OverviewEngineer the future of global finance. At Citi, our Tech team helps redefine finance. Every day, $5 trillion crosses our network across 180+ countries. Join a team where your work can influence economies, drive innovation, and where growth is supported by mentorship, continuous learning, and flexible work opportunities.ResponsibilitiesEstablish and manage multiple security programs that support the security testing requirements at the bankForge and maintain strong working relationships with development functions/teams, product delivery teams, project management, third-party management, enterprise architecture, audit teams, and related groupsParticipate in security and technology strategic planning to ensure risk governance is incorporated into the CISO enterprise strategyIn partnership with business sectors, run delegate action groups to provide recommendations to strengthen development processes and security testingAppropriately assess risk and provide software security advice when business decisions are madeInterface with the Application Security Program Team to oversee program projects and initiatives and make strategic recommendations to senior management on standards and policy changesQualificationsExperience or deep knowledge of key software security activities such as Threat Modeling, Application Risk Assessment, Vulnerability Assessments, Governance and Metrics, Training, etc.Bachelor’s Degree with 4–6 years of experience in web application development or application code reviewExperience as a technical lead or managerKnowledge of cloud computing concepts and DevOps tools (OpenShift, Kubernetes, Docker, Chef, etc.)Experience with cloud platforms (AWS, Google Cloud, Azure) and security in the cloudUnderstanding of security, web-based and infrastructure vulnerabilitiesExperience with source code management and build/deployment tools (e.g., Jenkins, GitHub, Maven, Artifactory, etc.)Experience conducting vulnerability assessments and communicating security issues to technical and non-technical audiencesKnowledge of security tooling such as Snyk, Checkmarx, CDXGen, Dependency Track, Fortify, GitHub Advanced Security, Sonatype or Black Duck is a plusAbility to communicate clearly with all levels of staff and managementUnderstanding of recognized security standards and leading practices (e.g., FFIEC, NIST, C2M2, ISO)Relevant professional certifications such as GIAC, CISA, CISM, CRISC, CISSP or equivalent are desirableEducationBachelor’s degree or equivalent experienceMaster’s degree preferredWhat We’ll Provide YouBy joining Citi London, you will be part of a business-casual workplace with a hybrid working model (up to 2 days per week at home). You’ll also receive a competitive base salary (annually reviewed) and a range of benefits including:27 days annual leave (plus bank holidays)Discretionary annual performance bonusPrivate Medical Care & Life InsuranceEmployee Assistance ProgramPension PlanPaid Parental LeaveSpecial discounts for employees, family, and friendsAccess to learning and development resourcesVisit our Global Benefits page to learn more.Equal OpportunityCiti is an equal opportunity employer, and qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our tools or apply, accessibility information is available. View Citi’s EEO Policy Statement and the Know Your Rights poster. #J-18808-Ljbffr