CrawlJobs Logo

External Penetration Testing - Vendor Lead

https://www.citi.com/ Logo

Citi

Location Icon

Location:
Singapore , Singapore

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

This is a senior level professional position responsible for serving as a liaison between Citi Stakeholders and External Penetration Testing vendors to address testing challenges, drive vulnerability discussions with Citi Stakeholders, drive operational health of the penetration testing vendors along with their adherence to Citi procedures, analyze vulnerability trends to better improve the root cause model of existing testing mechanisms and maintain the overall security hygiene for the organization. This role will also require the candidate to manage the end-to-end Vulnerability Disclosure Process for Citi that would involve onboarding applications with vendors, triaging and driving lessons learned as part of the public disclosure and Private Bug Bounty program. The overall objective of this role is to ensure the execution of Information Security directives and activities is in alignment with Citi's data security policy.

Job Responsibility:

  • Be the central liaison between Citi stakeholders and the external penetration testing vendor, acting as a collaborator to ensure smooth execution of the end-to-end engagement
  • Manage the end-to-end process of Vulnerability Disclosure activities that involves onboarding applications, triaging, retesting and identifying lessons learned from the vulnerabilities reported through this channel
  • Knowledge of OWASP Top 10 and SANS top 25
  • Perform Yearly Quality Checks on the vendors to ensure adherence to technical and process quality
  • Act as an application security subject matter expert to assist both Citi stakeholders and third-party vendors during vulnerability risk discussions
  • Focus and drive quality as it relates to the information submitted by the businesses who are requesting Penetration testing services and ensuring that the provided information is accurate and complete
  • Focus on maintaining a high level of operational oversight with all vendors and ongoing penetration testing activities in order to ensure that engagements are progressing forward with the right level of attention
  • Have strong communication skills in order to effectively communicate expectations and resolve challenges
  • Have strong technical writing and presentation skills to articulate the penetration testing process end-to-end to any audience
  • Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation
  • Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions to existing processes
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citibank, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency

Requirements:

  • Minimum of 5 years of relevant experience in Information Security and/or relevant Technology role
  • Advanced proficiency with Microsoft Office tools and software
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills
  • Bachelor’s degree/University degree or equivalent experience

Nice to have:

  • Familiarity or hands-on experience in application security testing
  • Basic understanding of Web/ Mobile / API security and relevant testing tools
  • Relevant Certifications is a plus not a requirement: GPEN, GWAPT, GMOB, GWEB
  • Master’s degree preferred

Additional Information:

Job Posted:
January 22, 2026

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Citi - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for External Penetration Testing - Vendor Lead

New

Chief Information Security Officer

We are seeking an experienced Chief Information Security Officer to lead our inf...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
sokin.com Logo
Sokin
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years in information security with 5+ years in senior security leadership roles
  • Experience in regulated financial services (payments, banking, or fintech)
  • Track record of building and leading security teams in scale-up environments
  • Experience with FCA regulation, PCI-DSS compliance, and financial services audits
  • Hands-on experience with security incident response and crisis management
  • Deep knowledge of AWS security services (GuardDuty, Security Hub, WAF, KMS, CloudTrail, Config)
  • Experience with containerised environments (EKS/Kubernetes) and serverless security
  • Strong understanding of network security, zero trust architecture, and micro-segmentation
  • Proficiency with SIEM platforms (Splunk, Datadog Security, or equivalent)
  • Knowledge of application security tools: Wiz, SonarQube, Burp Suite, OWASP ZAP
Job Responsibility
Job Responsibility
  • Define and execute the enterprise information security strategy aligned with business objectives
  • Establish and maintain the Information Security Management System (ISMS) to support constant certification readiness with PCI DSS, ISO 27001 and SOC2
  • Own security policies, standards, and procedures across the organisation
  • Report to the Board and senior leadership on security posture, risk exposure and programme maturity
  • Manage security budget and resource allocation
  • Lead enterprise security risk assessments and maintain the infosec item on the risk register
  • Ensure compliance with FCA operational resilience requirements and SYSC guidelines
  • Maintain PCI-DSS Level 1 compliance across payment processing infrastructure
  • Oversee GDPR, UK Data Protection Act, and international privacy compliance
  • Manage relationships with external auditors, penetration testers, and regulatory bodies
What we offer
What we offer
  • Competitive salary and equity participation
  • Hybrid working with flexibility
  • Private healthcare
  • Pension contribution
  • Professional development budget
  • Opportunity to shape security strategy at a high-growth fintech
Read More
Arrow Right

