Generative AI Security Assurance Analyst (Hybrid)
About our Team:
The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.
Citi has an extensive and robust AI program, with strong global partnerships and business activities in progress. We view Generative AI as a significant opportunity, one we want to move quickly and embrace, but also one we want to embed security principles and engineering excellence into early.
The Generative AI Security Assurance Analyst reports into the CISO organization with dedicated functional alignment to Citi’s generative AI enablement group to establish and maintain security assurance for company's adoption of generative AI technology. You will be responsible for analysis of generative AI usage and manage the GRC (governance, risk, and compliance) functions related to generative AI implementation, ensuring compliance with Citi as well as global regulations.
Key Responsibilities -
Governance , Risk and Compliance
- Develop, implement, and manage a comprehensive security assurance measures for generative AI usage across the company.
- Provide thought leadership and creativity to mature generative AI security governance embedding into our existing cyber risk appetite framework
- Stay abreast of relevant global regulations, industry standards, executive memos, analyst views, and technology trends.
- Provide expertise and guidance on the interpretation and implementation of regulatory requirements to CISO functions.
- Drive security assurance maturity through relevant CISO governance framework, policy, standard, and metrics development
- Support business during regulatory examinations, and projects ensuring alignment with regulatory expectation
- Perform security assessments of technology and security solutions enabling generative AI usage across Citi
- Develop, and manage security guardrails for generative AI implementations
- Identify, track, and manage information security issues. Provide remediation/mitigation recommendations and oversee plans to ensure that generative Ai based implementations comply with Citi standards as well as meet regulatory requirements.
- Support Global Information Security policies, standards, and initiatives development and implementation by representing in different Citi action groups such as Delegated Action Groups (DAG).
- Partner with CISO GRC in both leading and supporting capacities to manage generative AI assurance function
- Perform program , and project management functions for CISO generative AI use cases. Ensure successful execution of the various projects under their remit
- Implement, Monitor, and Challenge KRIs and KPIs to help drive program performance
- Interface with CISO functions (Architecture, engineering. SecOps, etc.) , technology, cyber and operational risk management, , Auditors, Regulators, and other stake holders to communicate and manage program/project performance
- Build internal and external networks to ensure alignment across programs, industry best practices, and to maintain current knowledge regarding AI/ML/Gen AI information security/cyber developments
Qualifications include:
- 7+ years of Information Security assurance/GRC experience in is required
- 5+ years of program/project management experience for is required.
- Good understanding of information security, AI/Machine Learning/generative AI or data science is required
- Experience or knowledge of business applications leveraging generative Ai is recommended
- Demonstrated knowledge of software development processes (SLDC/Agile/Iterative/DevOps)
- A demonstrated knowledge of information security standards, rules and regulations related to information security and data confidentiality and other various security standards and policies.
- Experience interfacing with regulators and internal audit is required
- Demonstrated experience with cyber engineering and operations, which could include DevSecOps and MLSecOps is a plus
- Ability to keep up to date with technology and security. Make informed decision and appropriate adjustments.
- Ability to operate effectively across a highly matrixed, global business environment.
- Good leadership, strategic thinking, and large-scale planning abilities.
- Good interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex IS topics
- Excellent problems solving abilities and analytical skills
- Ability to apply a broad and comprehensive understanding across multiple functional areas.
- Strong work ethic, and an excellent use of discretion and judgment.
- Ability to organize, prioritize, and lead multiple deliverables simultaneously across a large, global corporate environment.
Education:
- Bachelor’s degree/University degree or equivalent experience is must
- Master’s degree preferred
-------------------------------------------------
Job Family Group:
Technology-------------------------------------------------
Job Family:
Information Security------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the "EEO is the Law" poster. View the EEO is the Law Supplement.
View the EEO Policy Statement.
View the Pay Transparency Posting