5 days old

Vulnerability Threat Management Lifecycle Senior Analyst

Melville, NY 11747
**About Citi:**

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. Well enable growth and progress together.

**About Our Team:**

Citi Technology Infrastructure (CTI) provides the critical technical foundation for Citis operations and is responsible for delivering reliable IT solutions, scalable infrastructure services, and secure capabilities while creating a trusted customer experience and enabling Citis workforce to be the best for our clients. Making the bank simpler, greener, and better connected while powering it with trusted, well-secured data, and automating policy enforcement through code are all at the heart of our refreshed global strategy. Data Quality, Simplification, Environmental Stability, Automation, and Service Excellence are the key pillars and priorities on our strategic journey.

**In CTI, we are focused on delivering the best for our clients, and we know that to do this we need a talented team with diverse experiences, backgrounds and skills.**

**Job overview:**

The Senior Analyst will be responsible for orchestrating all activities within the vulnerability threat

management program and oversee the governance of its processes as a Lifecycle Manager.

Will strive to analyze infrastructure vulnerability reports and drive customer relations; strong project management and

communication skills are required.

Prevent, monitor and respond to information/data breaches and cyber-attacks.

The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

**Key Responsibilities:**

+ Orchestrate the analysis and delivery of Information Security Vulnerability Findings to customers with impactful, comparative, interpretative information security analysis in a clear, consistent, and factual manner.

+ Responsible for reported metrics, including detection and use of various available inventories and scan results, data modelling, processing, calculating and transformation into meaningful metrics and reports.

+ Analysing data or information, identifying the underlying principles, reasons or fact of information by breaking down information or data into separate parts.

+ Must build and maintain strong working relationships with IT engineering, operations, and other stakeholders to remediate Information Security and/or Vulnerability Findings.

+ Coordinate and lead vulnerability management forums with operations and engineering leads as required to resolve outstanding/pending issues before requiring further escalation.

+ Responsible for managing customer expectations and effective delivery of reported metrics.

+ Must escalate issues appropriately and in a timely fashion with general management supervision.

+ Support the organization through internal and external audits of the various processes and procedures in use.

+ Revise and update documentation, PCMs, runbooks, etc.

+ Evaluating information to determine compliance with standards

+ Provide timely response to audit and regulatory requests

+ Complete additionally any other tasks in connection with the role but not detailed in the current job description, charged by the direct manager, supervisor, or the functional head.

+ Support the implementation of Information Security (IS) Training Plan, by verifying training participants completed the training and understand IS requirements

+ Coordinate with cross-functional Operations and Technology (O&T) counterparts and teams to improve O&T risk oversight

+ Attend and participate in internal/external IS forums and risk committees when necessary and provide IS updates to the business

+ Ensure stakeholders are held accountable for IS controls, and understand responsibilities in risk mitigation and remediation

+ Improve processes, remove IS deficiencies and enhance current tools that reduce an overall risk profile

+ Ensure security practices and standards compliance to reduce the likelihood of audit, regulatory and legal liabilities and reduce security risks by enhancing controls and minimizing weaknesses in Citis applications portfolio

+ Ensure non-compliant items are addressed through coordination with Business Manager and business staff

+ Support the Global Information Security (GIS) policies, standards, and initiatives development and implementation

+ Provide guidance on IS aspects of projects in support of business initiatives

+ Act as the main leg of the SSM ASPAC team

+ Carry out all processes independently, with providing overall support for all technology domains in the firm

+ Establish communication channels with cross-sector ISOs to efficiently tackle security issues that span multiple businesses

+ Manage project deadlines, deliverables, planning, budgeting and policy formulation for the team, including short-term resource planning

+ Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior,

+ conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.

**Knowledge and Experience:**

+ Prior experience includes 5 years+ Information Security or Information Technology experience

+ Experience with conducting or actively participating in audits

+ Experience in assessing regulatory requests

+ Versed in Information Security and vulnerability management

+ Knowledge of Scripting and Programming Languages preferred

+ Demonstrated ability to interpret and apply information security policies, standards and procedures

+ Consistently demonstrates clear and concise written and verbal communication

+ Proven influencing and relationship management skills

+ Proven analytical skills


+ Strong work ethic, excellent use of discretion and judgment.

+ Knowledge of Vulnerability Management tools and processes.

+ Knowledge in audit and regulatory processes

+ Knowledge in risk management

+ Strong knowledge of industry standards as they relate to Vulnerability Management.

+ Knowledge of computer hardware and software including understanding of application and patch development and architecture


+ Bachelors/University degree or equivalent experience

Additional information may be found at www.citigroup.com | Twitter: @Citi | YouTube: www.youtube.com/citi | Blog: http://blog.citigroup.com (http://http/blog.citigroup.com) | Facebook: www.facebook.com/citi | LinkedIn: www.linkedin.com/company/citi .


**Job Family Group:**



**Job Family:**



**Time Type:**

Full time


Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review **Accessibility at Citi (https://www.citigroup.com/citi/accessibility/application-accessibility.htm)** .

View the "EEO is the Law (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/eeopost.pdf) " poster. View the EEO is the Law Supplement (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/OFCCP\_EEO\_Supplement\_Final\_JRF\_QA\_508c.pdf) .

View the EEO Policy Statement (http://citi.com/citi/diversity/assets/pdf/eeo\_aa\_policy.pdf) .

View the Pay Transparency Posting (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp\_%20English\_formattedESQA508c.pdf)


Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.


Posted: 2022-05-13 Expires: 2022-06-12

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Vulnerability Threat Management Lifecycle Senior Analyst

Melville, NY 11747

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast