Information Security Officer

The Information Security Officer (ISO) will work with the system development areas to ensure proper technology risk considerations are address at each phase of the system development life cycle and provide initiative-taking solutions to correct exposures or mitigate risk. Interpret security standards, procedures, and guidelines for multiple platforms and diverse environments (e.g., client server, distributed, mainframe, etc.) in designing solutions, recommending enhancements, or defining mitigating controls to existing systems.

You should demonstrate an understanding of application security and will exercise judgment within existing practices and policies. Excellent communication skills required to negotiate internally, often at a senior level. Developed communication and diplomacy skills are required to guide, influence, and convince others, in particular colleagues in other areas and occasional external customers. Necessitates a degree of responsibility over technical strategy.

Responsibilities you will have:

• Perform information security risk assessment on new applications and changes to existing applications.

• Consult on AI, Cloud, and Mobile initiatives.

• Perform Threat Modeling, as needed.

• Reports IS gaps to Technology teams as applicable with appropriate recommendations.

• Create corrective action plans for non-compliant issues working with application development team.

• Recommend security solutions according to Security Policy and Practices established by Citigroup.

• Promote awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to IT.

• Establish and maintain relationships with domain architects, project managers, and others within the technology development unit.

Required skills:

• 5-10 years of Information Security Knowledge of Information Security, IT Risks and Controls assessment

• Application Security risk assessment experience is desirable

• Good understanding of the Information control areas including Authentication, Authorization, Access Control, auditing, cryptography for applications.

• Knowledge of OWASP Guidelines for Application, software development processes, integration of security assessments in SDLC process, secure coding is desirable.

• Knowledge of Threat Modeling is beneficial

• Experience with vulnerability assessment and related risk assessment tools and/or application development experience is a plus.

• Fluency in English

• Proficient in MS Office products, particularly PowerPoint & Excel.

• Exhibit strong influencing / negotiation skills as well as written/verbal communication skills.

• Should be well versed in Tech Risk policies, requirements, standards, patterns and be able to provide base level security services to clients.

• Ability to engage in deep technical discussions with other Engineering groups, as well as ability to convey the same concepts and issues at an elevated level to senior leadership.

• Ability to execute technical responsibilities, including, Design / Architecture reviews, Code / Configuration reviews and vulnerability assessment.

• Familiarity with cyber security frameworks, include NIST.

Education:

• BS degree in Information Security/Computer Science/Electrical, Mechanical Engineering /Information Technology. An advanced degree in a relevant business area is a positive.

• Professional certifications, such as CISSP and CSSLP, or willingness to obtain certification within 12-18 months of start date.

What we can offer you:

By joining Citi Hungary, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive compensation package and enjoy a whole host of additional benefits that support you (and your family) to be well, live well and save well:

• Cafeteria Program

• Home Office Allowance (for colleagues working in hybrid work models)

• Paid Parental Leave Program (maternity and paternity leave)

• Private Medical Care Program and onsite medical rooms at our offices

• Pension Plan Contribution to voluntary pension fund

• Group Life Insurance

• Employee Assistance Program

• Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed

• Flexible work arrangements to support you in managing work - life balance

• Career progression opportunities across geographies and business lines

• Socially active employee communities with diverse networking opportunities

Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self every day.  We want the best talent around the world to be energized to join us, motivated to stay, and empowered to thrive. 

Sounds like Citi has everything you need? Then apply to discover the true extent of your capabilities.

#LI-OD1

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.