Technical Information Security Officer (TISO)Locations: 歐文, 德克萨斯州, 杰克逊维尔, 佛罗里达州 Job Function: Technology Employee Status: Regular Job ID: 20155656
The Info Sec Tech Lead Analyst is a senior level professional position responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.
- Perform security reviews on assigned applications according to Security Policy and Practices established by Citigroup to ensure all requirements are met.
- Ability to complete a review of development projects during the SDLC and make actionable recommendations to the project team, understand the technology and drive solutions. Be the primary security officer responsible for providing security development and testing requirements to the project teams on multiple, concurrent Agile and waterfall projects.
- Work with multiple teams to develop processes and procedures to ensure information security policies and standards are integrated with the organization’s applications.
- Promote awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to technology teams and business personnel.
- Interfaces with the business where technical IS solutions are required and advises on the impact to the bottom line while satisfying business objectives.
- Defines secure configurations leveraging technical knowledge and problem solving skills across all technology supported areas in accordance with the secure SDLC process.
- Respond to internal and external audits of security procedures and application security configurations.
- Establish and maintain relationships with domain architects, project managers, and others within the technology development unit.
- Manage risk by analyzing the root cause of security issues, impact to technology, and required corrective actions leveraging advanced analytical skills.
- Schedule, host, and drive meetings with multiple levels of technology management, from individual contributors to senior management; requires strong communication, influence, and diplomacy skills to ensure that secure development procedures are addressed.
- Ability to keep GISO updated on existing or emerging risk and issues in a concise and timely manner, supporting a proactive, no surprise, security control objective.
- Ability to periodically work across different time zones and areas globally in an international environment.
- Reports IS issues to IT as applicable with appropriate recommendations and documentation.
- Undergraduate Degree with 5+ years of Information Security experience or strong IT knowledge
- Experience with interpretation and application of IS Policy and Standards.
- Application security architecture/engineering/consulting.
- A solid understanding of application security and development processes and proven ability to identify security threats in technology environments such as web applications, Cloud, Service based architecture, mainframe, databases, ATM and voice.
- Application development experiences a plus.
- Regulatory financial experience a plus.
- Experience working under minimal supervision from management with a strong commitment to team participation.
- Maintaining a no surprise, proactive awareness and communication channel to management regarding existing or emerging risk and issues.
- Leadership skills and ability to work with and influence developers, development managers, project managers, technology peers, and business contacts are required.
- Strong risk analysis and problem solving skills.
- Verbal and written communication skills.
- Familiarity with industry IS standards.
- CISSP, CCSP, CSSLP or equivalent certifications (preferred or active plan to obtain).
All applicants must be a U.S. citizen, U.S. permanent resident or be otherwise authorized to work in the U.S. without restriction as to duration.
- Bachelor’s degree/University degree or equivalent experience
- Master’s degree preferred
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
- Working Knowledge expected in all areas of CURRENT technology focus:
- Web,(REST, JSON)
- Micro services,
- Cloud (AWS, Azure, GCP)
- Containerization, Pivotal Cloud Foundry, Jenkins, Spring, Struts, Eureka, etc.
- Requires Knowledge/Hands on in security relevant areas:
- Pen Test procedures (static and dynamic),
- Automated vulnerability scanning tools,
- Threat modeling,
- Risk assessment techniques.
- Ability to apply knowledge in above in guiding development teams in:
- security requirements,
- security test cases and
- security assessment requirements
while adhering to established Corporate Policies/Standards, industry standards/best practices.
- Apply aforementioned in fast paced agile SDLC development environment.
- Continuous Integration/Continuous Deployment (CI/CD)
-------------------------------------------------Grade :All Job Level - All Job FunctionsAll Job Level - All Job Functions - US
------------------------------------------------------Time Type :Full time
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity CLICK HERE.