Cybersecurity Architect - C14 - MISSISSAUGA
Citi
About Citi:
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.
About Our Team:
The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.
The Cybersecurity Architect is responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.
Responsibilities:
Plan, research, and design security architecture for IT systems and applications (internally developed as well as vendor supplied) for processing multiple classification levels of data on prem, and cloud.
Determine the security controls for above, document appropriately and partner with IT architecture/development stakeholders to implement during early in system development life cycle
Perform security architecture and risk assessment of internally developed or acquired IT systems and applications using best practices including threat modelling. Ensure that security design and controls are consistent with organization's security architecture principals.
Provide security recommendations including automated controls, configurations on projects, processes, risk exceptions, corrective action plans, and risk reduction initiatives
Collaborate with the internal and external technology teams to drive the development of strategies and plans for improving both architecture and application security
Establish relationships with cross-functional areas including Business, Technology, and Compliance stakeholders and serve as a SECURITY subject-matter expert
Promote awareness and provide consistent interpretation of security policy to technology and business teams
Manage risk by analyzing the root cause of security issues, determining compensating controls, and driving remediation
Support Global Information Security policies, standards, and initiatives development and implementation by representing in different Citi action groups such as Delegated Action Groups (DAG).
Qualifications:
10+ years of experience as a Security Architect or Application Architect with Security knowledge
Good understanding of IT Security frameworks such as NIST SP-800, ISO 27001 (required)
Good knowledge of Software Development processes (SLDC/Agile/Iterative/DevOps)
Good understanding of Industry attestations like SWIFT CSP, target 2, CHAPs will be a plus
Experience with Threat Modeling methodologies (e.g., STRIDE, DREAD) and performing threat assessments on applications.
Experience developing Reference Security Architecture and Design Patterns to support proactive and automated controls
Experience performing Security Architecture Assessments for one or more IT systems such as Web, Mobile, APIs/Microservices, Cloud (AWS/GCP/Azure/Oracle)
Strong knowledge of iOS & Android Ecosystem with emphasis on security for mobile applications related to authentication/authorization (biometric emphasis), data protection, session management, data validation, and end point protections
Strong understanding of Mobile Payment Systems and supporting ecosystems (i.e. Mastercard / Visa).
Hands on experience with security controls to defend against mobile attack surface related to end point devices, network APIs/Micro services, and network
Good understanding of mobile security trends and threats/vulnerabilities and corresponding risk analysis processes and threat modelling techniques
Must be proficient in applying application security knowledge to improving security in software development phases such as requirements, test cases, assessment, remediation
Demonstrated ability to take ownership and follow up on issues
Demonstrated ability to work in a team and to work well under pressure
Advanced analytical and problem solving skills
Consistently demonstrates clear and concise written and verbal communication
Proficient in interpreting and applying policies, standards and procedures
Demonstrated ability to remain unbiased in a diverse working environment
Education:
Bachelor’s degree/University degree or equivalent experience
Master’s degree preferred
------------------------------------------------------
Job Family Group:
Technology------------------------------------------------------
Job Family:
Information Security------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Most Relevant Skills
Please see the requirements listed above.------------------------------------------------------
Other Relevant Skills
For complementary skills, please see above and/or contact the recruiter.------------------------------------------------------
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.
If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View Citi’s EEO Policy Statement and the Know Your Rights poster.