This position is a critical role for the second line Technology
and Cyber function within Operational Risk Management. The Cyber
Risk Threat and Crisis Management team serves as an authoritative
body for providing independent review and assurance of security
operations including threat intelligence, incident management,
insider threat operations, cyber crisis management, physical
security, and threat hunting.
Second Line's Security Operation Centre's (SOC) embedded officer
is expected to lead second line's coverage of the SOC, including
detection and containment of incidents. As an embedded officer,
they will have the ability to manage stakeholder relationships to
drive a greater firm understanding of the cyber risks it faces.
They will have the ability to understand all aspects of SOC
operations and be able to recommend corrective action where
warranted to enhance Citi's defenses. They will also have the
ability to communicate their findings and expertise skillfully in
both verbal and written mediums to ensure implementation and
The second line SOC embedded role requires an experienced,
credible, professional authority on Cyber Risk, Security
Operations, and incident management.
- Assessment of control effectiveness, including changes/updates
made, for incident monitoring, detection, & containment.
- Review of compensating controls and their effectiveness.
- Assess/challenge for potential undetected events and
- Assess control design and implementation effectiveness.
Identify gaps in controls, potential impact, and recommendations
for improvement if warranted.
- Review containment options/plans for threats and incidents and
assess/challenge for effectiveness and potential collateral
- Monitoring of SOC threat hunting team and insider threat
- Understand, dimension and monitor SOC operations. Understanding
how the SOC impacts the business and operations.
- Develop key stakeholder relationships in the SOC.
- Review and challenge root cause analysis for security
- Monitor/challenge anomalous events and incidents and examine
- Conduct risk analysis and convert it into actionable monitoring
recommendations to be conducted by the SOC.
- Provide challenge support for security incidents throughout the
incident lifecycle as needed and provide challenge to ensure
enterprise infrastructure is protected.
- Perform analyses to validate established security requirements
and to challenge/recommend additional security requirements and
- Identifying potential opportunities for enhanced risk
management practices, challenging in the moment, conducting formal
reviews, and developing corresponding remediation plans.
- Serving as an SME throughout ORM-Technology/Cyber & Data
- Assessing the impact of identified risks on other areas
throughout the bank including the business and risk, and ensuring
it is accounted for and addressed.
- Providing SME inputs to regulatory, internal reporting and
- Planning and scheduling of second-line reviews with the target
- Ensure Issues & Corrective Actions Plans are raised to address
identified risks, ensure Corrective Actions are completed in a
timely manner, and address identified risks.
- Providing strategic input into the team's methodology and
planned deliverables for the Book of Work to strengthen our
independent methodology and outputs.
Desired Experience and Skills:
Minimum 8 years of experience preferred in security operations,
incident response, insider threat operations, threat management,
cyber security, forensics, Information Security or related
Minimum 2 years of experience in a risk role preferred.
Bachelor's degree, Masters preferred.
Preference for Industry recognized Information Security
certification such as Certified Information Systems Security
Professional (CISSP), Certified Information Security Manager
(CISM), Certified Information Systems Auditor (CISA)
certifications, Splunk Certification and/or training, GIAC
certifications to include: GBFA, GCFA, GCTI, GCIH, GEVA, GDAT,
GCIA, GMON, GCDA
Understanding of networking concepts and technologies including
TCP/IP, Routing, Switching, NAT, OSI Model, etc.
Ability to manage multiple projects and multiple deadlines in an
Understanding of advanced data analysis and management concepts
is a plus.
Technical writing abilities to author technical and risk
Demonstrates considerable technical knowledge of incident
response, Cyber Security, Data Protection, IT Risk and
Considerable knowledge and understanding of common cyber
security technology tools such as firewalls, IDPS, Network access
control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption and
Knowledge of industry standards/regulations (ISO, NIST, PCI-DSS,
PSD2, GDPR, NIS).
Experience of overseeing or conducting independent risk
assessments, business process or IT control auditing.
Experience of working in a large multinational financial
institution is advantageous.
A broad understanding of global financial business activities
such as Markets and Trading, Investment Banking and Consumer
Banking is a plus.
An understanding of global financial payment systems such as
SWIFT is advantageous.
Proven experience of interfacing with senior C-level
stakeholders is a plus.
Experience in managing stakeholder engagements across various
disciplines, varying degrees of seniority, and differing goals.
Execution and delivery focused; creating high quality reporting
and analysis using appropriate business and technical language for
Proven analytical and critical think skills.
Excellent verbal communication and organization skills.
- All competitive applications may be considered including those
with equivalent experiences.