Cyber Security Fusion Center - Head of Third Party Fusion

The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients' and our proprietary data. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.

Citi maintains two Cyber Security Fusion Centers (CSFCs) across the United States and Asia to act as its information and crisis response hub in its mission to strengthen Citi's resilience to cyber-attacks. 

The functional representatives of 20 co-located teams sit together to transform information on threats from internal and external sources into actionable intelligence to support accountable leadership. The CSFC optimizes Citi's velocity of response, breaks down silos across reporting structures, and creates a unified channel of communications to senior leaders, member teams, and peers. These functions enable the CSFC to serve as the global and cross-business coordinating entity in disrupting threat actors, reducing vulnerabilities and risk, and minimizing any impact from cyber-attacks.Job Description:

The Third-Party Cyber Security Fusion head will be the first member of a newly created team within the Cyber Security Fusion Center. This person will be responsible for building a dedicated team designed to fuse together critical supplier and third-party operations intelligence, cyber analysis, and third-party data to respond to cyber incidents, create a robust and unique risk oversight and build a governance framework for supplier, supply chain and third-party risk at Citi. This organization will also act as the liaison for the CISO organization with other internal third-party teams, external information sharing organizations and industry partnerships.

The person in this role will be responsible for monitoring and managing Citi's response to newly identified third party, supplier, and supply chain risk and will be directly briefing/interfacing with seniors within the CISO organization and beyond.  The person in this role will regularly interface with Citi seniors, regulators and supervisory groups on topics of cybersecurity and third-party risk.

A successful candidate must have the following characteristics: 

• World class knowledge of cybersecurity technologies, policies, and risk assessment/management practices.
• Specific leadership experience of Third-Party risk in a financial institution or large enterprise environment.
• Working knowledge of software security models, modern software development practices and security toolsets.
• Highly analytical vision, problem solving, security architecture & integration
• Excellent communications and presentation skills to influence and shape the image of the Cyber Security Fusion Centre
• Professional/technical direction and strategy

Responsibilities:

• Strengthen Citi’s ability to detect, respond, measure and monitor third party, supplier, and supply chain risk.
• Designing the global vision, strategy, and mission accomplishment of the CSFC Third Party organization
• Work under tight deadlines to handle multiple/detail-oriented tasks  
• Build a strong partnership with both internal teams and external organizations in relation to Third Party risk.
• Engage regularly with audit, compliance, and regulatory bodies globally.
• Lead third party, supplier, and supply chain information and intelligence-sharing initiatives with peers, governments, and sharing organizations world-wide
• Drive continuous improvement of organizational processes and operating model
• Identify areas that can be automated and further optimized and champion projects that enable these improvements
• Ensure that analysis, reporting, and metrics contribute prioritization and focus placed on most critical risks and threats

Qualifications:

• Bachelor's degree in Computer Science, Information Assurance, Computer Security, or equivalent
• Master Degree in a related field is highly desired, or equivalent years of experience
• A minimum of  7 years’ experience forming cyber analytical and/or operational teams
  • And any of the below:
• 5+ years experience in Third party risk practice
• 5+ years experience with Intelligence Fusion
• 5+ years experience leading analysis teams

• Proven expertise in information security incident handling
• Experience with Cyber Intelligence Analysis and Cyber Fusion
• Proven ability to communicate succinctly and directly in oral and written presentations and documents, adhering to length, quality, audience and timeliness constraints.
• Desired certifications include CISSP or equivalent, CEH or equivalent

-------------------------------------------------

Job Family Group:

Technology

-------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting

-----------------------------

Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.