A Senior Application Security Architect (SASA) is one of the key positions in CISO technology IS organization. A SASA is required to assess and manage IS related technology risks and provide compliance guidance per Citi IS and application security standards and provide subject matter expert (SME) support to Technology Development Units in their development Lifecycle.
The Enterprise Infrastructure Operations and Technology (EIO&T) IT Information Security Team is responsible for managing risk and providing controls, compliance guidance, and IS support to developers of technologies by ensuring compliance with Citi standards, policies, and procedures, liaising with corporate IS and driving secure software development lifecycles.
The team needs to expand its capability as it relates to Public Cloud (Amazon AWS, Google, Microsoft, etc.) to ensure security requirements are assessed early in the development lifecycle and architecture/design of the application incorporates required security measures. The SASA must have strong technical acumen and the soft skills necessary to establish working relationships with application managers, domain architects, project managers, corporate IS and other disciplines.
You will join an experienced team of IS specialists that have been tasked with performing threat modeling exercises and proposing technical controls for our top most critical applications and architectures to ensure that they are highly resilient from Internet-borne threats. You will work on some of the most cutting edge technologies and provide value by solving real world problems that our industry as a whole is facing. Your key stakeholders will be application development teams, our internal vulnerability assessment teams and the IS organization as a whole.Responsibilities:
Key responsibilities for this role will be
- Work with the internal Applications Development function to drive the development of strategies and plans for improving both architecture and application security
- As part of proactive risk management agenda, engage in the initial security requirements definition cycle and conduct security reviews including Secure SDLC testing requirements throughout the development lifecycle for applications deployed on premise/ in cloud.
- Establish and drive the strategic direction for the Cloud security framework through partnerships with cloud engineering, operations and business.
- Maintain IS risk management framework and perform assessment of applications for emerging areas cloud security, Blockchain, etc.
- Assist with responsibilities over the technical strategy for an area, technical integrity of process, operations, and associated results
- Participate in the evaluation and selection of applications and systems with specific focus on IS implications
- Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
- Identify new requirements / enhancements to information security standards, and processes
- Evaluate and recommend new and emerging vendor products and technologies to mitigate cyber risks
- Conduct and facilitate security reviews and table-top/red-team/scenario analysis exercises in conjunction with other Subject Matter Experts by monitoring changes in the risk profile and exposure for the application
- 10+ years of relevant experience (5+ in cloud technologies)
- Proven experience as Application Security Architect or Application Architect with Security knowledge is preferred
- Must be familiar and experienced in threat modelling practice for application or IT security
- Ideally candidate who has worked for a similar organization, with 5+ years of experience as application security consultant / security architect, with expertise in application security, cloud security, Blockchain, and Machine Learning projects
- Must have SME level knowledge of designing and implementing security guardrails for deploying applications in public Cloud environment (e.g. AWS, Google Cloud, Microsoft Azure)
- Strong knowledge and experience with security assessment of Blockchain
- Thorough understanding of industry and corporate technology standards for Information and Application Security
- Strong understanding of information security and risk analysis processes, including threat modeling.
- Software development experience is a plus
- Demonstrated ability to take ownership and work with cross functional teams to manage multiple projects simultaneously under pressure
- Advanced analytical and problem solving skills
- Consistently demonstrates clear and concise written and verbal communication as well as presentation skills for interaction with Sr leaders in Technology and business.
- Proficient in interpreting and applying policies, standards and procedures
- Industry certification such as CISSP, CCSP, and other vendor certification are highly preferred
- Bachelor's degree/University degree or equivalent experience
- Master's degree preferred
-------------------------------------------------Job Family Group:
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi
View the "EEO is the Law
" poster. View the EEO is the Law Supplement
View the EEO Policy Statement
View the Pay Transparency Posting