• Governance of Application System Testing standards and policies - review the standards and make enhancements based on application assets

• Identify compliance objectives and map program deliverables to the requirements

• Document scope of assets to be included in the system security testing standard for vulnerability assessments

• Collaborate with business and enterprise architecture team to implement changes required to identify assets for vulnerability assessments scoping

• Document business requirements related to system enhancements and submit for reviews and approvals

• Map out process flows for controls in systems and review for improvements to make controls more effective

• Monitor vulnerability assessment exemption and exception requests and process based on documented system testing standards and policies

• Collect information for generating and communicating responses for internal audit questions and deliverables promptly

• Design and implement a solution for performance measurements on effectiveness of controls and overall vulnerability assessment program

• Analyze trends on assets security health posture and report using visualization tools for program review with management and stakeholders

• Provide timely, accurate, and actionable reporting on application vulnerability activity, trends, service levels, and areas of concern to senior management

• Document and standardize business rules for accurate compliance measurements and tracking metrics based on application security testing standard

• Work with the Metrics reporting team to enhance and refine the metrics and key performance indicators reported to senior management and external regulatory agencies

• Develop User acceptance test plans for testing changes to system enhancements that impact governance and compliance

• Serve as a Program SME and drive open issues to a closure with appropriate resolution

• Update power point presentations monthly and quarterly for application security program reviews

• Train and mentor team members as needed

• Weekly and Monthly Status reporting for the program

• 3 years of experience in information security or related technology experience 

• Experience working in an information security team defining, revising and implementing corporate information security policies

• Experience analyzing security assessments and creating metrics visualizations for analytics

• Experience reviewing application security testing results from various testing tools

• Project Management experience a plus

• Experience with governance and implementation of security policies, standards, procedures, programs, plans and processes

• Experience coordinating initiatives related to process control design and testing

• Professional Certifications in Information Security domain a plus

• Demonstrate an aptitude to develop and implement application security strategies and plans based on Citi standards

• Familiarity with security standards such as OWASP, NIST, PCI DSS, etc.

• Consistently demonstrates clear and concise written and verbal communication

• Proven analytical, influencing and relationship management skills

• Bachelor’s degree or equivalent experience 

• Freedom to succeed in a dynamic environment: creative and innovative ideas are encouraged and recognized
• A positive and inclusive work environment in which diversity and cross-regional work-streams are key components
• An environment conducive to developing supervisory/leadership/presentation skills and build a professional network across the organization globally
• Hybrid (office / home office) presence