Job Description

Summary

The Application S&S Lead is a position responsible for accomplishing results through the department to establish and implement new or revised application systems and programs in coordination with regional business and technology Bank teams.

The overall objective of this role is to

Identify and act on opportunities to improve and update application software, data and systems.

Improve and update micro services and APIs that power Citi digital channels like Mobile, Internet banking and open banking partners, using latest cloud native technologies and frameworks and ensuring to maintain its within EOVS.

Ensure compliance with Citi's system development lifecycle and information security requirements

Implement and maintain security controls to meet the requirements outlined by Info-Security.

Application S&S Lead

Utilize in-depth Info-Security knowledge and skills across multiple Applications product domain areas to provide oversight, formulate strategies to ensure compliance.

Manage operation, maintenance, versioning and upgrading of application(s) hardware and software throughout its lifecycle.

Serves as key player in the implementation of security governance, risk, compliance program across applications.

Develop comprehensive knowledge of how areas of compliance impact the business area through monitoring delivery of end results

Appropriately assess risk and controls when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.

Review and Analyze proposed mitigation solutions for info-security issues by thorough understanding of integration with upstream or downstream touch points.

Good understanding of technology stack, Backlog management.

Should be a team player.

Excellent Analytical skill to navigate unstructured problems and define solution

Excellent communication & negotiation skill to manage the Business stakeholders.

Actively participate in the training process to improve your skills, knowledge of software & Citi applications.

Duties:

Track and maintain hardware and software inventories across applications being managed.

Track and remediate code quality issues /application vulnerabilities leveraging agreed upon action plans and timelines with responsible technology partners and application teams

Implements the required user access policies.

Should be able to produce evidence in the form of logs, reports, document for Audits and SLAs with various teams.

Roles & Responsibilities:

Application Management

Manage and keep application hardware and software inventories up to date and ensure continuous data quality is upkept and applications are not End of Version/ End of Life.

Ensure all compliance activities (ARR/ ARP/ Entitlement Feeds/ Export Licensing Agreement/ COB/ Compliance VA/ Critical Data Asset/ Sensitive Data Management Attestations/ ID Management & Reviews/ Scans & Patches) are performed timely within defined SLA.

Application Information Security and Code Quality Governance

Identify, assess, track and mitigate issues and risks at multiple levels (software, third party components/ libraries, servers). Determine if success metrics are in place and if not, work to define them.

Drive outstanding safety and soundness items (CAMP) across all teams to closure and turn it around to become prevention instead of reacting to issues.

Manage partnership with TISO, BISO, PMO, Risk and Compliance team ensure that the application is delivered within the defined quality and timeline

Analyze, fix, build / configure and implement applications to address infosec/code quality/VA issues and ensure no repeat findings by ensuring checklist and updating knowledge base.

Oversee information security entitlements & compliance training adherence

Prepare, Represent, Present S&S metrics in CIO governance forum

Involve and support application audits by coordinating with Risk & Control Tech team (entitlement reviews)

Closely interact with the Risk & Control Tech team to proactively ensure controls and compliance

Track & Ensure all application CSI has met with CoB testing needs

Single point of Contact for Technology mandatory changes wrt Sizing &Project Prioritization

Qualifications:

8+ years of relevant experience in the Financial Service industry understanding full SDLC cycle across various banking domains. Exposure to Citibank system knowledge preferred.

Ability to understand technical infrastructure, including a deep understanding in application operations in info-security area.

Expertise in Risk Management of Info-security issues and has good experience in working out a resolution with documented Corrective Action Plan or Business Risk Exceptions.

Formulates CAP/RE with proper milestones and track it meticulously with no milestone overdue and ensure CAP/RE Closure well before due date.

Consolidation of info-security items across Applications from Risk/Audit/Compliance perspective and presentation to Sr. Mgmt with resolution plans.

Expertise in sizing of Info-Security & Tech Mandate changes and and demand fitment in release.

Good understanding in Vulnerability Assessment from Project and Annual Compliance perspective across Application & Infrastructure.

Hands on experience in VA Management wrt Planning, Scheduling, Vendor Engagement, Test Data Preparations, Purchase Order Releases, Execution, Report Generation, Closure of VA Execution formally and then Tracking Issues to closure.

Education:

Bachelor's degree/University degree or equivalent experience

Master's degree preferred

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Job Family Group:
Technology

Job Family:
Digital Software Engineering

Time Type:
Full time

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .

View the " EEO is the Law " poster. View the EEO is the Law Supplement .

View the EEO Policy Statement .

View the Pay Transparency Posting