Senior Vice President, Security Architect
$145,840 - $218,760/Yr
Citigroup - Fort Lauderdale, FL
posted 23 days ago
Full-time - Senior
Fort Lauderdale, FL
10,001+ employees
Credit Intermediation and Related Activities
About the position
The Security Architect is a senior-level professional within the Chief Information Security Office (CISO) at Citi, responsible for supporting Enterprise Security Architecture across the organization. This role involves acting as a trusted advisor to various teams, establishing security requirements, designing reference architectures, and mitigating risks to the company. The Security Architect plays a critical role in ensuring the security of Citi's applications and APIs, while also leading high-visibility initiatives and managing stakeholder relationships.
Responsibilities
- Define architecture vision for Application Security and Vulnerability Management
- Develop security architecture, strategy, planning, and problem-solving IT solutions including emerging technologies for processing data on-prem and in the cloud
- Evaluate, design and architect security systems to protect Citi's most critical applications and APIs
- Perform security architecture and risk assessment of internally developed and vendor IT systems and applications leveraging best practices including threat modelling
- Ensure that security design and controls are consistent with organization's security architecture principles
- Develop strategies and security controls partnering with IT architecture/development stakeholders to implement during early in system development life cycle
- Ensure that security architectures are resilient, reliable, and scalable
- Provide security recommendations including automated controls, security configurations and advise on strategies as well as compensating controls to manage risk to acceptable tolerance levels
- Perform root cause analysis, identify thematic security architecture improvements, and create security patterns as well as frameworks that can accelerate faster secure delivery of products to market
- Influence Global Information Security policies, standards, and program leveraging subject matter knowledge, as well as industry partnerships
- Establish relationships with cross-functional areas including Business, Technology, and Compliance stakeholders and serve as a security subject-matter expert
- Interface with vendors to assess their technology and to guide their product roadmap based on Citi requirements
- Impact the technology function through contribution to technical direction and strategic decisions
- Use developed communication skills to negotiate and often at higher levels.
Requirements
- Experience developing Reference Security Architecture and Design Patterns to support proactive and automated controls
- Sound understanding of Information security domains: Application Security, Vulnerability Management, Identity access management, Cryptography, Data protection, Infrastructure Defense, Security Operations, etc.
- Experience with security frameworks and standards (e.g. TOGAF, SABSA, MITRE ATT&CK, NIST 800-53)
- 10+ years as Security Architect or within a similar capacity
- Knowledge of software development processes (SLDC/Agile/Iterative/DevOps)
- Threat modelling using industry standard methodologies (e.g. STRIDE/DREAD/MITRE)
- Experience of security architecture/engineering with one or more IT systems such as Cloud (e.g. AWS/GCP/Azure)
- Containerization and Virtualization technologies such as Kubernetes (OpenShift, AWS EKS, Google GKS)
- API Gateway technologies such as Apigee, Kong and AWS API Gateway
- Enterprise Web and Mobile applications
- Authentication security patterns involving OpenID connect, OAuth, SAML, Kerberos, etc
- Application Security Testing (SAST/DAST/SCA, etc)
- Vulnerability Scanning & Management, Penetration Testing, Red Teaming
Nice-to-haves
- Software development experience is a plus
- Strong interpersonal skills and ability to influence outcomes in a collaborative environment
- Strong communication skills interacting with senior technology and business management
- Consistently demonstrates clear and concise written and verbal communication
- Management and prioritization skills
- Ability to manage multiple activities and changing priorities
- Ability to work under pressure and to meet tight deadlines
- Self-starter with ability to take the initiative and master new tasks quickly
- Methodical, attention to detail
Benefits
- Medical, dental & vision coverage
- 401(k)
- Life, accident, and disability insurance
- Wellness programs
- Paid time off packages including planned time off (vacation), unplanned time off (sick leave), and paid holidays
