Head of Cyber Architecture - Functions and Technology

About Our Team

The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.

Global Functions Technology  is an important enabler of Citi's strategy, supporting the needs of Finance, Risk, Compliance, HR, and other regulatory requirements. It's mission is to deliver world-class technology solutions for Citi's Global Functions using common data, analytics, and platforms.

Citi's Technology Infrastructure services cover 14 functions from End user services, Compute/Network/Storage/Data, Public/Private Cloud, Data Center hosting, Mainframe and Host systems to production operations.

As the Head of Cyber Architecture for Functions and Technology, you will be part of Business, Functions and Technology CISO leadership. You will lead and manage security architecture for strategic and transformational technology initiatives/programs. You will collaborate across business, technology, CISO, and other partners to support these initiatives and help maintain cyber risk within Citi's cyber risk appetite. You will lead and mentor a team of cyber security professionals to deliver a service that represents operational excellence. You will be CISO ambassador and will promote security in IT architecture and engineering functions.

Job Overview:

Key responsibilities include

• Lead and mature security architecture function/practice  that enables business and technology transformation for Global functions and technology 
• Maintain thought leadership  in areas of Cloud, Web/Mobile Applications, Enterprise Technology (Compute, Network, Storage, Data, Collaboration, Cyber Security Tooling, etc.)  
• Engage early in the technology and software  development life cycle. Embed security best practices such as security requirements, threat modelling, secure code review, automated security controls.
• Mature cyber architecture practices (e.g. security blueprints, architecture assessments, automated validations) to accelerate security assurance  activities
• As required, perform security architecture assessments and deep dive into security controls.
• Perform root cause analysis on repeat issues, provide short/long term recommendations and drive system risk reduction.
• Act as primary interface with senior leadership in business, technology, CISO and other partners to effectively manage security objectives for large complex initiatives/programs
• Actively mitigates delivery risks and resolve critical issues.
• Mediates stakeholder conflicts and overcome organizational roadblocks.
• Participates in creating effective and efficient processes and governance
• Works with program teams to agree on key milestones / deliverables and quantitative progress metrics where applicable.
• Actively mitigates delivery risks and resolve critical issues.
• Lead, mentor and develop a team of cybersecurity architects/engineers/information security analysts to promote excellence, diversity, inclusion, and manage delivery with commitment to ethical standards.
• Be security advocate to enable software development and technology teams to practice security architecture in their day to day activities
• Promote security culture in business and technology partners enabling secure product delivery for clients. Keep oneself appraised of emerging technology and changing threat landscape. Advise business and technology stakeholders on the appropriate course of action, promoting security as an enabler for business innovation and digitization.
• Build internal and external networks to ensure alignment with industry best practices, and to maintain current knowledge regarding cybersecurity threats and risks.

Qualifications include:

• 15+ years of IT experience
• 10+ years of experience leading security architecture and/or security engineering functions for an enterprise scale regulated environment
• Knowledge of security architecture frameworks like SABSA, O-ESASABSA, O-ESA and OSA
• Sound technical expertise and hands on experience in technology and security in one or more areas such as Public/Private Cloud security (AWS, Azure, Google, Oracle, IBM), Web/Mobile Applications, DevSecOps/CICD, IAM, Application
• Experience in designing, deployment, and adoption of complex enterprise scale IT and security solutions
• Strong track record of successful transformation of security practices and/or operations
• Software development experience in one or more programming languages such Java, Python, C/C+
• Experience in leading a team of cyber architects/engineers and proven track record delivering robust  security solutions for both clients and internal workforce
• Strong interpersonal and communication skills with the ability to  simplify complex information security topics and influence at all levels of the organization
• Demonstrated knowledge of information security standards, rules and regulations.
• Ability to understand not only emerging industry trends as far as cyber security is concerned, but also the landscape of emerging threats, making appropriate adjustments within the program.
• Strong leadership, strategic thinking, and large-scale planning abilities.
• Excellent problems solving abilities and analytical skills; proven ability to effectively drive global teams to meet challenging deadlines solving complex problems.
• Ability to organize, prioritize, and lead multiple deliverables simultaneously across a large highly matrixed, global corporate environment.
• This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Education:

• University degree (Master’s degree preferred) or equivalent experience in IT
• Professional certifications, such as CISSP/CISM/CISA/CSSLP, or relevant security certifications from  AWS/Google/Azure/SANS

-------------------------------------------------

Job Family Group:

-------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Primary Location:

------------------------------------------------------

Primary Location Salary Range:

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting