Technical Information Security Officer-TISO / Senior Security Analyst -SSA The Technical Information Security Officer will work with the system development areas to ensure proper technology risk considerations are addressed at each phase of the system development life cycle and provide proactive solutions to correct exposures or mitigate risk.
Interpret security standards, procedures, and guidelines for multiple platforms and diverse environments (e.g. client server, distributed, mainframe, etc.
in designing solutions, recommending enhancements or defining mitigating controls to existing systems.
The individual should demonstrate an understanding of application security and will exercise judgment within existing practices and policies
Perform information security risk assessment on new applications and changes to applications
Reports IS gaps to IT as applicable with appropriate recommendations
Create corrective action plans for non-compliant issues working with application development team
Recommend security solutions according to Security Policy and Practices established by Citigroup
Promote awareness of current policies and standards, as well as revisions and developments
Provide consistent interpretation of policy to IT
Establish and maintain relationships with domain architects, project managers, and others within the technology development unit
5-10 years of Information security knowledge of information security, IT Risks and controls assessment
Application security risk assessment experience is desirable
Good understanding of the Information control areas including authentication, authorization, access control, auditing, cryptography for applications
Knowledge of OWASP Guidelines for application
Knowledge of software development processes, integration of security assessments in SDLC process, secure coding is desirable
Experience with vulnerability assessment and related risk assessment tools and / or application development experience is a plus
Proficient in MS Office products, particularly PowerPoint and Excel
Exhibit strong influencing / negotiation skills as well as written / verbal communication skills
Professional certifications, such as CISSP and CSSLP, or willingness to obtain certification within 12-18 months of start date