IT Operations Lead

Mowlam Healthcare is Ireland’s largest independent provider of nursing home care...
Location
Location
Ireland , Limerick City
Salary
Salary:
Not provided
mowlamhealthcare.com Logo
Mowlam Healthcare
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-8 years IT administration experience in a technical role
  • Degree in computer science or similar preferred, however industry experience and qualifications may be considered as equivalent
  • In depth technical knowledge and experience managing M365, Intune, Defender for Endpoint and Azure
  • Expert technical understanding of software and hardware installations, operating systems, spreadsheet applications, and general IT problem solving
  • Excellent understanding and practical experience of system/data backup and restore technologies
  • Good understanding and practical experience of SDWAN and wired and wireless LAN networking technologies
  • Proven or willingness to develop technical project management skills
  • Proven or willingness to develop budget management skills
  • Experience managing technology vendors to ensure services are delivered in line with contractual requirements and within SLAs
  • Good understanding and awareness of information security principles
Job Responsibility
Job Responsibility
  • Develop an understanding of company workflows and processes in order to analyse user technology needs effectively to drive continuous improvements of IT processes
  • Assume responsibility for the day-to-day operational management of all IT networks and systems
  • Support in conjunction with managed IT Provider, staff onboarding and offboarding processes, including the preparation of end user devices, systems access provisioning and general IT and cybersecurity awareness training
  • Provision of end user technical support when required
  • Act as the initial point of escalation for technical issues impacting business operations
  • Oversee in conjunction with the managed IT provider the management of the organisations cloud technologies, including M365 and Azure
  • In collaboration with IT Managed Service Providers, oversee the technical configuration of networks and cloud infrastructure
  • Ensure the alignment of technology management with the organisations IT and security policies
  • Develop, implement and communicate appropriate IT Standard Operating Procedures across the organisation
  • Oversee the management of IT and network managed service providers to ensure services are delivered in a resilient and secure manner
  • Fulltime
Read More
Arrow Right

Product Security Engineer

Join Airtable as a Product Security Engineer and play a pivotal role in shaping ...
Location
Location
United States , San Francisco; Seattle; New York City; Los Angeles
Salary
Salary:
170000.00 - 277000.00 USD / Year
airtable.com Logo
Airtable
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2+ years experience in product security and application security
  • Experience shipping production code
  • Skilled at conducting in-depth security reviews and collaborating with engineering teams
  • Proficient in writing clean, maintainable code
  • Hands-on experience with AI product security for LLM-powered products
  • Strong communicator and collaborator, able to drive security initiatives
  • Comfortable making systems as well as breaking them
  • Familiar with JavaScript or TypeScript, Node, Linux, and AWS or comparable technologies
  • Comfortable working in a fast-paced environment and contributing to long-term security strategy
Job Responsibility
Job Responsibility
  • Partner with product teams to review product plans, designs, and code for security considerations
  • Lead and implement programs that raise the bar for application and product security
  • Build and ship frameworks that make it easy for product engineers to ship secure code
  • Triage and drive remediation for findings from external penetration testers
  • Research emerging threats and evolving best practices, especially in AI and LLM safety
  • Work with advisors and third party vendors on penetration tests, security reports and compliance projects
  • Contribute to roadmaps, metrics and strategic planning for the product security team
What we offer
What we offer
  • Benefits
  • Restricted stock units
  • Incentive compensation
  • Fulltime
Read More
Arrow Right

