Vice President, Global Markets ISO

• Act as a Trusted Security Advisor to business and technology teams, guiding them on IS/Cyber risks
• Appropriately assess risks when business decisions are made, demonstrating consideration for the firm's reputation and safeguarding Citigroup, its clients and assets
• Drive compliance with applicable Information & Cybersecurity laws, rules and regulations, adhering to relevant Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
• Work with business & technology management to drive the information security program and govern risk management activities including CSRA (Cybersecurity Risk Appetite) reporting
• Work with the internal Applications Development function to facilitate improvements in both architectural and application security posture
• Provide strategic risk guidance for business and technology projects, including the evaluation and recommendation of security controls and corrective actions to mitigate/remediate risks
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation
• Facilitate compliance with all Information Security policies, standards and regulations/directives as mandated by Global CISO Organization and regulators
• Perform Information Security Assessments across applications/business processes
• Ensure non-compliant items are resolved through coordination with Business & Technology Management
• Communicate and interact periodically with employees, business and technology management to update on IS related programs, risks & controls, policies/standards

• 12+ years of relevant experience in Information & Cybersecurity space or related domains such as risk management, auditing, consulting & advisory services
• Strong understanding of Information security domains with hands on experience of performing application security risk assessments covering controls such as Identity & Access Management, API Security, Cloud/SaaS Security, Cryptography, Sensitive Data protection, Audit Logging/Monitoring, Secure SDLC controls
• Sound knowledge of Application Vulnerability Assessments/Source code & component vulnerability scanning related controls
• Additional IS/Cybersecurity certifications (CISA, CISSP, CISM, SANS GIAC, CEH etc.) preferred
• Understanding of policy compliance and how it relates to risk
• Extensive knowledge of information security risk assessment methodologies/industry standards
• Demonstrated ability to take ownership and follow up on issues
• Demonstrated ability to work in a team and to work well under pressure
• Advanced analytical and problem-solving skills
• Consistently demonstrates clear and concise written and verbal communication
• Proficient in interpreting and applying policies, standards and procedures
• Demonstrated ability to remain unbiased in a diverse working environment
• Ability to manage multiple tasks, changing priorities, work under pressure, meet tight deadlines
• Self-starter with ability to take the initiative and master new tasks quickly
• Methodical with attention to detail
• Proven influencing and relationship management skills

Banking/Financial Services/Markets experience is an advantage