Job Description

Description:

A Senior Application Security Architect (SASA) is one of the key positions in CISO technology IS organization. SASA is required to assess and manage technology risks and provide compliance guidance per Citi IS and application security standards and provide SME support to Technology Development Units in their development Lifecycle.

The ICG Technology Information Security Team is responsible for managing risk and providing controls and compliance guidance and support to Technology Development Units by ensuring compliance with Citi standards, policies, and procedures, liaising with corporate IS and driving secure SDLC initiative for Institutional Client Group (ICG) sector. The team needs to expand its capability to ensure security requirements are assessed early in the development lifecycle and architecture/design of the application incorporates required security measures. The SASA will have strong technical acumen and should establish relationships with application managers, domain architects, project managers and corporate IS and other disciplines.

You will join an elite team of some of the smartest minds in the business that have been tasked with advancing cybersecurity agenda for the firm. He/she will be performing threat modeling for our key business applications and shape DevSecOps strategy as well as drive across ICG. You will work on some of the most cutting edge technologies and provide value by solving real world problems that our industry as a whole is facing. Your key stakeholders will be application development teams, our internal vulnerability assessment teams and the IS organization as a whole.

Responsibilities:

Key responsibilities for this role will be

• Work with the internal Applications Development function to drive the development of strategies and plans for improving both architecture and application security
• As part of proactive risk management agenda, engage in the initial security requirements definition cycle and conduct security reviews including Secure SDLC testing requirements throughout the development lifecycle for applications deployed on premise/ in cloud.
• Establish and drive the strategic direction for integrating security testing as integral part of CICD framework through partnerships with build  engineering team and Vulnerability Management team.
• Establish security testing strategy in DevSecOps and track application maturity with the developed framework, be a Champion and help application development teams effective incorporate the security of their software early in the SSDLC.
• Maintain IS risk management framework and perform assessment of applications for emerging areas such as Containers, microservices.
• Assist with responsibilities over the technical strategy for an area, technical integrity of process, operations, and associated results
• Participate in the evaluation and selection of applications and systems with specific focus on IS implications
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm’s reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
• Identify new requirements / enhancements to information security standards, and processes
• Evaluate and recommend new and emerging vendor  products and technologies to mitigate cyber risks
• Conduct and facilitate security reviews and table-top/red-team/scenario analysis exercises in conjunction with other Subject Matter Experts by monitoring changes in the risk profile and exposure for the application

Qualifications:

• 10+ years of relevant experience
• Proven experience as Application Security Architect or Application Architect with Security knowledge is preferred
• Must be familiar and experienced in threat modelling practice for application or IT security
• Ideally candidate who has worked for a similar organization, with 5+ years of experience as application security consultant / security architect, with expertise in application security, Security testing in Agile lifecycle or DevSecOps initiative.
• Must have SME level knowledge of designing and implementing security scanners and tool integration in build pipeline and related reporting flows.
• Strong knowledge and experience with security assessment of containers and micro service architectures.
• Thorough understanding of industry and corporate technology standards for Information and Application Security
• Strong understanding of information security and risk analysis processes, including threat modeling.
• Software development experience is a plus
• Demonstrated ability to take ownership and work with cross functional  teams to manage multiple projects simultaneously  under pressure
• Advanced analytical and problem solving skills
• Consistently demonstrates clear and concise written and verbal communication as well as presentation skills for interaction with Sr leaders in Technology and business.
• Proficient in interpreting and applying policies, standards and procedures
• Industry certification such as CISSP, CCSP, and other vendor certification are highly preferred

Education:

• Bachelor’s degree/University degree or equivalent experience
• Master’s degree preferred

————————————————-

Job Family Group:

Technology

————————————————-

Job Family:

Information Security

——————————————————

Time Type:

Full time

——————————————————

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries (“Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the “EEO is the Law” poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting

How to Apply

Job Types: Full-Time.

173 total views, 0 today

Apply for this Job