat Open Shift.
- Experience with Lean, Agile, and DevOps methodologies
- Experience with DevOps CI/CD tools, capabilities, and security
integrations
- Communicate progress, anticipate bottlenecks, provide
escalation management, identify, assess, track and mitigate
issues/risks at multiple levels. Recognize discordant views and
take part in constructive dialog to resolve them.
- Demonstrate the ability to implement continuous improvement and
the induction of new technology. Demonstrate examples of influence
in scrum teams beyond your own area of focus.
- Appropriately assess risk when business decisions are made,
demonstrating particular consideration for the firm's reputation
and safeguarding Citigroup, its clients and assets, by driving
compliance with applicable laws, rules and regulations, adhering to
Policy, applying sound ethical judgment regarding personal
behavior, conduct and business practices, and escalating, managing
and reporting control issues with transparency.
- The IT Business Unit Manager oversees and has responsibility
for business planning initiatives for a business unit. Has full
management responsibilities for team (includes people, budget and
planning).Provides evaluative judgment based on analysis of factual
information in complicated and unique situations; uses multiple
sources of information.
- Manages mergers & acquisitions and outsourcing activities.
Ensures business unit is meeting or exceeding components of service
level agreements. Resolves complex and varied issues. Uses good
understanding of concepts and procedures within own subject area
Qualifications:
- 6-10 years of relevant experience in an Apps Development role
with at least 5 or more years of experience in Information Security
Management, Cybersecurity or Risk Management with focus on
application and platform security.
- Working knowledge and experience with multiple security domains
(e.g., application security, vulnerability reduction, data
protection, encryption, logging and monitoring, network
security)
- Subject Matter Expert (SME) experience with Secure Software
Development Life Cycle (SSDLC) (e.g. risk assessments, threat
modeling, static code analysis, code reviews and dynamic
application scanning)
- Experience working with modern development practices (e.g.
micro services, containers, orchestration, continuous integration &
delivery pipelines)
- Working knowledge of enterprise Identify and Access Management
solutions, (e.g. Federated Identity, Privileged Access management,
Active Directory, Role Based Access Control)
- Experience working in regulated industries leveraging
information security management frameworks and industry recognized
best practice / standards (e.g. NIST, ISO, PCI, SOC)
- Experience working in a matrix environment across globally
dispersed teams.
- Strong written and verbal communication skills in order to
effectively community technology risk to business and other
stakeholders.
- Strong problem solving, analytical skills in order to drive
continuous improvement.
- Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA
Education:
- Bachelor's/University degree, Master's degree preferred -
Job Family Group:
Technology -
Job Family:
Applications Development
Time Type:
Full time
Primary Location:
Irving Texas United States
Primary Location Salary Range:
$116,880.00 - $175,320.00
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to
their race, color, religion, sex, sexual orientation, gender
identity, national origin, disability, or status as a protected
veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified
interested applicants to apply for career opportunities. If you are
a person with a disability and need a reasonable accommodation to
use our search tools and/or apply for a career opportunity review
Accessibility at Citi .
View the " EEO is the Law " poster. View the EEO is the Law
Supplement .
View the EEO Policy Statement .
View the Pay Transparency Posting
-
Effective November 1, 2021, Citi requires that all successful
applicants for positions located in the United States or Puerto
Rico be fully vaccinated against COVID-19 as a condition of
employment and provide proof of such vaccination prior to
commencement of employment.
Keywords: Citi, Irving , VP - Issue Management, Executive , Irving, Texas
Didn't find what you're looking for? Search again!
Loading more jobs...