Senior Security Architect role focusing on the application security domain.  The role will entail development of detailed architectures, patterns and strategies for the application security space for both on premise and public cloud environments, including proof of concept functionality to demonstrate the approach, in partnership with CISO engineering.  Architectural solutions include dynamic application security testing, vulnerability assessment, and malicious code detection, as minimum core capabilities.  The successful candidate will be adept at creating secure architectures and design patterns.  Strong engineering experience is also essential to ensure that architectures can be successfully implemented while factoring in ease of integration, operational overhead and user experience. This role reports to the head of security architecture in the CISO office.

Responsibilities:

• Use industry standard security architecture frameworks to ensure security controls are well integrated and meet the quality attributes of confidentiality, integrity and availability. Ensure the information security architecture is tightly aligned to Citi’s business needs and technology strategies
• As member of the Security Architecture Council, establish coherent and consistent architectural governance and improve the transparency and quality of architecture & design activities
• Support Citi’s adoption of cloud continuum and holistic digital transformation. Codify Standards and Controls
• Help represent Information Security in Citi’s overall Enterprise Architecture Council

Qualifications:

• 15+ years experience as an information security architect and engineer in a global enterprise with 5+ years leading the practice; Experience with at least one of the industry standard security architecture frameworks, e.g. SABSA, NIST, etc; Solid experience in technology and security risk management; Solid understanding of security protocols, cryptography, authentication, authorization, and security controls.
• Demonstrated engineering leadership and industry recognition, e.g. Distinguished Engineer
• Ability to collaborate with both technical and business aligned personnel; Excellent written and verbal communications skills as well as business acumen
• Strong experience in key management in classic architectures as well as cloud technologies
• Understanding of post-quantum cryptographic agility
• Asymmetric & Symmetric cryptography technologies, tokenization, data redaction and DLP technologies
• Cloud experience a must, preferably with multiple cloud providers
• Strong development background including delivery of secure software
• Experience setting up secure build pipelines, CI/CD and familiarity with modern secure development practices
• Experience in HSM’s, secure enclaves, secure vault technologies, confidential computing a plus

Education:

• Bachelor’s/University degree or equivalent experience, potentially Masters degree and managerial experience

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.