Head of Security

Prezzee is a global leader in digital gifting and payments. As our Head of Secur...
Location
Location
Australia , Melbourne
Salary
Salary:
Not provided
prezzee.com.au Logo
Prezzee
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A degree in Computer Science, Software Engineering, or a related discipline
  • 5+ years’ experience in a senior cyber security role, ideally within a systems development or technology-led environment
  • Strong understanding of AWS technologies and modern cloud architecture models
  • Proven experience delivering strategic security programs, including policy development, risk management, BCP/DR testing, third-party risk, and end-user device security
  • Hands-on experience triaging, investigating, and resolving security and operational incidents within SLAs
  • Deep knowledge of modern cyber security principles, threat landscapes, threat intelligence, and remediation techniques
  • Experience coordinating outcomes across internal teams, external vendors, auditors, and security partners
  • A collaborative, business-minded approach with the confidence to influence at leadership level
Job Responsibility
Job Responsibility
  • Lead Our Security Strategy: Own and deliver a clear, ongoing security roadmap aligned to Prezzee’s risk appetite, business priorities, and growth plans
  • Continuously uplift our administrative, technical, and procedural security posture across the business
  • Stay ahead of emerging threats and evolving standards, ensuring Prezzee remains proactive rather than reactive
  • Build a Security-First Culture: Act as the Security Champion across all teams and locations, embedding security awareness into how we work every day
  • Partner closely with engineering, product, IT, and the wider business to ensure security is at the forefront of design
  • Manage and mentor a small, high-performing security team, driving engagement and alignment with Prezzee’s purpose
  • Governance, Risk & Compliance: Maintain and expand compliance with frameworks and certifications including PCI, ISO:27001, Cyber Essentials+, ISO:42001 and others as required
  • Chair and manage the ISMS Committee, ensuring stakeholders have clear visibility of risks, controls, and progress
  • Lead third-party and vendor security due diligence across tools, partners, and workplace technology
  • Operational Security & Incident Management: Oversee vulnerability management, penetration testing outcomes, and remediation within agreed SLAs
What we offer
What we offer
  • Prezzeeversary Leave – Extra day of annual leave for each year you’re with us
  • BirthYay Leave – Celebrate you with a paid day off during your birthday month
  • Novated Car Leasing – A tax-smart way to bundle and pay for your car and running costs
  • ClassPass Membership – Fully covered monthly credits for fitness, wellness, and beauty
  • Office Allowance – One-time payment to upgrade your office setup
  • Flexible Work Perks – Flex your hours, take Culture Swap Days, and work from anywhere for 30 days a year
  • Prezzee Staff Discounts – Exclusive deals on Prezzee gift cards – just for being part of the team
  • Wellbeing Support – Access to mental, social, financial, and physical wellbeing support via Telus
  • Learning & Development – Grow your career with LinkedIn Learning, job shadowing, industry programs, and our Lunch & Learn sessions
  • Employee Resource Groups – Be an advocate or ally and foster belonging through groups like EmpowHer and Pride
  • Fulltime
Read More
Arrow Right

