Director, Head of Permitting
Trust is part of our DNA at Citi. As such we take safeguarding our customer data information very seriously.
The Chief Information Security Office (CISO) is made up of deeply dedicated and talented colleagues who work together to ensure the safety of Citi’s and our clients’ assets and information. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is to continually execute and enhance a global security program that is fully anchored to modern control and security frameworks, fully aligned with the technology of the firm, threat-focused and data-driven, and deeply integrated across all Citi businesses globally.
Being talent-driven, we are focused on attracting and developing diverse and inclusive talent with a high technical skill level. As a member of our team we will provide you with career development opportunities at all stages of your career. Our employees model a passion for protecting Citi, our customers and clients, and believe in treating others with dignity and respect.
The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients' and our proprietary data. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.
A strong enterprise cybersecurity architecture organization is necessary to enable Citi businesses to operate safely. The Enterprise Cyber Security Architecture organization is responsible for implementing a robust enterprise security architecture practice to ensure Citi is reducing the risk to all threat surfaces with the right capabilities and controls and continuously progressing towards a target state. A key element of this practice is to ensure that each program, project and investment at CITI is fully compliant with the Enterprise Cyber Security Architecture as represented by properly issues Permits to Build, Design and Deploy.
This role entails developing and operationalizing the Enterprise Security Architecture into the Architecture Review Board Permitting Processes across Citi’s lines of businesses. This will ensure that CITI stays protected and is continually reducing cyber risk, while automating development and deployment. This role requires a broad and deep understanding of cyber threats, vulnerabilities, threat models, protection frameworks, and mitigation methods across all cyber security domains.
The successful candidate will be adept at successfully evaluating and ensuring technical solutions meet or exceed security architectures and design patterns. They will interpret, assess, and compile architectural deficiencies and other gaps in controls into a balanced understanding of the cyber risk of a complete solution. They will interpret and compile vulnerabilities into a balanced understanding of the cyber risk of a complete solution. They will also be able to successfully offer mitigations and alternative solutions that reduce risk. The successful candidate will be able to personally deliver these functions at the expert level, establish processes and procedures that achieve these goals at the team level, as well as lead managers of teams performing these functions.
Strong cyber security experience is also essential to ensure that security requirements are successfully enforced with each Permit issued. This role reports to the Enterprise CyberSecurity Architecture Head.
Roles and Responsibilities:
- Develop and implement the processes and procedures that ensure the Enterprise Security Architecture is properly incorporated into each Permit to Design, Build, and Deploy issued by CITI’s 4 business-led Architecture Review Boards (ARBs). This review and control process is large in scope, as the ARBs cover all of CITI’s information technology programs, projects and initiatives.
- Develop and maintain security architecture standards to ensure best utilized for issuance of Permits to Design, Build and Deploy.
- Ensure codification of controls/patterns to drive simplification and agility.
- Maintain continued and strong awareness of threats, vulnerabilities, mitigations, and attack frameworks through close collaboration and partnering with Citi’s Threat Intelligence, Security Operations and Fusion Center teams, as well as Citi’s Business Technology and Information Security Organizations.
- Assess gaps between proposed solutions and Citi’s Enterprise Security Architecture. Work closely with business, development and Arch teams to ensure gaps are noted and closed in a timely manner.
- Working with CITI’s Cyber Security Lab, identify and support innovation in capabilities necessary to fill critical capability gaps.
- Interface and support Citi’s Architecture Review Boards, Security Architecture Council, Steering Committee, and Working Groups building strong rapport across teams.
- Support Citi’s adoption of cloud continuum and holistic digital transformation.
Required Skills and Competencies:
- Bachelor’s degree in relevant subject or equivalent work experience
- 15+ years of relevant cybersecurity and/or IT experience
- Proven SME level knowledge of designing and implementing security reviews
- Thorough understanding of industry and corporate technology standards for cyber security
- Familiarity with common Threat Modeling frameworks, e.g., STRIDE, PASTA.
- Familiarity with standard Enterprise Architecture and Security Architecture frameworks, e.g., TOGAF, SABSA, NIST
- Experience developing and enforcing cybersecurity and IT architectures
- Demonstrated ability to take ownership and work with cross functional teams to manage multiple projects simultaneously under pressure
- Advanced analytical and problem-solving skills
- Consistently demonstrates clear and concise written and oral communication as well as strong presentation skills to both technical and non-technical audiences.
Job Family Group:Marketing
Job Family:Marketing Program Management
Time Type:Full time
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the EEO Policy Statement.
View the Pay Transparency Posting
Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.
加入我們超過 200,000 人實力堅強的多元化團隊
熱心公益的員工在 90 個國家/地區的社區擔任志工
在超過 98 個市場擁有實體據點，提供富有意義的工作機會