VP, Governance & Monitoring - Hybrid
Company: Citi
Location: Bedford
Posted on: January 21, 2023
Job Description:
Safety and Soundness is part of the Personal Banking and Wealth
Management Technology Engineering Risk & Controls and
Transformation organization. Safety and Soundness (S&S)
provides services and products to technology ensuring the oversight
and execution of application security and technology governance,
risk and compliance. As a member of S&S, you will be an
integral member of the Engineering Risk & Controls and
Transformation organization. S&S collaborates with other
technology, risk and controls, and business leaders to identify and
propose solutions that ensure strict adherence to Citi policies,
standards, and regulatory commitments. This position will work
closely with technical and application development teams on a
day-to-day basis. This position will be required to work
collaboratively with development teams to assist with code and
application design to ensure security standards are being met
consistently.
Responsibilities:
- Experience with engineering secure application systems,
application security architecture, version control, automated code
testing, database, data de-identification / tokenization, cloud
containerization, APIs, application threat modeling, encryption,
secure application development, application controls, open-source
software, and best practices for application security
- Ensure the security of application code releases with code
reviews and automated code analysis tools
- Fine-tune application security static code analysis and dynamic
code vulnerability assessment tools and associated processes
- Identify and track remediations for code and configuration
vulnerabilities, ensuring that security fixes are applied on a
timely basis
- Must be able to closely partner with peers in the engineering,
infrastructure and devOps organizations to ensure security
compliance with a shift left mindset
- Perform technical security assessments, threat modeling, code
audits, design reviews with engineers to ensure effective and
secure development
- Review vulnerability and penetration testing, present
assessments reports to clearly detail security findings and work
with developers to remediates the issues found
- Analyze application security controls to identify gaps,
mitigating/compensating controls, and recommend/implement
appropriate means to mitigate security risks
- Participate throughout all phases of the system development
life cycle process to ensure that security requirements are being
met
- Identify and promote tools and processes to further application
software quality and enhance SDLC activities
- Guide application penetration testing and attack simulation
activities
- Be the primary security representative on SecDevOps teams
- Provide the subject matter expertise and advocate for the
security controls needed for designing and enhancing application
systems
- Partner with Citi Technology Infrastructure (CTI) to evaluate
and recommend new products and technologies to address current and
emerging IS risks affecting supported business (es).
- Provide guidance using expertise in technology platforms
(Oracle, UNIX, etc.) and secure technology solutions (email
encryption, access management tools, etc.).
- Collaborate with domain architects, project managers, and ISOs
to provide technical IS expertise when needed.
- Lead information security assessments on cloud computing
technologies; partnering with business and technology on migrating
systems to cloud providers such as Amazon Web Services (AWS),
Google Cloud, and RedHat Open Shift.
- Experience with Lean, Agile, and DevOps methodologies
- Experience withDevOps CI/CD tools, capabilities, and security
integrations
- Communicate progress, anticipate bottlenecks, provide
escalation management, identify, assess, track and mitigate
issues/risks at multiple levels. Recognize discordant views and
take part in constructive dialog to resolve them.
- Demonstrate the ability to implement continuous improvement and
the induction of new technology. Demonstrate examples of influence
in scrum teams beyond your own area of focus.
- Appropriately assess risk when business decisions are made,
demonstrating particular consideration for the firm's reputation
and safeguarding Citigroup, its clients and assets, by driving
compliance with applicable laws, rules and regulations, adhering to
Policy, applying sound ethical judgment regarding personal
behavior, conduct and business practices, and escalating, managing
and reporting control issues with transparency. Qualifications:
- 6-10 years of relevant experience in an Apps Development role
with at least 5 or more years of experience in Information Security
Management, Cybersecurity or Risk Management with focus on
application and platform security.
- Working knowledge and experience with multiple security domains
(e.g., application security, vulnerability reduction, data
protection, encryption, logging and monitoring, network
security)
- Subject Matter Expert (SME) experience with Secure Software
Development Life Cycle (SSDLC) (e.g. risk assessments, threat
modeling, static code analysis, code reviews and dynamic
application scanning)
- Experience working with modern development practices (e.g.
micro services, containers, orchestration, continuous integration &
delivery pipelines)
- Working knowledge of enterprise Identify and Access Management
solutions, (e.g. Federated Identity, Privileged Access management,
Active Directory, Role Based Access Control)
- Experience working in regulated industries leveraging
information security management frameworks and industry recognized
best practice / standards (e.g. NIST, ISO, PCI, SOC)
- Experience working in a matrix environment across globally
dispersed teams.
- Strong written and verbal communication skills in order to
effectively community technology risk to business and other
stakeholders.
- Strong problem solving, analytical skills in order to drive
continuous improvement.
- Certifications a plus, i.e., CISSP, CCSP, CRISC, CISA
Education:
- Bachelors/University degree, Masters degree preferred
------------------------------------------------- Job Family Group:
Technology ------------------------------------------------- Job
Family: Technology Management
------------------------------------------------------ Time Type:
Full time ------------------------------------------------------
Primary Location: Irving Texas United States
------------------------------------------------------ Primary
Location Salary Range: $116,880.00 - $175,320.00
------------------------------------------------------ Citi is an
equal opportunity and affirmative action employer. Qualified
applicants will receive consideration without regard to their race,
color, religion, sex, sexual orientation, gender identity, national
origin, disability, or status as a protected veteran. Citigroup
Inc. and its subsidiaries ("Citi) invite all qualified interested
applicants to apply for career opportunities. If you are a person
with a disability and need a reasonable accommodation to use our
search tools and/or apply for a career opportunity review
Accessibility at Citi. View the "EEO is the Law" poster. View the
EEO is the Law Supplement. View the EEO Policy Statement. View the
Pay Transparency Posting ----------------------------- Effective
November 1, 2021, Citi requires that all successful applicants for
positions located in the United States or Puerto Rico be fully
vaccinated against COVID-19 as a condition of employment and
provide proof of such vaccination prior to commencement of
employment.
Keywords: Citi, Bedford , VP, Governance & Monitoring - Hybrid, Executive , Bedford, Texas
Didn't find what you're looking for? Search again!
Loading more jobs...