CrawlJobs Logo
Citi Logo Citi · IT - Administration

Information Security Technology Senior Specialist

India, Pune · Job Posted May 06, 2026
Apply Position
Job Link Share

Job Description

The Infrastructure Information Security Review Process (I-ISRP) Team sits in CISO and is responsible for executing the information security (IS) assessments of infrastructure products. This will ensure appropriate risk treatment while reducing the number of vulnerabilities in Citi’s production environment, in compliance with Citi, legal, regulatory and other applicable policies, standards and technical requirements. The Information Security Technology Senior Specialist is responsible for leading efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

Job Responsibility

  • Perform the information security review of infrastructure products and verify their compliance to the Citi Information Security Standards (CISS)
  • Take ownership of the IS certification of certain products and solutions, advising clients and making security decisions on products and solutions to be released into Citi production environment
  • Evaluate the security and compliance of the products by reviewing documentation and by hands-on testing
  • Document any findings, security breaches and non-compliant items
  • Assess risks of identified gaps, advise clients and partners on the feasibility of addressing them
  • Presenting results of an IS review, defending key points towards even senior clients, while remaining helpful, flexible and open to good solutions
  • Execute strict quality control measures into all processes to consistently meet standards
  • Generate metrics and ensure productivity to guarantee Service Level Agreements (SLAs) and client expectations are met
  • Support Technical Information Security Officers in their work for remediating any non-compliant items
  • Embracing new technologies, actively seeking out opportunities for improving efficiency of the Information Security Review Process and seek out possibilities for implementing automation for any manual efforts
  • Ensure essential procedures are followed, define operating standards and processes and develop procedures and process control manuals
  • Perform information security awareness and training activities
  • Coordinate any major initiatives in the team overarching multiple product reviews or affecting major process changes
  • Provide informal guidance or on-the-job-training to new team members

Requirements

  • 5-7 years working in an Information Technology related field
  • At least 2 years of experience in an Information Security field
  • Degree in a technology related discipline is strongly preferred
  • CISSP, CISA, CISM or equivalent exam, or commitment to obtain it in the near future
  • Experience with Unix-based systems
  • Knowledge of computer networking concepts
  • Familiarity with cloud-based technologies
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven analytical skills
  • Ability to work and make decisions independently
  • Fluent in English
Citi - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Information Security Technology Senior Specialist

8 matching positions

Senior Information Security Specialist

SmartRecruiters is looking for a Senior Information Security Specialist to join ...
Location
Location
Poland
Salary
Salary:
Not provided
smartrecruiters.com Logo
SmartRecruiters
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in information security, governance, risk, and/or compliance roles with a technical orientation
  • Demonstrated compliance or auditing experience with at least one major framework
  • Hands-on experience with incident response - including participation in security incident investigations, containment, and post-mortem processes
  • Solid understanding of controls auditing principles and evidence management
  • Technical understanding of cloud infrastructure (AWS preferred), networking fundamentals, identity management, and SaaS security architectures
  • Knowledge of risk management methodologies and experience conducting or supporting risk assessments
  • Ability to manage and deliver on multiple complex projects simultaneously, with minimal supervision
  • The ability to investigate, question, and interpret internal and external IT security and compliance issues at both a governance and technical level
  • A strong understanding of technology, cloud-based products, and SaaS environments
  • Experience working across business units and geographical boundaries to engage engineering, business, and operational teams
Job Responsibility
Job Responsibility
  • Identify manual, repetitive GRC processes and design automation blueprints to streamline them, including evidence collection, control monitoring, access reviews, policy enforcement checks, and compliance reporting
  • Build and maintain automated workflows using compliance platforms, scripting, or integration tools to reduce manual effort and improve audit-readiness
  • Develop reusable templates, playbooks, and standardised blueprints for recurring GRC activities (e.g., vendor assessments, internal audits, risk reviews) to ensure consistency and scalability
  • Collaborate with engineering and IT teams to integrate security and compliance checks into existing toolchains and CI/CD pipelines where applicable
  • Continuously evaluate and improve GRC tooling, data flows, and reporting to drive operational efficiency across the team
  • Manage stakeholder expectations and partner with internal teams to ensure effective management of IT risks and compliance obligations
  • Maintain regional and local stakeholder relationships, meeting schedules, minutes, and reports
  • Support the maintenance of the SOC 2 Type II framework, including evidence collection, control testing coordination, and audit support
  • Effectively manage ISO 27001 and ISO 22301 audit lifecycles and coordinate with stakeholders on ISMS and BCMS improvements
  • Support the maintenance and continuous improvement of the ISO 42001 (AI Management System) framework in alignment with the EU AI Act
  • Fulltime
Read More
Arrow Right

