Cyber Defense Analyst
- The cyber defense analyst for Services within the Business, Functions and Technology (BFT) is responsible for maintaining a secure technology ecosystem free from high-risk vulnerabilities and rapidly respond to the changing threat landscape and business demand to mitigate cyber risk for the Services business.
Key responsibilities
- Vulnerability Operations
- Ensure business and technology remain within risk tolerance for all applicable Cybersecurity risk appetites and sustain it with the consistent operating model.
- Enhance current vulnerability management (VTM) operating model in line with BFT Risk Governance organization with Path-to-appetite and reporting.
- Timely escalate to CISO Leadership and Businesses and ensure VTM risk treatment responses are entered in a timely fashion
- Support Vulnerability Organization to improve the quality and integrity of VTM/GEM reports
- Continue supporting vulnerability management Uplift Program activities and reduce risk while reducing stakeholders’ pain-points (data/reporting, false positives, processes).
- Perform root cause analysis of VA Issues and identification of repeated offenders for high risk vulnerabilities
- Security Assessments
- Conduct security reviews to check for security compliance to Bank’s requirements
- Security Incident Response
• Identify areas of repeating SIRT incidents, related trending and work with technology team and ISO contacts in reducing repeat volume instances.• Identify opportunities for improving SIRT workflow efficiencies and developing reporting which better reports on root causes for bringing down repeat instance volumes• Work with SIM and ISO community to facilitate the adherence of SIRT reporting timelines as per defined within SIRT standard, as well as identify deviations and its cause (Project Dixson)• Define and document escalation and response procedures between IR CFSC and Cyber Defense.• Document/update a Cyber Response plan or guideline to complement Business or Country Crisis Management Plans and support Crisis Management Team training.
------------------------------------------------------
Job Family Group:
Technology------------------------------------------------------
Job Family:
Information Security------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Most Relevant Skills
Please see the requirements listed above.------------------------------------------------------
Other Relevant Skills
For complementary skills, please see above and/or contact the recruiter.------------------------------------------------------
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.
If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.View Citi’s EEO Policy Statement and the Know Your Rights poster.