Job Description

The Security Solutions Architect (SSA) is a senior-level CISO professional and this position supports the Institutional Client Group (ICG) sector. The SSA works as a trusted security advisor to the ICG Application Development and Engineering teams to ensure solutions are developed in line with security requirements, architecture principals as well as policy/standards, and facilitate security-related discussions. The SSA will engage with stakeholders throughout the system development lifecycle to ensure proper technology information security risk considerations are addressed at each phase of the system development life cycle and provide proactive solutions to remediate or mitigate risk. The individual should demonstrate an understanding of application security and will exercise judgment within existing practices and policies.
You will join an experienced team of IS specialists that have been tasked with performing Is assessments including threat modeling and proposing technical controls for our business critical applications. You will work on some of the most cutting-edge technologies and provide value by solving real world problems. Your key stakeholders will be application development teams, product, the CISO, Risk and Control partners.
Responsibilities:

• Plan, research, and design security architecture for IT systems and applications (internally developed as well as vendor supplied) for processing multiple classification levels of data on prem, and cloud.
• Determine the security controls for above, document appropriately and partner with IT architecture/development stakeholders to implement during early in system development life cycle
• Perform security architecture and risk assessment of internally developed or acquired IT systems and applications using best practices including threat modelling. Ensure that security design and controls are consistent with organization\'s security architecture principals.
• Provide security recommendations including automated controls, configurations on projects, processes, risk exceptions, corrective action plans, and risk reduction initiatives
• Collaborate with the internal and external technology teams to drive the development of strategies and plans for improving both architecture and application security
• Establish relationships with cross-functional areas including Business, Technology, and Compliance stakeholders and serve as a SECURITY subject-matter expert
• Promote awareness and provide consistent interpretation of security policy to technology and business teams
• Manage risk by analyzing the root cause of security issues, determining compensating controls, and driving remediation
• Support Global Information Security policies, standards, and initiatives development and implementation by representing in different Citi action groups such as Delegated Action Groups (DAG).
  

Qualifications:

• Good understanding of Information security domains such as Identity access management, Cryptography, Data protection, Application Vulnerability Assessment, Audit Logging/Monitoring, etc.
• 7+ years of Application Security and/or Information Security experience in areas of IT is required
• Experience as Security Architect or Application Architect with Security Knowledge is required
• Good knowledge of software development processes (SLDC/Agile/Iterative/DevOps)
• Good understanding of IT Security frameworks such as NIST SP-800, ISO 27001 required and Industry attestations like SWIFT CSP, target 2, CHAPs will be a plus
• Experience of delivering security solution architecture from end-to-end.
• Threat modelling using industry standard methodologies (e.g. STRIDE/DREAD)
• Experience developing Reference Security Architecture and Design Patterns to support proactive and automated controls
• Security architecture assessments for one or more IT systems such as Web, Mobile, APIs/Microservices, Cloud (AWS/GCP/Azure/Oracle)
• Must be proficient in applying application security knowledge to improving security in software development phases such as requirements, test cases, assessment, remediation.
• Industry certification such as CISSP, CCSP, and other vendor certification are highly preferred
• Strong inter personnel skills and ability to influence outcomes in the collaborative environment
• Strong communication skills interacting with senior technology and business management
• Ability to prioritize in multi-task environment
• Strong problem solving/analytical skills
• Proficient in MS Office products, particularly PowerPoint & Excel

This position is required to work in the office based on company policy. About Citi Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Additional information may be found at www.citigroup.com | Twitter: @Citi | YouTube: www.youtube.com/citi | Blog: http://blog.citigroup.com | Facebook: www.facebook.com/citi | LinkedIn: www.linkedin.com/company/citi. - Job Family Group: Technology - Job Family: Information Security - Time Type: Full time - Citi is an equal opportunity and affirmative action employer. Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Citigroup Inc. and its subsidiaries ("Citi\xe2\x80\x9d) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi. View the "EEO is the Law" poster. View the EEO is the Law Supplement. View the EEO Policy Statement. View the Pay Transparency Posting