Cyber Architect

• Plan, research, and design security architecture for IT systems and applications
• Determine security controls and document appropriately
• Perform security architecture and risk assessment of IT systems and applications
• Provide security recommendations including automated controls, configurations on projects
• Collaborate with internal and external technology teams to drive development of strategies and plans
• Establish relationships with cross-functional areas and serve as SECURITY subject-matter expert
• Promote awareness and provide consistent interpretation of security policy
• Manage risk by analyzing root cause of security issues
• Support Global Information Security policies, standards, and initiatives development
• Support Citi AI initiatives including evaluating use of AI tools for Threat Modeling

• 12+ years of Application Security and/or Information Security experience in areas of IT
• Good understanding of Information security domains such as Identity access management, Cryptography, Data protection, Application Vulnerability Assessment, Audit Logging/Monitoring
• Experience as Security Architect or Application Architect with Security Knowledge
• Good knowledge of software development processes (SLDC/Agile/Iterative/DevOps)
• Good understanding of IT Security frameworks such as NIST SP-800, ISO 27001
• Experience of delivering security solution architecture from end-to-end
• Threat modelling using industry standard methodologies (e.g. STRIDE/DREAD)
• Experience developing Reference Security Architecture and Design Patterns
• Security architecture assessments for IT systems such as Web, Mobile, APIs/Microservices, Cloud (AWS/GCP/Azure/Oracle)
• Strong knowledge of iOS & Android ecosystem with emphasis on security for mobile applications
• Strong understanding of mobile payment systems and supporting ecosystems (i.e. Mastercard / Visa)
• Hands on experience with security controls to defend against mobile attack surface
• Good understanding of mobile security trends and threats/vulnerabilities
• Must be proficient in applying application security knowledge to improving security in software development phases
• Industry certification such as CISSP, CCSP, and other vendor certification are highly preferred
• Strong inter personnel skills and ability to influence outcomes
• Strong communication skills interacting with senior technology and business management
• Ability to prioritize in multi-task environment
• Strong problem solving/analytical skills
• Proficient in MS Office products, particularly PowerPoint & Excel
• BS degree in Computer Science (or related Information Technology field)

Industry attestations like SWIFT CSP, target 2, CHAPs