Senior Information Security Specialist

As a Senior Information Security Specialist, you will play a critical role in pr...
Location
Location
United States , Clarksburg
Salary
Salary:
Not provided
imts.us Logo
Innovative Management & Technology Services
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent experience
  • Minimum 7 years of experience in information security, IT risk management, or related roles, preferably in federal or state government environments
  • Strong knowledge of federal cybersecurity frameworks including NIST SP 800-53, OWASP Top 10, DISA STIGs, and Common Criteria
  • Hands-on experience with networking concepts, system administration, and software development practices
  • Proficiency in using Splunk or comparable SIEM tools for security event monitoring, audit log analysis, and incident response
  • Experience working within Agile or Scaled Agile Framework (SAFe) teams and integrating security in fast-paced development environments
  • Excellent communication skills with the ability to convey complex security concepts to technical and non-technical audiences
  • Active Top Secret clearance is required
  • U.S. Citizenship is required
Job Responsibility
Job Responsibility
  • Lead comprehensive reviews of management, operational, personnel, and technical security controls to verify their effectiveness during all phases of the system lifecycle
  • Identify, evaluate, and mitigate technical and operational security risks, threats, vulnerabilities, and weaknesses across diverse information systems
  • Drive compliance efforts with government standards and industry best practices, including NIST, OWASP, Common Criteria, DISA, and SANS Institute guidelines
  • Collaborate within Agile development teams to integrate security throughout the software development lifecycle, supporting secure design, testing, and deployment
  • Utilize hands-on expertise in networking, system administration, and software development to analyze security impacts and recommend improvements
  • Oversee audit log reviews and system alerting using Splunk or similar SIEM platforms to detect, investigate, and respond to security incidents
  • Communicate security findings clearly and effectively to technical teams and leadership, fostering a culture of security awareness and continuous improvement
What we offer
What we offer
  • competitive compensation
  • excellent benefits including tuition reimbursement and employer-contributed 401K
  • referral bonuses
  • Fulltime
Read More
Arrow Right

Senior Information Security Specialist

As a Senior Information Security Specialist, you will play a critical role in sa...
Location
Location
United States , Clarksburg
Salary
Salary:
Not provided
imts.us Logo
Innovative Management & Technology Services
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent professional experience)
  • Minimum 7 years of experience in information security, IT risk management, or cybersecurity compliance, preferably in a federal or state agency environment
  • Demonstrated experience applying and interpreting NIST 800-53, OWASP, and DISA STIGs in real-world projects
  • Strong hands-on technical background in networking, system administration, or software development
  • Proficiency with SIEM tools—especially Splunk—for event correlation, alerting, and compliance reporting
  • Familiarity with Agile development environments and DevSecOps principles
  • Strong written and verbal communication skills, with the ability to create reports and briefings for technical and non-technical stakeholders
  • Active Top Secret clearance is required
  • U.S. Citizenship is required
Job Responsibility
Job Responsibility
  • Lead comprehensive reviews of management, operational, personnel, and technical controls throughout the system development lifecycle (SDLC)
  • Identify and assess emerging security risks, weaknesses, and vulnerabilities associated with infrastructure, applications, and operations
  • Collaborate with developers and engineers to ensure identified risks are mitigated and documented effectively
  • Ensure compliance with federal and industry security standards including NIST SP 800-53, OWASP Top 10, Common Criteria, DISA STIGs, and SANS Institute recommendations
  • Support and contribute to Authorization to Operate (ATO) packages, including preparation of SSPs, POA&Ms, and continuous monitoring (ConMon) artifacts
  • Advise on policy alignment and security architecture improvements to support secure Agile delivery
  • Apply technical knowledge of networking, system administration, and development to assess the security posture of enterprise environments
  • Utilize Splunk to perform audit log analysis, generate system alerts, and support threat hunting and incident response activities
  • Recommend and implement automated logging, monitoring, and security reporting processes
  • Engage proactively with Agile development teams, product owners, and ISSOs to embed security into project planning and delivery
What we offer
What we offer
  • competitive compensation
  • excellent benefits including tuition reimbursement and employer-contributed 401K
  • referral bonuses
  • Fulltime
Read More
Arrow Right

Information Security Senior Specialist

The Cyber Defense & Incident Responder is responsible for monitoring, analyzing,...
Location
Location
United States , Merrifield
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in information technology, cybersecurity, data science, information systems, or computer science
  • Education Equivalency: One-and-one- half (1.5) years of additional experience can substitute for one (1) year of a typical degree program
  • Minimum 6 years of experience in Information Technology (IT) and/or Information Security (IS)
  • DoD 8140 certification for their respective area or the ability to obtain certification within six (6) months of onboarding
  • Ability to obtain a interim Secret Security Clearance and must be eligible for a Top-Secret clearance if requested
Job Responsibility
Job Responsibility
  • Monitor enterprise security systems and analyze alerts to identify potential cybersecurity incidents
  • Perform initial triage and analysis of security events to determine scope, severity, and urgency
  • Execute incident response actions in accordance with established procedures
  • Document and communicate incident findings to support resolution and improvement efforts
  • Maintain SOC processes, tools, and playbooks to ensure effective incident handling
  • Participate in training, exercises, and knowledge-sharing to strengthen response readiness
  • Stay informed on current and emerging cyber threats relevant to the organization’s environment
Read More
Arrow Right

