An Application Security Architect (ASA) is required to assess and manage technology risks and provide compliance guidance per Citi Information Security and application security standards and provide support to Technology Development Units in their development Lifecycle.
- The security architect will review CPB’s most critical applications and technology stack from top to bottom.
- Partner with product teams for ensuring new product functionalities are being designed in a manner which does not introduce IS risk.
- Establish CPB Security Framework and Best Practices
- Govern the enforcement of CPB’s Application Security and Security Framework
- Engage in the initial requirements definition (including analysis of threats and risks and alignment with Citi IS and Architecture standards)
- Conduct and facilitate security reviews including Secure SDLC testing requirements throughout the development lifecycle
- Facilitate "table-top"/red-team/scenario analysis exercises in conjunction with other SME's
- Plan the resolution of any identified vulnerabilities/issues
- Security review of applications including responsibility for driving requirements definition and risk analysis
- Facilitate and support threat/architecture reviews and scenario analysis/red team/tabletop exercises
- Identify enhancements to IS tools, standards, and processes
- Provide SME support to projects and programs
- 10+ years of relevant experience
- Experience in implementing projects
- Experience in systems analysis and programming of software applications
- Demonstrated Subject Matter Expert (SME) in area(s) of Applications Development
- Demonstrated knowledge of client core business functions
- Demonstrated leadership, project management, and development skills
- Relationship and consensus building skills
- Bachelor’s degree/University degree or equivalent experience
- Master’s degree preferred.