SVP - Application Security Tech Lead (Hiring Immediately)
The position is a cross-functional role responsible for various Application Security program initiatives. It reports directly to the Application Security Program Director. The successful candidate should understand modern software development trends, engineering-led security practices, and stay updated on the evolving cybersecurity landscape.
The candidate will liaise with internal teams and regional partners to ensure program deliverables are met. Success requires an innovative mindset, a track record of delivering security solutions, integrating application security into DevOps pipelines, automating security as code, and enabling threat detection and response. The individual will work closely with the SDLC program to define application security testing standards and policies, including testing services and methodologies, both tool-based and manual, in the early SSDLC lifecycle. The focus is on testing within development organizations aiming for continuous deployment with automated security tooling such as SAST, DAST, SCA, ASPM, Secrets Scanning, etc. The role also involves mentoring team members, setting direction, and leading service execution hands-on.
- Establish and manage multiple security programs supporting the bank's security testing requirements.
- Build and maintain strong relationships with development teams, product delivery, project management, third-party vendors, enterprise architecture, and audit teams.
- Participate in security and technology strategic planning, incorporating risk governance into the enterprise strategy.
- Collaborate with business sectors to recommend enhancements to development processes and security testing.
- Assess risks and provide security advice during business decision-making.
- Oversee Program Projects and Initiatives, making strategic recommendations on standards and policies.
- Experience or deep knowledge in software security activities such as Threat Modeling, Application Risk Assessment, Vulnerability Assessments, Governance, Metrics, and Training.
- Bachelor's Degree with 4-6 years' experience in web application development or code review.
- Experience as a technical lead or manager.
- Knowledge of cloud computing and DevOps tools (OpenShift, Kubernetes, Docker, Chef, etc.).
- Experience with cloud platforms (AWS, Google Cloud, Azure) and cloud security.
- Understanding of vulnerabilities in security, web, and infrastructure.
- Experience with source code management and deployment tools like Jenkins, Maven, GitHub, etc.
- Ability to conduct vulnerability assessments and communicate security issues effectively.
- Knowledge of security tools such as Snyk, Checkmarx, Fortify, etc., is a plus.
- Excellent communication skills for diverse audiences.
- Familiarity with security standards (FFIEC, NIST, ISO).
- Professional certifications like GIAC, CISA, CISSP, etc., are desirable.
- Bachelor's degree or equivalent; Master's preferred.
- Job Family Group: Technology
- Job Family: Information Security
- Time Type: Full-time
Citi is an equal opportunity employer. Qualified candidates will be considered regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or other protected characteristics. Reasonable accommodations are available for persons with disabilities. For more information, see Citi's EEO Policy and the 'Know Your Rights' poster.
#J-18808-Ljbffr- Company
- Citigroup, Inc
- Location
- London, UK
- Employment Type
- Full-time
- Posted
- Company
- Citigroup, Inc
- Location
- London, UK
- Employment Type
- Full-time
- Posted