Citigroup Cybersecurity Policy Lead (SVP) in Irving, Texas
The purpose of the Chief Information Security Office (CISO) Policy team is to establish and maintain policies and standards that provide management and operational controls to reduce risk and achieve regulatory compliance. The Policy team helps cybersecurity program owners to align policy requirements with industry frameworks and regulatory expectations and manages the cybersecurity policy document workflow through iterative drafts, working group reviews, and governing body approvals.
This role will lead the CISO Policy team and help set the strategic direction for anchoring our standards in a modern control framework, aligning requirements to Citi’s cybersecurity risk tolerance, and establishing compliance monitoring. Focus areas will be closing gaps in control coverage, defining clear, measurable, and prescriptive requirements, and aligning with Citi’s global technology and risk management policy and standard requirements, as well as Citi’s global policy governance processes. This leader will establish and maintain strong connections across the CISO organization and make recommendations to senior leadership regarding policy and control enhancements.
• BA/BS degree or equivalent work experience
• 10+ years managing a policy and/or risk program for a government, technology, financial, or other highly complex and regulated environment
• Excellent technical and policy writing expertise, with the ability to present information clearly and concisely to a wide breadth of stakeholders
• Ability to motivate and manage directly and by influence
• Strong risk management experience, including: performing assessments and audits, designing controls, managing enterprise control frameworks, and prioritizing risk
• Excellent written and verbal communication skills
• Strong people management skills. Ability to nurture diverse talent and manage remote teams
• Strong analytical skills. Proven history of analyzing data and situations to identify meaningful observations
• Results oriented, high energy, self-motivated
• Knowledge of system security vulnerabilities and remediation techniques
• Experience with data, hardware security, system and network security, authentication and security protocols, cryptography, and application security
• Knowledge of threat modeling or other risk identification techniques
• Familiarity with attack patterns and exploitation techniques
• Relevant certification (e.g., CISA, CISSP, CISM)
Job Family Group:
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi (https://www.citigroup.com/citi/accessibility/application-accessibility.htm) .
View the "EEO is the Law (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/eeopost.pdf) " poster. View the EEO is the Law Supplement (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf) .
View the EEO Policy Statement (http://citi.com/citi/diversity/assets/pdf/eeo_aa_policy.pdf) .
View the Pay Transparency Posting (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf)
Citi is an equal opportunity and affirmative action employer. Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.
- Citigroup Jobs