• The cyber defense analyst for Services within the Business, Functions and Technology (BFT) is responsible for maintaining a secure technology ecosystem free from high-risk vulnerabilities and rapidly respond to the changing threat landscape and business demand to mitigate cyber risk for the Services business.

Key responsibilities

• Vulnerability Operations
  • Ensure business and technology remain within risk tolerance for all applicable Cybersecurity risk appetites and sustain it with the consistent operating model.
  • Enhance current vulnerability management (VTM) operating model in line with BFT Risk Governance organization with Path-to-appetite and reporting.
  • Timely escalate to CISO Leadership and Businesses and ensure VTM risk treatment responses are entered in a timely fashion
  • Support Vulnerability Organization to improve the quality and integrity of VTM/GEM reports
  • Continue supporting vulnerability management Uplift Program activities and reduce risk while reducing stakeholders’ pain-points (data/reporting, false positives, processes).
  • Perform root cause analysis of VA Issues and identification of repeated offenders for high risk vulnerabilities

• Security Assessments
  • Conduct security reviews to check for security compliance to Bank’s requirements

• Security Incident Response

• Identify areas of repeating SIRT incidents, related trending and work with technology team and ISO contacts in reducing repeat volume instances.
• Identify opportunities for improving SIRT workflow efficiencies and developing reporting which better reports on root causes for bringing down repeat instance volumes
• Work with SIM and ISO community to facilitate the adherence of SIRT reporting timelines as per defined within SIRT standard, as well as identify deviations and its cause (Project Dixson)
• Define and document escalation and response procedures between IR CFSC and Cyber Defense.
• Document/update a Cyber Response plan or guideline to complement Business or Country Crisis Management Plans and support Crisis Management Team training.

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.