Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.
Citi’sMission and Value Propositionexplains what we do and Citi Leadership Standardsexplain how we do it. Ourmissionis to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients’ and the public’s trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.
Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop to are widely available to all.
A Security State Management Vulnerability Specialist will play a leading role in driving information security analysis and vulnerability remediation. This position will report to the head of Security State Management. This role is a key business enabler to provide information security risk analysis and strategic recommendations for the ongoing improvement of Information Security. In this role, you will be engaging with program employees, stakeholders, and executives to ensure appropriate and up-to-date security management.
- Interfaces with business units and IT stakeholders to identify and understand security monitoring and response requirements and design solutions to meet business unit and IT stakeholder needs.
- Maintains an up-to-date understanding of emerging cyber threats facing financial institution.
- Applies new techniques and trends that are in line with overall information security objectives and risk tolerance.
- Builds effective relationships with key stakeholders who own and support IT infrastructure, applications, processes, and operations.
- Gains commitment from stakeholders to implement recommended and agreed information security controls,
- Provide and demonstrate strong leadership, and organizational abilities applied across a large team with diverse skills.
- Help to formulate vulnerability management frameworks and working structures for initiatives associated with infrastructure technology and solution delivery teams.
- Develop horizontal view of risk posture across multiple technology domains.
- Execute Information Security strategy to proactively identify risk and drive remediation
- Act as point of contact for managing and delivering various vulnerability and remediation report
- Implement security improvements by assessing baseline, evaluating trends, and anticipating requirements.
- Demonstrate ability to identify project stakeholders, plan, and manage stakeholder engagement.
- Regularly communicate the progress of initiatives in writing and/or in presentation to senior leadership.
- Work with various risk and information security teams in presenting vulnerability management status and updates to technology subject matter experts and management.
- Contribute to, interpret and disseminate IS policy, standards and awareness throughout the business units.
- Additional ad-hoc IS & Risk related initiatives and projects
- Complete additionally any other tasks in connection with the role but not detailed in the current job description, charged by the direct manager, supervisor, or the functional head.
- BA/BS in Information Systems or a related technical field
- Minimum 5+ years’ experience working in an information security, information technology, or information risk management related field.
- Demonstrated experience building and managing vulnerability management programs.
- Ability to brief technical risks and issues to executives and business leaders.
- Demonstrated ability to lead the development of specific proactive procedures for the detection of security breaches across a large enterprise network.
- Demonstrated experience working with senior management on highly sensitive projects that require the utmost discretion and maintaining strict confidentiality on all data, records, and tasks as required.
- Possession of industry certifications highly preferred. Including, but not limited to, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Global Information Assurance Certification (GIAC).
- Technical background in Windows/Unix Operating systems, security technologies, and network architectures.
- Knowledge of complex query for data analysis.
- Knowledge of security assessment methodology and risk management process.
- Knowledge of SQL and other business analytics software is a plus