External Penetration Testing - Vendor Lead (Vice President)

Whether you’re at the start of your career or looking to discover your next adventure, your story begins here. At Citi, you’ll have the opportunity to expand your skills and make a difference at one of the world’s global banks. We’re committed to supporting your growth and development from the start with extensive on-the-job training and exposure to senior leaders, as well as more traditional learning. You’ll also have the chance to give back and make a positive impact where we live and work through volunteerism.

Working at Citi is far more than just a job. A career with us means joining a family of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

• Be the central liaison between Citi stakeholders and the external penetration testing vendor, acting as a collaborator to ensure smooth execution of the end-to-end engagement.
• Manage the end-to-end process of Vulnerability Disclosure activities that involves onboarding applications, triaging, retesting and identifying lessons learned from the vulnerabilities reported through this channel.
• Knowledge of OWASP Top 10 and SANS Top 25
• Perform yearly quality checks on the vendors to ensure adherence to technical and process quality.
• Act as an application security subject matter expert to assist both Citi stakeholders and third-party vendors during vulnerability risk discussions.
• Focus and drive quality as it relates to the information submitted by the businesses requesting Penetration testing services and ensuring that the provided information is accurate and complete.
• Maintain a high level of operational oversight with all vendors and ongoing penetration testing activities to ensure engagements progress with appropriate attention.
• Demonstrate strong communication skills to effectively communicate expectations and resolve challenges.
• Demonstrate strong technical writing and presentation skills to articulate the penetration testing process end-to-end to any audience.
• Contribute to the review of internal processes and assist in identifying opportunities for improvement and automation.
• Reduce risk by analyzing root causes, impacts, and required corrective actions to existing processes.
• Assess risk when business decisions are made, safeguarding Citi, its clients and assets, and driving compliance with applicable laws, rules and regulations, while escalating, managing and reporting control issues with transparency.

• Minimum of 5 years of relevant experience in Information Security and/or relevant technology role.
• Advanced proficiency with Microsoft Office tools and software.
• Clear and concise written and verbal communication.
• Proven influencing and relationship management skills.
• Proven analytical skills.

• Familiarity or hands-on experience in application security testing.
• Basic understanding of Web/ Mobile / API security and relevant testing tools.
• Relevant certifications are a plus, not a requirement: GPEN, GWAPT, GMOB, GWEB.

• Bachelor’s degree/University degree or equivalent experience.
• Master’s degree preferred.

Be conscientious and consistent in identifying security vulnerabilities and working with the respective engineering teams and stakeholders to provide sound guidance and remediations. Be a team player and a keen learner.

Take the next step in your career by applying for this role at Citi today.