This job has expired and you can't apply for it anymore. Start a new search.
Citi logo
Company Name:
Approximate Salary:
Not Specified
Tampa, Florida
United States
Position type:
Experience level:
Education level:

Application Security Specialist Technical Information Security Officer (TISO)

Primary Location: United States,Florida,TampaOther Location: United States,Florida,Jacksonville; United States,Texas,IrvingEducation: Bachelor's DegreeJob Function: TechnologySchedule: Full-timeShift: Day JobEmployee Status: RegularTravel Time: NoJob ID: 18011993


The Chief Technology Office (CTO) Information Security Team is responsible for managing application security risks and providing necessary support to Technology teams.
The Technical Information Security Officer plays a key role in ensuring compliance with Citi's Information Security standards and policies.
The CTO is a global organization with major presence in North America, LATAM, EMEA and ASPAC region.

Job Description:

The Technical Information Security Officer Application Security Analyst will work with the system development areas to ensure proper technology risk considerations are addressed at each phase of the system development life cycle (SDLC) and provide proactive solutions to correct exposures or mitigate risk.
Interpret security standards, procedures, and guidelines for multiple platforms and diverse environments (e.g.
client server, distributed, mainframe, etc.) in designing solutions, recommending enhancements or defining mitigating controls to existing systems.
The individual should demonstrate an understanding of application security and will exercise judgment within existing practices and policies.

Perform information security risk assessment on new applications and changes to applications

Reports IS gaps to IT as applicable with appropriate recommendations

Create corrective action plans for non-compliant issues working with application development team

Recommend security solutions according to Security Policy and Practices established by Citigroup

Promote awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to IT

Establish and maintain relationships with domain architects, project managers, and others within the technology development unit.

Engage in the initial requirements definition (including analysis of threats and risks and alignment with Citi IS and Architecture standards)

Conduct threat modeling and architecture risk analysis, including Secure SDLC testing requirements throughout the development lifecycle

Facilitate \"table-top\"/red-team/scenario analysis exercises in conjunction with other SME's

Plan the resolution of any identified vulnerabilities/issues

Security review of applications including responsibility for driving requirements definition and risk analysis

Facilitate and support threat/architecture reviews and scenario analysis/red team/tabletop exercises

Identify enhancements to IS tools, standards, and processes

Provide SME support to projects and programs

About Citi:

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions.
Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.

Citi s Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it.
Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress.
We strive to earn and maintain our clients and the public s trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve.
Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.

Diversity is a key business imperative and a source of strength at Citi.
We serve clients from every walk of life, every background and every origin.
Our goal is to have our workforce reflect this same diversity at all levels.
Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop to are widely available to all.



Bachelor s degree required or equivalent work experience

5+ years of Information Security Knowledge of Information Security, IT Risks and Controls assessment

Application Security risk assessment experience required

Good understanding of the Information control areas including Authentication, Authorization, Access Control, auditing, cryptography for applications

Good Knowledge of OWASP Guidelines for application security

Good Knowledge of software development processes, integration of security assessments in Software development life cycle (SDLC) process, secure coding is desirable

Experience with vulnerability assessment and related risk assessment tools and/or application development experience is a plus

Application development experience is a plus

Experience as application security consultant / penetration tester / security architect

Must have SME level knowledge of web application vulnerabilities and web application business logic flaws and threats

In depth, hands-on understanding and application architectures and technology (including web applications, mobile technology, identity and access management)

Demonstrable experience with mobile application security, HTML5, Web Services assessment, identity management will be highly regarded

Thorough understanding of industry and corporate technology standards for Information and Application Security

Detailed familiarity with code reviews and security hacking tools and techniques

Ability to work with and influence developers, development managers, project managers, technology peers, and business contacts are required

Strong problem solving/analytical skills

Proficient in MS Office products, particularly PowerPoint & Excel

Exhibit strong influencing / negotiation skills as well as written/verbal communication skills

Experience working under minimal supervision from management with a strong commitment to team participation

Professional certifications, such as CISSP or willingness to obtain certification within 12-18 months of start date

Associated topics: casino, explosive detection, loss prevention, monitor, public safety officer, safety officer, safety report, security, tsa, university

More Jobs Like This