Job Details

ID #8486083
State New Jersey
City Rutherford
Job type Permanent
Salary USD TBD TBD
Source Citigroup
Showed 2021-01-23
Date 2021-01-23
Deadline 2021-03-24
Category Et cetera
Create resume

Information Security Operations Senior Manager (SVP)

New Jersey, Rutherford, 07070 Rutherford USA

Vacancy expired!

Description:The position is a cross-functional role that will be responsible for various Application Security program initiatives. The position reports directly to the Application Security Program Director. The successful candidate must be an individual who understands modern software development trends, understands engineering-led software security practices, and keeps up with the ever evolving cyber security threat landscape. The successful candidate will liaise with internal groups and our regional partners to ensure that program deliverables are met.

Success in the role requires an innovative mind, a proven track record of delivering solutions that meet security needs, integrate application security into our DevOps pipeline, automate security as code and enable successful detection and response to any and all threats in our environment. The individual will work closely with SSDLC program to contribute to defining application security testing standards and policies. Responsibilities include defining testing services and methodologies (be they tool-based and/or manual) in the early SSDLC lifecycle. The primary focus will address testing needs within development organizations striving for continuous deployment and using automated security tooling including SAST, DAST and SCA. Within his/her leadership role, this individual is expected to mentor team members, set direction and lead execution of services as a hand-on participant.

Key Responsibilities:The candidate will be responsible for the aspects of the Application Security Program initiatives including but not limited to the following:
  • Establish/manage multiple security programs that support the security testing requirements at the bank
  • Forging and maintaining strong working relationships with development functions/teams, product delivery teams, project management, third party management, enterprise architecture, audit teams, etc.
  • Participate in security and technology strategic planning to ensure identified risk governance is incorporated into the CISO enterprise strategy.
  • In partnership with business sectors, run delegate action groups to provide recommendations to strengthen development processes and security testing
  • Appropriately assess risk and provide software security advice when business decisions are made
  • Interface with Application Security Program Team to oversee Program Projects and Initiatives and make strategic recommendations to senior manager on standards and policy changes
Qualifications
  • Experience or deep knowledge of key activities within software security group such Threat Modeling / Application Risk Assessment, Vulnerability Assessments, Governance and Metrics, Training, etc.
  • Pre-requisites for this position are a Bachelor's Degree with 4 - 6 years' experience in web application development or application code review
  • Experience must include experience as a technical lead or manager
  • Knowledge of cloud computing concepts and DevOps tools (OpenShift, Kubernetes, Docker, Chef, etc)
  • Experience using or testing cloud platforms (AWS, Google, Azure, etc) and security in/of the cloud
  • Understanding of security, web-based and infrastructure vulnerabilities is required
  • Experience in sour code management,build and deployment technologies such as RLM, Ueploy, Jenkins, Artifactory, Maven, GitHub, etc
  • Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience.
  • Understanding of Checkmarx, AppScan Source, Fortify, Veracode, Sonatype or Black Duck platform is a plus.
  • Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.
  • Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management are also essential.
  • Demonstrated knowledge of recognized security industry standards and leading practices (e.g., FFIEC, NIST, C2M2, ISO)
  • Relevant professional certifications: GIAC, CISA, CISM, CRISC, CISSP or equivalent desiredEffective strategic planning and execution abilities with exceptional planning, organizaDemonstratvanced and functional understanding of Security industry operations, technologies and sses.
Education:
  • Bachelor s degree/University degree or equivalent experience
  • Master s degree preferred

-Job Family Group: Technology-Job Family:Information SecurityTime Type:

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi ) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.View the EEO Policy Statement.View the Pay Transparency Posting

Vacancy expired!

Subscribe Report job