TISO Senior Security Analyst AVP Job ID 20163608 Primary Location Chennai, India; Job Category Corporate Services Save Job Technical Information Security Officer-TISO / Senior Security Analyst -SSA The individual will work with the system development areas to ensure proper technology risk considerations are addressed at each phase of the system development life cycle and provide proactive solutions to correct exposures or mitigate risk.
Interpret security standards, procedures, and guidelines for multiple platforms and diverse environments (e.g. client server, distributed, mainframe, etc.
in designing solutions, recommending enhancements or defining mitigating controls to existing systems. The individual should demonstrate an understanding of application security and will exercise judgment within existing practices and policies.
Perform information security risk assessments on business applications throughout development lifecycle for SDLC / Agile / Iterative lifecycles Report Information security issues to IT with appropriate recommendations to mitigate and / or remediate the risk as well as assist IT with corrective action plans Provide subject matter expertise in application development lifecycle to assess security requirements and controls and ensure that security controls are implemented as planned.
Promote awareness of current information security policies and standards Also as program manager, manage information security assessments operation to meet Citi KPI / KRIs Drive improvement to information security assessment process Interface with Internal auditor and / or provide support during audits Establish and maintain relationships with domain architects, project managers, and others within the technology development unit.
Job Skills 7 years of Information Security assessment experience in areas of Application Security and IT Information Security.
Good understanding of Information security control areas such as Authentication / Authorization / Access Control, Entitlement, Cryptography for applications (including web applications, mobile technology, cloud) is required Good knowledge of application vulnerability management is required Knowledge of software development processes (SLDC / Agile / Iterative) and integration of security assessments in SDLC process is required IS / IT program / project management Development experience is a plus Exhibit strong influencing / negotiation skills, attention to details are key, ability to multi task and written / verbal communication skills.
Strong problem solving / analytical skills Proficient in MS Office products, particularly PowerPoint & Excel. Professional certifications, such as CISSP and CSSLP, or willingness to obtain certification within 12-18 months of start date.
Education Level Bachelor's Degree