- Permanent, Full time
- Citibank NA
Technology Information Security Officer
Technology Information Security Officer
- Primary Location: Singapore,Singapore,Singapore
- Education: Bachelor's Degree
- Job Function: Technology
- Schedule: Full-time
- Shift: Day Job
- Employee Status: Regular
- Travel Time: No
- Job ID: 18055481
- Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.
- Citi's Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients' and the public's trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.
- Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop are widely available to all.
- The Technical Information Security Officer will work with their peers, application managers, and system development teams to ensure security requirements are met and technology risks are addressed throughout each phase of the software development life cycle and proactively provide solutions to correct exposures or mitigate risk. Working with other security and technology teams they will maintain and interpret security standards, procedures, and guidelines for multiple platforms in diverse and agile environments in designing solutions, recommending enhancements or defining mitigating controls to existing applications and systems used by Citi workers and our customers.
- Ensure the technology compliance with Information security standards for the International agile and waterfall projects.
- Assists the application development units in identifying IS risks and the appropriate controls for development, day-to-day operation, and remediation of non-compliance.
- Interprets and translates the information security requirements of the business IS program into technical requirements;
- Technology Support for all project and application related Information Security needs. Review the results of ethical hacks of inter/intranet applications with the appropriate parties and the report analysis;
- Monitors changes in the risk profile of the highly critical systems their group produces or manages. Provides ad-hoc security advice to Country technology leads
- Supports risk assessments whenever technical expertise is required; Assists Security Incident Response Teams in the investigation of incidents and the training of key staff
- Ability to analyze Information Security Procedures and help implement the same across all of IT and Business; Ability to understand, analyze and apply corporate policy/guidelines and business specific policies; Thorough understanding of industry and corporate technology standards for Information Security; Strong judgment and decision-making skills
- BS/BE degree in Information Security/ Computer Science/Electronics and Engineering /Information Technology
- 5-8 years of experience in Information Security area related to one or more of the areas: Application Security Design and Development, Infrastructure security, Identity Management, Security event management or ethical hacking.
- Good knowledge of web application security areas related to but not limited to private and open APIs, Microservices, Pivotal Cloud Foundry, TIBCO security, OAuth, SAML, Certificate Authentication, REST/SOAP, Java, cryptography, OWASP and regional industry regulations (MAS, HKMA etc.)
- Must be able to apply Risk management principles and balance IS priority
- Self-motivated with the ability to work independently and as a team member with minimal direction