About Our Team:
The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to end program - one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.
Position Overview:
The Enterprise Security Architect for Artificial Intelligence (AI) is a senior individual contributor position responsible for defining the strategic direction and designing secure architectures for Citi's enterprise IAM program and the secure adoption, development, and deployment of advanced AI/ML technologies, including agentic AI systems. This role involves developing robust security policies, guiding secure architecture across various IAM systems, and ensuring the comprehensive security and trustworthiness of AI/ML platforms and applications, from data ingestion to model deployment and operational monitoring.
The architect will specifically focus on securing the lifecycle of AI, including mitigating risks associated with agentic AI's autonomous decision-making, multi-agent interactions, and continuous learning capabilities. This role requires deep expertise in AI security, ethical AI principles, and compliance with evolving regulatory standards. The architect will collaborate with cross-functional teams, mentor security professionals, and drive innovation in security testing, AI model validation, and governance. Strong leadership, strategic planning, and a deep understanding of emerging threats, risk management, and the unique security challenges presented by advanced IAM and AI paradigms are essential.
Responsibilities:- Leadership
- Partner, coach and functionally lead IT, engineering, development, data science, and business teams through collaborative design discussions focused on IAM and comprehensive AI security, including agentic systems.
- Educate internal and external clients on security risk, best practices, and the secure, ethical implementation of IAM and AI.
- Vision and Strategy
- Define and lead the security strategy for enterprise-wide Identity and Access Management, including identity lifecycle, authentication, authorization, privileged access management, and directory services, with a focus on Zero Trust principles and regulatory alignment.
- Establish and evolve the comprehensive security strategy and architectural guidelines for all AI/ML initiatives, ensuring the secure and ethical design, development, deployment, and operation of AI systems, models, and data. This includes specific considerations for securing agentic AI architectures, their interaction protocols, decision-making integrity, and control mechanisms.
- Develop strategies for AI risk management, addressing concerns related to data privacy, model bias, explainability, adversarial attacks, and the secure integration of AI into critical business processes.
- Architecture and Innovation
- Develop and maintain IAM reference architectures, playbooks, and control frameworks tailored to the bank's technology stack, third-party oversight obligations, and global regulatory landscape.
- Architect secure, scalable, and resilient IAM solutions for workforce, customer, and partner identities, encompassing identity federation, single sign-on (SSO), multi-factor authentication (MFA), privileged access management (PAM), and robust access governance across diverse environments.
- Develop and maintain advanced AI security reference architectures, trust frameworks, and best practices for securing the entire AI/ML lifecycle. This includes:
- Data Security: Ensuring the integrity, confidentiality, and provenance of training and inference data.
- Model Security: Protecting models from adversarial attacks (e.g., evasion, poisoning), ensuring model integrity, interpretability, and robustness.
- Platform Security: Securing AI/ML development and deployment platforms (e.g., MLOps pipelines, data science environments).
- Agentic AI Security: Architecting security for autonomous AI agents, including secure communication between agents, trustworthy decision-making frameworks, verifiable audit trails for agent actions, and mechanisms to prevent unintended or malicious behavior in multi-agent systems.
- Partner with engineering, platform operations, data science, and enterprise architecture teams to embed IAM security and comprehensive AI security throughout service lifecycles - from ideation through production.
- Engineering and Integration
- Integrate advanced security controls into IAM platforms and AI/ML development, deployment, and operational workflows (e.g., MLOps), driving secure-by-design principles for identities, access, data, and AI systems.
- Automate security testing, policy enforcement, and compliance checks within IAM provisioning, access governance processes, and AI model development and deployment pipelines.
- Implement security measures for monitoring and controlling agentic AI behavior, including anomaly detection for agent actions, secure orchestration of agent workflows, and ensuring auditable decision processes.
- Governance and Compliance
- Ensure compliance with banking regulations including GLBA, SOX, FFIEC, PCI-DSS, NYDFS, OCC cybersecurity guidelines, GDPR, CCPA, and emerging AI regulations (e.g., EU AI Act, NIST AI Risk Management Framework). Integrate security architecture into audit and regulatory programs for both IAM and AI.
- Establish robust governance frameworks for identity management, access controls, and AI risk management, including ethical AI considerations, bias detection and mitigation, data lineage, explainable AI (XAI), and accountability frameworks for AI systems, particularly autonomous agents.
Qualifications:- 15+ years of experience in cybersecurity, with 5+ years in enterprise security architecture focused on comprehensive Artificial Intelligence security.
- Demonstrated success leading security architecture for financial services, banks, or other highly regulated industries.
- Technical expertise in enterprise IAM solutions (e.g., Okta, Azure AD, Ping Identity, SailPoint, CyberArk), identity protocols (e.g., OAuth, OpenID Connect, SAML, SCIM), directory services, and advanced access governance.
- Strong command of AI/ML concepts, MLOps practices, data science platforms, and extensive experience in securing the entire AI/ML lifecycle, including:
- Data security (data at rest, in transit, and in use within AI systems).
- Model security (adversarial machine learning, model poisoning, model extraction, integrity validation).
- Secure development and deployment of AI models and applications.
- Specific experience with agentic AI systems, multi-agent architectures, and securing their autonomy, interactions, and decision-making processes.
- In-depth knowledge of AI ethics, fairness, transparency, and explainability principles and their practical application in security architecture.
- Experience with regulatory audits and control frameworks (e.g., NIST 800-53, ISO 27001, FFIEC CAT, NIST AI RMF), specifically as they apply to IAM and AI.
- Proven leadership in cross-functional teams, architecture review boards, and strategic planning sessions.
- Excellent communication and presentation skills, with the ability to engage both technical and executive audiences.
- Preferred certifications: CISSP, CISM, Certified Identity and Access Manager (CIAM), Certified Data Privacy Solutions Engineer (CDPSE), AWS/Azure/GCP Security certifications (with an emphasis on identity, data, and AI services), relevant AI/ML security certifications (e.g., AICertified AI Security Engineer).
- Consistently demonstrates clear and concise written and verbal communication
- Management and prioritization skills
- Ability to develop working relationships
- Ability to manage multiple activities and changing priorities, work under pressure to meet tight deadlines
- Self-starter with ability to take the initiative and master new tasks quickly
- Methodical, attention to detail
Education:- Bachelor's/University degree or equivalent experience, potentially Masters degree
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
Job Family Group: Technology
Job Family:Architecture
Time Type:Full time
Primary Location:Irving Texas United States
Primary Location Full Time Salary Range:$170,000.00 - $300,000.00
In addition to salary, Citi's offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.
Most Relevant Skills Please see the requirements listed above.
Other Relevant Skills AI Architecture, AI for Cybersecurity, Multi-Factor Authentication (MFA), NIST Standards, Privileged Access Management (PAM), Security Compliance Frameworks.
Anticipated Posting Close Date:Jun 22, 2026
