Citi GCG - Technical Information Security Officer (TISO) - VP, Irving, TX in Irving, Texas

  • Primary Location: United States,Texas,Irving

  • Other Location: United States,Florida,Jacksonville

  • Education: Bachelor's Degree

  • Job Function: Technology

  • Schedule: Full-time

  • Shift: Day Job

  • Employee Status: Regular

  • Travel Time: No

  • Job ID: 16063742


About Citi

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.

Citi’s Mission and Value Proposition at explains what we do and Citi Leadership Standards at explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients’ and the public’s trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.

Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop are widely available to all.

The Technical Information Security Officer will work with the system development areas to ensure proper technology risk considerations are addressed at each phase of the system development life cycle and provide proactive solutions to correct exposures or mitigate risk. Interpret security standards, procedures, and guidelines for multiple platforms and diverse environments (e.g. client server, distributed, mainframe, etc.) in designing solutions, recommending enhancements or defining mitigating controls to existing systems. The individual should demonstrate an understanding of application security and will exercise judgment within existing practices and policies.

Other responsibilities include:

  • Assists GISO (Group Information Security Officer) in activities related to all aspects of the Information Security program including technical ISO coordination, interviewing, and selection

  • Assists GISO in Responding to security events by initiating and coordinating emergency actions to protect the business and its customers from an imminent loss of information or value

  • Implement security solutions according to Security Policy and Practices established by Citigroup.

  • Work with IT to develop processes and procedures to ensure information security policies and standards are integrated with the organization’s applications.

  • Defines secure application configurations leveraging technical knowledge and problem solving skills in accordance with the secure SDLC process.

  • Promote awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to IT.

  • Build and maintain relationship with IT to increase IS awareness within the development environments.

  • Interfaces with the business where technical IS solutions are required and advises on the impact to the bottom line while still satisfying business objectives.

  • Establishes and maintains relationships with domain architects, project managers, and others within the technology development unit.

  • Manages risk by analyzing the root cause of issues, impact to technology and required corrective actions leveraging advanced analytical skills.

  • Schedules, hosts, and drives meetings with multiple levels of technology management requiring strong communication, influence, and diplomacy skills to ensure that secure development procedures are addressed.

  • Ability to periodically work across different time zones and areas.


  • BS/BE degree in Information Security/ Computer Science/Electronics and Engineering /Information Technology or equivalent work experience

  • 5+ years of Information Security Risk Management with appropriate certifications (CISSP, CSSLP)

  • Excellent written and verbal communication skills with the ability to effectively communicate with all levels

  • Ability to build and maintain positive working relationships across project and control teams

  • Experience working under minimal supervision from management with a strong commitment to team participation.

  • Strong risk management and risk articulation skills

  • Strong technical aptitude with a specialization in design, implementation and review application information security architectures and processes

  • Strong knowledge in the web application security areas related to but not limited to XML, SOAP, SSL, Java, Firewalls, Load balancers, PKI, OWASP, Network Security, Service management, industry regulations

  • Experience with Threat Modeling techniques

  • Background in application security assurance, application vulnerability assessments, and software security

  • Good project management and analytical skills with the ability to manage multiple priorities within targeted time-frames

  • Leadership skills and ability to work with and influence developers, development managers, project managers, technology peers, and business contacts are required.