Senior Information Technology Specialist

Barbaricum is currently seeking a proficient Senior Information Technology Speci...
Location
Location
United States , Fort Belvoir
Salary
Salary:
Not provided
barbaricum.com Logo
Barbaricum
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Active DoD Secret Clearance
  • Bachelor’s degree and 10 years of relevant experience
Job Responsibility
Job Responsibility
  • Support the resolution of IT and system problems, to recommend solutions to higher level IT specialists and management, and to meet assignments as estimated and scheduled
  • Provides technical advice to IT and other professionals and the client
  • Support backup and disaster recovery, cyber security, monitoring, auditing, and compliance, troubleshooting and resolving end user support issues, and delivery of technology solutions
  • Provide verification of operational status of government computer systems and related third party interfaces and comply with Federal regulations, policies, codes, and security and safety standards
  • Experience supporting and managing cloud instance by utilizing elastic cloud computing for resourcing needs
Read More
Arrow Right

Senior Business Information Security Specialist

The InfoSec team at JET is scaling its security partnership and vendor assurance...
Location
Location
United Kingdom
Salary
Salary:
Not provided
justeattakeaway.com Logo
Just Eat Takeaway.com
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrated ability to execute security risk assessments and vendor reviews end-to-end, including evidence collection, gap analysis, and documented findings
  • Working knowledge of security frameworks such as NIST CSF, ISO 27001, or CIS Controls applied in a product or engineering context
  • Ability to communicate security risk clearly to both technical and non-technical audiences, without defaulting to jargon or compliance-speak
  • Familiarity with GRC concepts including risk management, controls design, and third-party assurance, gained through hands-on practice rather than solely policy work
  • Comfort working across multiple teams and geographies in a fast-moving environment, managing competing priorities without losing accuracy or rigour
Job Responsibility
Job Responsibility
  • Execute vendor security assessments by collecting, analysing, and documenting supplier control evidence, audit reports, and risk findings against defined frameworks including ISO 27001 and NIST CSF
  • Identify and document third-party security risks, recommending proportionate risk treatment options aligned to JET's risk appetite
  • Support threat modelling, secure design reviews, risk remediation recommendations and early-stage risk assessments alongside engineering teams as part of the secure development lifecycle
  • Translate security findings into clear, business-aligned risk language for product and stakeholders, reducing reliance on technical jargon
  • Maintain accurate risk registers, vendor assessment records, and reporting inputs that feed into executive-level risk dashboards
  • Build working relationships with business and technology teams across multiple markets, acting as a visible and trusted point of contact for security guidance
  • Fulltime
Read More
Arrow Right

Senior Information Security GRC Specialist

The Senior Information Security GRC Specialist is responsible for enhancing the ...
Location
Location
Saudi Arabia
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Information Technology or Computer Science
  • Certifications like CISA and CRISC
  • At least 5 years of experience in information security
  • Strong communication skills
Job Responsibility
Job Responsibility
  • Enhancing the organization's information security program through risk assessments, compliance management, and policy development
What we offer
What we offer
  • Access to various wellness initiatives and health benefits tailored to individual needs
  • Competitive leave policies for vacations, illness, recovery or significant life events
  • Competitive salary plus a bonus or commission plan
  • Access to unrestricted courses, learning programs and professional certifications
  • Active mentorship program
  • World-class career platform
  • Fulltime
Read More
Arrow Right

Senior Information Security GRC Specialist

Join a leading company as a Senior Information Security GRC Specialist, where yo...
Location
Location
Saudi Arabia
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong knowledge and experience with NCA regulations
  • Strong experience in Essential Cybersecurity Controls (ECC)
  • Advanced understanding of information security frameworks and standards
  • Advanced proficiency in conducting risk assessments, analyzing security controls, and policy management
  • Excellent communication and interpersonal skills for collaborating with various stakeholders
  • Strong project management skills for handling security initiatives
  • Advanced familiarity with legal and compliance aspects related to information security
  • Bachelor’s degree or equivalent in Information Technology or Computer Science degree or related field
  • Security certifications such as CISA, CRISC, COBIT, IIA or equivalent preferred
  • Certifications such as Lead audit/Implementer - ISO 27001, SOC TSP preferred
Job Responsibility
Job Responsibility
  • Leads risk assessments and gap analyses to identify vulnerabilities and recommends risk mitigation strategies
  • Develops and maintains security policies, standards, and procedures
  • Collaborates with legal and compliance teams to ensure adherence to regulatory requirements
  • Provides guidance and support to junior GRC team members
  • Assists in the creation and delivery of security awareness and training programs
  • Participates in security incident response activities as needed
  • Contributes to the continuous improvement of the information security program
  • Assists in policy management and refinement
  • Performs any other related task as required
  • Closing gabs on key findings during internal audits and evidence validation
What we offer
What we offer
  • Flexible, hybrid working model
  • Access to various wellness initiatives and health benefits tailored to individual needs
  • Competitive leave policies
  • Competitive salary plus a bonus or commission plan
  • Access to unrestricted courses, learning programs and professional certifications
  • Active mentorship program
  • World-class career platform
  • Fulltime
Read More
Arrow Right