Head of Security

As our Head of Security, you’ll play a critical role in protecting the trust our...
Location
Location
Australia , Sydney
Salary
Salary:
Not provided
prezzee.com.au Logo
Prezzee
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A degree in Computer Science, Software Engineering, or a related discipline
  • 5+ years’ experience in a senior cyber security role, ideally within a systems development or technology-led environment
  • Strong understanding of AWS technologies and modern cloud architecture models
  • Proven experience delivering strategic security programs, including policy development, risk management, BCP/DR testing, third-party risk, and end-user device security
  • Hands-on experience triaging, investigating, and resolving security and operational incidents within SLAs
  • Deep knowledge of modern cyber security principles, threat landscapes, threat intelligence, and remediation techniques
  • Experience coordinating outcomes across internal teams, external vendors, auditors, and security partners
  • A collaborative, business-minded approach with the confidence to influence at leadership level
Job Responsibility
Job Responsibility
  • Lead Our Security Strategy: Own and deliver a clear, ongoing security roadmap aligned to Prezzee’s risk appetite, business priorities, and growth plans
  • Continuously uplift our administrative, technical, and procedural security posture across the business
  • Stay ahead of emerging threats and evolving standards, ensuring Prezzee remains proactive rather than reactive
  • Build a Security-First Culture: Act as the Security Champion across all teams and locations, embedding security awareness into how we work every day
  • Partner closely with engineering, product, IT, and the wider business to ensure security is at the forefront of design
  • Manage and mentor a small, high-performing security team, driving engagement and alignment with Prezzee’s purpose
  • Governance, Risk & Compliance: Maintain and expand compliance with frameworks and certifications including PCI, ISO:27001, Cyber Essentials+, ISO:42001 and others as required
  • Chair and manage the ISMS Committee, ensuring stakeholders have clear visibility of risks, controls, and progress
  • Lead third-party and vendor security due diligence across tools, partners, and workplace technology
  • Operational Security & Incident Management: Oversee vulnerability management, penetration testing outcomes, and remediation within agreed SLAs
What we offer
What we offer
  • Prezzeeversary Leave – Extra day of annual leave for each year you’re with us
  • BirthYay Leave – Celebrate you with a paid day off during your birthday month
  • Novated Car Leasing – A tax-smart way to bundle and pay for your car and running costs
  • ClassPass Membership – Fully covered monthly credits for fitness, wellness, and beauty
  • Office Allowance – One-time payment to upgrade your office setup
  • Flexible Work Perks – Flex your hours, take Culture Swap Days, and work from anywhere for 30 days a year
  • Prezzee Staff Discounts – Exclusive deals on Prezzee gift cards – just for being part of the team
  • Wellbeing Support – Access to mental, social, financial, and physical wellbeing support via Telus
  • Learning & Development – Grow your career with LinkedIn Learning, job shadowing, industry programs, and our Lunch & Learn sessions
  • Employee Resource Groups – Be an advocate or ally and foster belonging through groups like EmpowHer and Pride
  • Fulltime
Read More
Arrow Right

Director of Security

Jeeves is looking for a visionary and hands-on Director of Information Security ...
Location
Location
Brazil , São Paulo
Salary
Salary:
Not provided
tryjeeves.com Logo
Jeeves
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Security, or a related field
  • Master's degree preferred
  • 10+ years of progressive experience in information security
  • At least 5 years in a leadership or management role, preferably within a B2B SaaS or FinTech environment
  • Proven experience operating in a global organization with a strong understanding of diverse regulatory landscapes across North America, EMEA, and Latin America (Mexico, Colombia, Brazil)
  • Strong understanding of financial industry security regulations and compliance frameworks (e.g., PCI DSS, SOC 2, ISO 27001, NIST Cybersecurity Framework, GDPR, LGPD)
  • Deep technical expertise across a broad range of security domains, including network security, cloud security (AWS, Azure, GCP), application security, data security, identity and access management, and incident response
  • Experience with various security tools and technologies (SIEM, EDR, WAF, DLP, vulnerability scanners, etc.)
  • Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex security concepts to technical and non-technical audiences, including executive leadership
  • Strong analytical and problem-solving skills, with a proactive and pragmatic approach to security
Job Responsibility
Job Responsibility
  • Develop, implement, and maintain a robust global information security strategy aligned with business objectives, regulatory requirements, and industry best practices
  • Lead the evolution of our security roadmap, identifying emerging threats, vulnerabilities, and opportunities for improvement
  • Provide expert guidance and leadership on all aspects of information security to executive management and key stakeholders
  • Oversee the design, implementation, and continuous improvement of security policies, standards, procedures, and guidelines across the organization
  • Manage and mature our security awareness and training programs for all employees, fostering a security-conscious culture
  • Develop and manage the information security budget and resource allocation
  • Establish and maintain an enterprise-wide information security risk management framework, conducting regular risk assessments and managing mitigation plans
  • Ensure compliance with relevant international, regional, and local data privacy and security regulations
  • Lead and coordinate external security audits and assessments, facilitating responses to findings and ensuring timely remediation
  • Oversee security operations, including vulnerability management, penetration testing, security monitoring, and incident detection and response
  • Fulltime
Read More
Arrow Right

