Cyber Security Fusion – Red Team Governance VP C13 (Hybrid)
The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients' and our proprietary data. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the Firm and is deeply integrated into the sectors and functions.
Citi maintains two Cyber Security Fusion Centers (CSFCs) across the United States and Asia to act as its information and crisis response hub in its mission to strengthen Citi's resilience to cyber-attacks.
Organizational Mission:
As the leading global bank, Citi has a heightened responsibility to keep its customers safe. The Cybersecurity Fusion Center (CSFC) is on the front lines of that effort. The CSFC coordinates Citi’s cybersecurity organizational response to protect Citi and its customers from cyber threats.
Citi is at the forefront of Cyber Fusion in financial services and leverages a data-driven, “technology first” approach to determine, inform, respond to, and govern overall cybersecurity threats to Citi.
Team Mission:
The Governance Function within the Fusion Center is a new function that is underpinned by a comprehensive Governance Framework to measure, monitor and report Cyber Security Operational risk to internal stakeholders, appropriate supervisory groups, and regulators. This organization acts as the liaison for the CSO organization with other internal risk functions and external risk related activity.
This function regularly interfaces with Citi seniors, regulators, and supervisory groups on topics of cybersecurity, Red Team exercises, etc. One of the functions performed by this team is project management and coordination of regulatory and internal driven penetration testing (Red Team testing).
This individual is expected to act as an escalation point to CSFC leadership across all ongoing exercises and help to manage the overall book of work. More broadly, this individual will play a pivotal role in partnering with the CSFC Governance Lead to further design and implement future state goals and objectives of the Governance Framework.
Responsibilities:
Exercise execution
- Coordinate Red Team confidential testing operations that emulate a threat actor (either Citi’s internal Red Team or a Red Team service provider) that attack Citi’s cyber defenses
- Manage multiple teams’ efforts to assess courses of action to meet exercise testing objectives while considering potential risks to Citi when making recommendations to senior cybersecurity leadership
- Coordinate testing execution, including generating project updates, summarizing decision points, and leading regular meetings with the project team, Red Team, and support personnel
Exercise planning
- Partner with Red Team to define and develop scope and objectives of the exercise
- Identify and establish exercise engagement model
- Partner with Citi’s Red Team to validate testing scenarios and capabilities that accomplish leadership’s strategic testing goals
Exercise reporting
- Coordinate technical validation and leadership review of Red Team reports detailing testing results and potential areas of improvement
- Partner with problem management and project management teams to ensure Red Team observations are researched and remediated
Program management
- Incorporate and review regulator testing framework updates in Citi’s Red Team procedures and standards
- Maintain strategic testing roadmap, incorporating senior leadership’s testing goals to further strengthen Citi’s cybersecurity defenses
- Develop and maintain relationships with Red Team service providers, including onboarding and Citi supplier maintenance tasks
- Ensure Red Team testing complies with Citi’s internal policies and regulatory requirements
Requirements:
- Project management experience
- Demonstrable interest in Red Team activity management
- Working knowledge of regulatory testing frameworks (CREST, C-RAF)
- Cybersecurity industry experience
Qualifications:
- 7+ years of relevant experience
- Certifications or willingness to earn within 12 months of joining
- Working knowledge in one or more of the following areas: Advanced Persistent Threat, Third Party Risks/Threats, Cybercrime, Extremist Groups and Cyber Terrorists, Hacktivism, Distributed Denial of Service attacks, Fraud, Malware, Mobile Threats
- Consistently demonstrates clear and concise written and verbal communication
- Proven influencing and relationship management skills
- Proven analytical skills
About Citi:Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.
-------------------------------------------------
Job Family Group:
Technology-------------------------------------------------
Job Family:
Information Security------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Primary Location:
Irving Texas United States------------------------------------------------------
Primary Location Salary Range:
$121,560.00 - $182,340.00------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the "EEO is the Law" poster. View the EEO is the Law Supplement.
View the EEO Policy Statement.
View the Pay Transparency Posting