Vice President, ISO Cybersecurity Cloud SME

Citi
Full_time$114k-171k/year (USD)Jacksonville, United States

📍 Job Overview

  • Job Title: Vice President, ISO Cybersecurity Cloud SME
  • Company: Citi
  • Location: Jacksonville, Florida, United States
  • Job Type: On-site, Full-time
  • Category: Information Security
  • Date Posted: June 24, 2025

🚀 Role Summary

The ISO - Cybersecurity Cloud SME is a highly technical Information Security Officer position that works with multiple technology development areas to ensure proper technology risk considerations are addressed at each phase of the systems/software development life cycle. This role requires a strong understanding of application and infrastructure security to effectively exercise judgment in alignment to existing practices and policies. Excellent enterprise communication skills are critical to the ISO - Cybersecurity cloud SME's success in effectively negotiating internally, often at a senior level. This role necessitates a degree of responsibility over technical strategy.

💻 Primary Responsibilities

  • Perform Information Security (IS) Risk Assessment on new applications and changes to existing applications
  • Report IS gaps to Technology teams as applicable with appropriate recommendations
  • Interpret and communicate security standards, procedures, and guidelines for multiple platforms and diverse environments around designing solutions, recommending enhancements, or defining mitigating controls to existing systems
  • Create corrective action plans (CAPs) for non-compliant issues working with application development team
  • Recommend security solutions according to Security Policy and Practices established by Citigroup
  • Consult on AI, Cloud, and Mobile initiatives
  • Promote awareness of current policies and standards including revisions and developments to provide consistent interpretation of policy to IT
  • Establish and maintain relationships with domain architects, project managers, and others within the technology development unit
  • Support and facilitate Threat Modeling assessments as needed

🎓 Skills & Qualifications

Education:

  • Bachelor's degree in information security, Computer Science, Electrical/Mechanical Engineering, Information Technology/other related field or equivalent experience required
  • Professional certifications (e.g., CISSP, CSSLP, etc.) are a plus or must be willing to obtain certification within 12-18 months of the start date

Experience:

  • 5+ years of experience working in Information Security, Technology Risk, IT Risk and Controls with 3+ years of experience working with Cybersecurity teams or products
  • Strong understanding of software development processes, integration of security assessments in SDLC process, secure coding is required
  • Knowledge of Threat Modeling, OWASP Guidelines and other related cybersecurity processes
  • Experience in Application Security risk assessments is highly preferred
  • Strong understanding of the Information control areas including Authentication, Authorization, Access Control, auditing, cryptography for applications is highly preferred
  • Experience with vulnerability assessment and related risk assessment tools and/or application development experience is a plus
  • Proficient in MS Office products, particularly PowerPoint and Excel
  • Excellent influencing and negotiation skills via excellent written and verbal communication skills
  • Ability to engage in deep technical discussions with other Engineering groups, while translating the same concepts and issues at an elevated level to senior leadership and less-technical stakeholders
  • Ability to execute technical responsibilities including Design, Architecture reviews, Code/Configuration reviews and vulnerability assessment independently or in collaboration with technical teams
  • Demonstrated excellence in analytical, presentation, and communication skills, as well as influencing broad technical discussions and decisions, across all levels

Required Skills:

  • Information Security
  • Technology Risk
  • Cybersecurity
  • Application Security
  • Risk Assessment
  • Threat Modeling
  • Secure Coding
  • Communication Skills
  • Analytical Skills
  • Negotiation Skills
  • Vulnerability Assessment
  • Cloud Security
  • AI Security
  • Mobile Security
  • Software Development
  • Compliance

Preferred Skills:

  • Professional certifications (e.g., CISSP, CSSLP, etc.)

📊 Web Portfolio & Project Requirements

Portfolio Essentials:

  • Demonstrate a strong understanding of application and infrastructure security principles
  • Showcase experience in performing Information Security Risk Assessments and creating corrective action plans
  • Highlight proficiency in secure coding practices and knowledge of software development processes
  • Display familiarity with Threat Modeling, OWASP Guidelines, and other related cybersecurity processes

Technical Documentation:

  • Provide examples of technical documentation, including code quality, commenting, and documentation standards
  • Demonstrate experience with version control, deployment processes, and server configuration
  • Showcase knowledge of testing methodologies, performance metrics, and optimization techniques

💵 Compensation & Benefits

Salary Range:

  • $113,840 - $170,760 per year

Benefits:

  • Medical, Dental & Vision Coverage
  • 401(k)
  • Life, Accident, and Disability Insurance
  • Wellness Programs
  • Paid Time Off

Working Hours:

  • 40 hours per week

🎯 Team & Company Context

🏢 Company Culture

Industry:

  • Financial Services

Company Size:

  • Large (200,000+ employees)

Founded:

  • 1812

Team Structure:

  • The ISO - Cybersecurity Cloud SME role works closely with multiple technology development areas, domain architects, project managers, and other IT teams
  • The role reports directly to the Chief Information Security Officer (CISO) or a similar senior-level position

Development Methodology:

  • Agile/Scrum methodologies and sprint planning for technology projects
  • Code review, testing, and quality assurance practices
  • Deployment strategies, CI/CD pipelines, and server management

Company Website:

📈 Career & Growth Analysis

Web Technology Career Level:

  • Senior-level Information Security role with a focus on cloud and application security

Reporting Structure:

  • Reports directly to the Chief Information Security Officer (CISO) or a similar senior-level position

Technical Impact:

  • The ISO - Cybersecurity Cloud SME has a significant impact on technology risk considerations, security assessments, and the development life cycle of applications and systems within the organization

Growth Opportunities:

  • Opportunities for career progression within the Information Security team or related roles
  • Potential for technical leadership positions as the team and organization grow

🌐 Work Environment

Office Type:

  • On-site, full-time position in Jacksonville, Florida, United States

Office Location(s):

  • Jacksonville, Florida, United States

Workspace Context:

  • The ISO - Cybersecurity Cloud SME works in a collaborative environment with multiple technology development areas and IT teams
  • Access to necessary tools, resources, and technologies to perform job duties effectively

Work Schedule:

  • 40 hours per week, with the possibility of flexible hours for deployment windows, maintenance, and project deadlines

📄 Application & Technical Interview Process

Interview Process:

  • The interview process may include technical assessments, case studies, and behavioral interviews to evaluate the candidate's skills and cultural fit

Portfolio Review Tips:

  • Highlight relevant projects and case studies demonstrating experience in Information Security, Risk Assessment, and secure coding practices
  • Showcase proficiency in application and infrastructure security principles and familiarity with Threat Modeling and OWASP Guidelines

Technical Challenge Preparation:

  • Brush up on Information Security principles, Risk Assessment methodologies, and secure coding practices
  • Prepare for technical discussions on software development processes, application security, and cloud security

ATS Keywords:

  • Information Security, Technology Risk, Cybersecurity, Application Security, Risk Assessment, Threat Modeling, Secure Coding, Communication Skills, Analytical Skills, Negotiation Skills, Vulnerability Assessment, Cloud Security, AI Security, Mobile Security, Software Development, Compliance

🛠 Technology Stack & Web Infrastructure

Frontend Technologies:

  • Not applicable for this role

Backend & Server Technologies:

  • Experience with various server technologies, including mainframe, distributed, and client-server environments
  • Familiarity with cloud security principles and best practices

Development & DevOps Tools:

  • Proficient in MS Office products, particularly PowerPoint and Excel
  • Experience with version control, deployment processes, and server configuration
  • Familiarity with testing methodologies, performance metrics, and optimization techniques

👥 Team Culture & Values

Web Development Values:

  • Not applicable for this role

Collaboration Style:

  • The ISO - Cybersecurity Cloud SME works closely with multiple technology development areas, domain architects, project managers, and other IT teams to ensure proper technology risk considerations are addressed throughout the development life cycle
  • The role necessitates strong influencing and negotiation skills to effectively communicate with senior leadership and less-technical stakeholders

⚡ Challenges & Growth Opportunities

Technical Challenges:

  • Staying up-to-date with emerging threats, security trends, and best practices in cloud and application security
  • Balancing the need for security with the demands of rapid development and innovation
  • Managing risk and compliance in a large, complex organization with multiple technology development areas

Learning & Development Opportunities:

  • Opportunities for professional development and certification in Information Security and related fields
  • Potential for technical leadership roles and architecture decision-making as the team and organization grow

💡 Interview Preparation

Technical Questions:

  • Questions related to Information Security principles, Risk Assessment methodologies, and secure coding practices
  • Technical discussions on software development processes, application security, and cloud security

Company & Culture Questions:

  • Questions about the company's Information Security culture, policies, and standards
  • Inquiries regarding the role's fit within the organization and the team's goals and objectives

Portfolio Presentation Strategy:

  • Highlight relevant projects and case studies demonstrating experience in Information Security, Risk Assessment, and secure coding practices
  • Showcase proficiency in application and infrastructure security principles and familiarity with Threat Modeling and OWASP Guidelines

📌 Application Steps

To apply for this Information Security role:

  • Submit your application through the application link provided
  • Tailor your resume to highlight relevant Information Security experience, skills, and certifications
  • Prepare a portfolio showcasing your experience in Information Security, Risk Assessment, and secure coding practices
  • Research the company's Information Security culture, policies, and standards to demonstrate a strong understanding of the role and organization

Application Requirements

Candidates should have over 5 years of experience in Information Security and a strong understanding of cybersecurity frameworks and software development processes. Familiarity with application security risk assessments and excellent communication skills are essential for success in this role.