COVID-19: 我们同事和求职者的健康和安全是我们的重中之重。 因此,花旗继续密切监视COVID-19的情况。 我们已在全球范围内对整个公司实施了预防措施,包括几乎暂时地通过视频形式完成所有候选人面试,直到需要时另行通知。

Application Security Architect - Vice President

职位编码 22498372 主要位置 Jersey City, New Jersey, Fort Lauderdale, Florida, Tampa, Florida, Irving, Texas; 职位分类 Technology

Citi’s Institutional Client Group (ICG) serves clients in all major aspects of finance: Working Capital Management, Execution, Securities Services and Advisory and Capital Raising. Citi delivers a comprehensive set of products and solutions through an unmatched, worldwide proprietary network with a physical presence in 95 markets. Citi offers products and solutions to help you effectively manage payments for cooperation with centralized or decentralized operations. Whether for invoices, payroll and taxes, or settlement of treasury activities, clients gain from our presence in 100 countries and jurisdictions.

The CISO Institutional Client Group (ICG) Technology Information Security Team is responsible for managing application security risks and providing necessary support to Application Development and Technology teams. Citi offers products and solutions to help you effectively manage payments for cooperation with centralized or decentralized operations. Whether for invoices, payroll and taxes, or settlement of treasury activities, clients gain from our presence in 100 countries and jurisdictions. The Application Security Architect role plays a vital role in ensuring that ICG applications are developed in accordance with Citi Information and Cyber Security standards and are protected against cyber threats. The role will be closely working with ICG Technology architects, engineers, and product managers as well as CISO organization.

This Application Security Architect will support ICG business with primary responsibilities to perform payment applications information security risk assessments, provide SME knowledge during software development process and act as trusted advisor to ensure business applications comply with Citi Information Security standards and Regulatory needs.

Join an environment with a laser focus on growth and progress, and take your career to the next level through the power of Citi’s unmatched globality and vast expertise.


  • Perform information security risk assessments including security architecture assessment and threat modelling on payment applications throughout the SDLC/Agile/Iterative lifecycles
  • Perform Information security control assessments for different global regulations, and  industry standards such as SWIFT CSP, CHAPS, Fedline, Target 2, etc.
  • Report Information security issues to IT with appropriate recommendations to mitigate and/or remediate the risk as well as assist IT with corrective action plans
  • Provide subject matter expertise in application development lifecycle to assess security requirements and controls and ensure that security controls are implemented as planned
  • Promote awareness of current Citi information security policies and standards
  • Identify opportunities to automate and standardize information security controls and for the supported groups
  • Partner with application and infrastructure owners to ensure any vulnerabilities or issues are resolved per security guidelines
  • Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions
  • Direct the development and delivery of secure solutions by coordinating with business and technical contacts
  • Drive security frameworks, pattern development and implementation for various domains (e.g. authentication and authorization credential management, secret management, application security, security monitoring) for on-prem and cloud.
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
  • Interface with Internal auditor, Operational Risk Management, and/or provide support during audits
  • Establish and maintain relationships with domain architects, project managers, and others within the technology development unit


  • 7+ years of Information Security assessment experience in areas of Application Security and IT Information Security
  • Good understanding of Information security control areas such as Authentication/Authorization/Access Control, Entitlement, Cryptography for applications (including web applications, mobile technology, cloud) is are required
  • Good knowledge of software development processes (SLDC/Agile/Iterative/DevOps) and integration of security assessments in SDLC process, application and infrastructure vulnerability management is required is a must required
  • Understanding and experience with threat modelling is required
  • Good understanding of IT Security frameworks such as NIST SP800, ISO 27001 is required
  • Good understanding/experience of global Payment, Clearing and Financial Messaging platforms/concepts including Swift, Fedwire, CHIPS and other local RTGS/ACH is a plus
  • Experience with cloud technology is desirable
  • IS/IT program/project management and development experience is preferred
  • Exhibit strong influencing / negotiation skills, attention to details are key, ability to multi task and written/verbal communication skills
  • Strong problem solving/analytical skills
  • Proficient in MS Office products, particularly PowerPoint & Excel


  • Bachelor’s degree/University degree or equivalent experience
  • Master’s degree preferred
  • Professional certifications, such as CISSP/CISM/CISA/CSSLP, or willingness to obtain certification within 12 months of start date.
  • This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Jersey City Salary Range: $132,320.00 - $198,480.00 USD Annual


Job Family Group:



Job Family:

Information Security


Time Type:

Full time


Primary Location:

Jersey City New Jersey United States


Primary Location Salary Range:

$132,320.00 - $198,480.00


Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting


Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.

  • 加入我们由 220,000 多名实力强劲的多元化员工组成的团队

  • 我们的员工深具社会意识,为 90 个国家/地区的社区提供志愿服务

  • 遍及逾 95 个市场的实体业务提供了有意义的职业机会