Citi Vulnerability Lifecycle Management Chief of Staff in Budapest, Hungary
Primary Location: Hungary,Budapest,Budapest
Education: Bachelor's Degree
Job Function: Security
Shift: Day Job
Employee Status: Regular
Travel Time: Yes, 10 % of the Time
Job ID: 16068836
The Vulnerability Lifecycle Management Chief of Staff will play a lead role in helping to drive a reduction in risk from vulnerabilities throughout Citi’s entire global infrastructure.
This key position reports to the Head of Security State Management for Enterprise Infrastructure Risk Management.
The successful candidate will have responsibility for developing the governance structure for vulnerability lifecycle management within the Citi Infrastructure Technology Information Security (IT IS) team. This position is a key business enabler to drive IS project efficiency, productivity and consistency across IT IS so that customers can benefit from the value-added services provided by IT IS team.
•Provide and demonstrate strong leadership, and organizational abilities applied across a large team with diverse skills.
•Help to formulate vulnerability lifecycle management frameworks and working structures for initiatives associated with infrastructure technology and solution delivery teams.
•Identify, develop and coach key leaders within the vulnerability lifecycle team.
•Develop horizontal view of risk posture across multiple technology domains.
•Execute Information Security strategy to proactively identify risk and drive remediation
•Act as point of contact for managing and delivering various vulnerability and remediation reports
•Implement security improvements by assessing baseline, evaluating trends, and anticipating requirements.
•Demonstrate ability to identify project stakeholders, plan, and manage stakeholder engagement.
•Coordinate and manage all activities within the vulnerability lifecycle management process.
•Regularly communicate the progress of initiatives in writing and/or in presentation to senior leadership.
•Work with various risk and information security teams in presenting vulnerability management status and updates to technology subject matter experts and management.
•Contribute to, interpret and disseminate IS policy, standards and awareness throughout the business units.
•Additional ad-hoc IS & Risk related initiatives and projects
• Complete additionally any other tasks in connection with the role but not detailed in the current job description, charged by the direct manager, supervisor, or the functional head.
• The candidate will be exposed to senior management of all technical functions in all regions throughout the globe for Citi and will be expected to provide regular reports, analysis and forecasts on those reports.
• The candidate will learn about all the major products used by Citi and will be expected to become familiar with all main hardware and software products in use throughout the franchise.
• At this level, the candidate can expect to learn how to communicate and interact with management at all levels but will also be expected to provide vulnerability management as a service to all functions and will be given training as deemed necessary by the Head of Security State Management.
• Opportunity to work with a global team
• Opportunity to participate in mentoring and coaching
• Exposure to corporate & Information Security strategic initiatives
Knowledge and Experience:
• Knowledge of vulnerability lifecycle management
• Knowledge of project and program management and Information Security governance framework, security assessment methodology and risk management processes.
• Strong knowledge of industry standards as they relate to information security management.
• Fluent in written and spoken English (all forms of communication).
• Must be proficient with Microsoft Office Suite and MS SQL Server.
• Previous technical experience in UNIX, Windows, web-hosting, databases desirable.
• BA/BS preferred
• 3+ years working in Information Technology or Information Security related field.
• Professional experience in a large corporation, preferably in a business office or similar capacity
• Technical proficiencies in MS Word, and PowerPoint required
• Internal Citi experience a nice to have.
• Strong working knowledge of Vulnerability Lifecycle Management
The successful candidate must be able to show/demonstrate:
• Initiative – the candidate must be able to show where they were proactive, identified an issue or a chance to improve and used his/her initiative to seize the opportunity to fix that issue or make that improvement and describe how they accomplished that including what pragmatic solution they arrived at, how they delivered impact analysis and kept key stakeholders informed in a timely manner until the matter was resolved.
• Leadership – the candidate must be able to give examples of how they managed a team of people to accomplish a task and how they manage change/morale/challenging situations within the team. The candidate should also be able to demonstrate how they would build relationships and networks with senior technical management around the globe and how they would maintain and manage those relationships both with the Head of Security State Management, the Global Head of Infrastructure Security, Audit, regulators and other key stakeholders.
• Organization – the candidate must be organized, well-prepared and detail oriented. They must be able to demonstrate their ability to track progress with multiple simultaneous tasks both for themselves and their team.
• Teamwork – the candidate must be able to demonstrate what techniques were used to build trust between their team and themselves and how they built trust between the team members. How did they get the team to contribute as a team rather than a group of individuals? How was the team performance measured and reported? How did the candidate ensure that all members of their team received the appropriate training?
• Adaptability – the candidate should give examples of how they have had to be flexible under pressure and how they had to change the way they approached a problem using innovative out-of-the-box thinking but still accomplished the objective in sight.