IT Project Manager - Cybersecurity

This Health Solutions company in Downtown Montreal is looking for an IT Project ...
Location
Location
Canada , Montréal
Salary
Salary:
Not provided
https://www.randstad.com Logo
Randstad
Expiration Date
March 05, 2026
Flip Icon
Requirements
Requirements
  • Minimum 5-8 years of Project Management experience
  • At least 3 years dedicated to Cybersecurity or Information Security projects
  • PMP certification is required
  • Security certifications such as CISSP, CISM, or CISA are highly valued assets
  • Strong understanding of Healthcare data standards (HL7, FHIR) and privacy regulations (Law 25, PIPEDA) is preferred
  • Familiarity with security frameworks (NIST, ISO) and technologies (SIEM, Firewalls, Cloud Security - Azure/AWS)
  • Proven ability to communicate complex risk and security concepts to executive leadership
  • Bilingualism (English and French) is required
Job Responsibility
Job Responsibility
  • Lead the deployment of critical cybersecurity initiatives, including Identity and Access Management (IAM) upgrades, Data Loss Prevention (DLP) implementation, and Endpoint Detection and Response (EDR) rollouts
  • Manage projects related to regulatory compliance (specifically Law 25 and ISO 27001 standards) to ensure patient data privacy and organizational adherence to Quebec and Canadian health data laws
  • Coordinate with the Security Operations Center (SOC) and engineering teams to track vulnerability assessments, penetration testing schedules, and remediation projects
  • Act as the bridge between technical security teams, the CISO, and non-technical business units
  • manage external security vendors and evaluate third-party risk
  • Oversee the scheduling and execution of Tabletop Exercises (TTX) and disaster recovery simulations to ensure business continuity readiness
What we offer
What we offer
  • Laptop provided
  • Fulltime
Read More
Arrow Right

Senior Project Manager

A leading global organization is seeking a highly experienced Senior Project Man...
Location
Location
United States , Madison, NJ
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8–12+ years of project/program management experience
  • at least 5 years supporting Information Security or GRC initiatives
  • experience in pharmaceutical, medical device, or other highly regulated industries strongly preferred
  • strong understanding of cybersecurity domains: IAM, SIEM, cloud security, vulnerability management, data governance, incident response
  • proven success managing multi-workstream programs with cross-functional technical teams
  • exceptional communication, executive reporting, and stakeholder-management skills
  • PMP, PMI-ACP, CSM, CISSP, CISM, or similar certifications a plus
Job Responsibility
Job Responsibility
  • Lead the planning, execution, and delivery of enterprise cybersecurity initiatives for the Office of the CISO
  • drive project governance, scope definition, schedules, risk management, and stakeholder communication
  • manage multiple parallel projects including security tool deployments, regulatory compliance initiatives, and remediation programs
  • oversee vendor and third-party contributions
  • ensure SLAs and deliverables are met
  • support initiatives across IAM, cloud security, vulnerability management, data protection, and incident response
  • track remediation efforts for audits, penetration tests, and regulatory findings (e.g., FDA, SOX, GDPR)
  • develop dashboards and executive reports for leadership
  • coordinate cross-functional teams to ensure alignment with security standards and risk priorities
  • ensure projects comply with regulations relevant to pharmaceutical/medical device environments
What we offer
What we offer
  • medical, vision, dental, and life and disability insurance
  • company 401(k) plan
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy