Job Description

The purpose of the Chief Information Security Office (CISO) Policy team is to establish and maintain policies and standards that provide management and operational controls to reduce risk and achieve regulatory compliance. The Policy team helps cybersecurity program owners to align policy requirements with industry frameworks and regulatory expectations and manages the cybersecurity policy document workflow through iterative drafts, working group reviews, and governing body approvals.

This role will lead the CISO Policy team and help set the strategic direction for anchoring our standards in a modern control framework, aligning requirements to Citis cybersecurity risk tolerance, and establishing compliance monitoring. Focus areas will be closing gaps in control coverage, defining clear, measurable, and prescriptive requirements, and aligning with Citis global technology and risk management policy and standard requirements, as well as Citis global policy governance processes. This leader will establish and maintain strong connections across the CISO organization and make recommendations to senior leadership regarding policy and control enhancements.

Qualifications:
BA/BS degree or equivalent work experience
10+ years managing a policy and/or risk program for a government, technology, financial, or other highly complex and regulated environment
Excellent technical and policy writing expertise, with the ability to present information clearly and concisely to a wide breadth of stakeholders
Ability to motivate and manage directly and by influence
Strong risk management experience, including: performing assessments and audits, designing controls, managing enterprise control frameworks, and prioritizing risk
Excellent written and verbal communication skills
Strong people management skills. Ability to nurture diverse talent and manage remote teams
Strong analytical skills. Proven history of analyzing data and situations to identify meaningful observations
Results oriented, high energy, self-motivated
Knowledge of system security vulnerabilities and remediation techniques
Experience with data, hardware security, system and network security, authentication and security protocols, cryptography, and application security
Knowledge of threat modeling or other risk identification techniques
Familiarity with attack patterns and exploitation techniques
Relevant certification (e.g., CISA, CISSP, CISM)

-------------------------------------------------

Job Family Group:

Technology

-------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries (Citi) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the EEO is the Law poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting