Vice President, ISO Cybersecurity Cloud SME

Citi
Full_time$114k-171k/year (USD)Jacksonville, United States

📍 Job Overview

  • Job Title: Vice President, ISO Cybersecurity Cloud SME
  • Company: Citi
  • Location: Jacksonville, Florida, United States
  • Job Type: On-site
  • Category: Cybersecurity & Information Security
  • Date Posted: June 24, 2025
  • Experience Level: 5-10 years
  • Remote Status: On-site

🚀 Role Summary

  • Serve as a highly technical Information Security (IS) Officer, working with multiple technology development areas to ensure proper risk considerations throughout the systems/software development life cycle.
  • Provide proactive solutions to correct exposures and mitigate risk, while exercising judgment in alignment to existing practices and policies.
  • Demonstrate excellent communication skills to effectively negotiate internally and influence senior-level colleagues and external customers.

📝 Enhancement Note: This role requires a strong technical background in cybersecurity and application security, with the ability to translate complex technical concepts into understandable terms for non-technical stakeholders.

💻 Primary Responsibilities

  • Risk Assessment: Perform IS risk assessments on new applications and changes to existing applications, and report gaps with appropriate recommendations.
  • Security Standards: Interpret and communicate security standards, procedures, and guidelines for multiple platforms and diverse environments, recommending enhancements or defining mitigating controls for existing systems.
  • Corrective Action Plans: Create corrective action plans (CAPs) for non-compliant issues, working with application development teams to address and resolve security gaps.
  • Security Solutions: Recommend security solutions according to Security Policy and Practices established by Citigroup, and consult on AI, Cloud, and Mobile initiatives.
  • Policy Awareness: Promote awareness of current policies and standards, including revisions and developments, to provide consistent interpretation of policy to IT.
  • Relationship Building: Establish and maintain relationships with domain architects, project managers, and other technology development unit members to ensure security is integrated into the development process.
  • Threat Modeling: Support and facilitate Threat Modeling assessments as needed to identify and mitigate potential security threats.

📝 Enhancement Note: This role requires a deep understanding of software development processes, integration of security assessments in the SDLC process, and secure coding practices to effectively perform risk assessments and recommend security solutions.

🎓 Skills & Qualifications

Education:

  • Bachelor's degree in Information Security, Computer Science, Electrical/Mechanical Engineering, Information Technology, or a related field.
  • Professional certifications (e.g., CISSP, CSSLP) are a plus or must be obtained within 12-18 months of the start date.

Experience:

  • 5+ years of experience working in Information Security, Technology Risk, or IT Risk and Controls, with 3+ years of experience working with Cybersecurity teams or products.
  • Strong understanding of software development processes, integration of security assessments in the SDLC process, and secure coding practices.
  • Knowledge of Threat Modeling, OWASP Guidelines, and other related cybersecurity processes.
  • Experience in Application Security risk assessments is highly preferred.
  • Familiarity with cybersecurity frameworks (e.g., NIST, ISO/IEC 27001, SOC2) is required.

Required Skills:

  • Proficiency in MS Office products, particularly PowerPoint and Excel.
  • Excellent written and verbal communication skills, with the ability to engage in deep technical discussions and translate complex concepts to senior leadership and less-technical stakeholders.
  • Strong influencing and negotiation skills, with the ability to execute technical responsibilities independently or in collaboration with technical teams.

Preferred Skills:

  • Experience with vulnerability assessment and related risk assessment tools.
  • Experience with application development or infrastructure security.

📊 Web Portfolio & Project Requirements

Portfolio Essentials:

  • A comprehensive portfolio demonstrating experience in Information Security, Technology Risk, and Cybersecurity.
  • Examples of risk assessments, security recommendations, and corrective action plans.
  • Case studies showcasing successful security implementations and risk mitigation strategies.

Technical Documentation:

  • Detailed documentation of security processes, standards, and guidelines.
  • Examples of threat modeling assessments and security architecture reviews.
  • Records of security training and certifications.

📝 Enhancement Note: While a web portfolio is not explicitly required for this role, a well-crafted portfolio demonstrating relevant experience and expertise can strengthen an application and provide valuable insights into the candidate's problem-solving and communication skills.

💵 Compensation & Benefits

Salary Range:

  • $113,840.00 - $170,760.00 per year (Jacksonville, Florida, United States)

Benefits:

  • Medical, dental, and vision coverage.
  • 401(k) plan.
  • Life, accident, and disability insurance.
  • Wellness programs.
  • Paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays.

Working Hours:

  • Full-time, 40 hours per week.

📝 Enhancement Note: The salary range provided is based on market research for the Jacksonville, Florida, United States area and is subject to change based on the candidate's experience and qualifications.

🎯 Team & Company Context

Company Culture:

  • Industry: Financial Services.
  • Company Size: Large (over 250,000 employees).
  • Founded: 1812.

Team Structure:

  • The Information Security team works closely with multiple technology development areas to ensure proper risk considerations throughout the systems/software development life cycle.
  • The team collaborates with domain architects, project managers, and other technology development unit members to integrate security into the development process.

Development Methodology:

  • Agile/Scrum methodologies for software development, with sprint planning, code review, testing, and quality assurance practices.
  • Deployment strategies, CI/CD pipelines, and server management processes are in place to ensure secure and efficient deployment of applications.

Company Website: Citi

📝 Enhancement Note: Citi is a global financial services company with a strong commitment to technology and innovation. The company values diversity, inclusion, and collaboration, fostering an environment where employees can grow and succeed.

📈 Career & Growth Analysis

Web Technology Career Level:

  • This role is a senior-level position, requiring a high degree of technical expertise and experience in Information Security, Technology Risk, and Cybersecurity.

Reporting Structure:

  • The Vice President, ISO Cybersecurity Cloud SME reports directly to the Chief Information Security Officer (CISO) or another senior-level Information Security leader.

Technical Impact:

  • This role has a significant impact on the security of Citi's technology infrastructure and applications, working closely with multiple technology development areas to ensure proper risk considerations throughout the systems/software development life cycle.

Growth Opportunities:

  • Technical Growth: Stay up-to-date with emerging cybersecurity trends and technologies, and contribute to the development of security best practices and standards within the organization.
  • Leadership Development: Develop leadership skills by mentoring junior team members, leading projects, and driving strategic initiatives to improve the security posture of the organization.
  • Architecture Decisions: Participate in architecture decision-making processes, providing technical expertise and guidance to ensure security is integrated into the design and implementation of Citi's technology infrastructure.

📝 Enhancement Note: Citi offers numerous opportunities for career growth and development, with a strong focus on fostering a culture of continuous learning and innovation.

🌐 Work Environment

Office Type:

  • On-site, with a collaborative and dynamic work environment.

Office Location(s):

  • 14000 Citi Cards Way, Building A, Jacksonville, Florida, United States.

Workspace Context:

  • The workspace is designed to facilitate collaboration and communication, with multiple monitors, testing devices, and development tools available to support the team's work.
  • The team interacts regularly with domain architects, project managers, and other technology development unit members to ensure security is integrated into the development process.

Work Schedule:

  • Full-time, 40 hours per week, with flexible deployment windows, maintenance, and project deadlines as needed.

📝 Enhancement Note: Citi fosters a flexible and collaborative work environment, with a strong focus on supporting the needs of its employees and providing them with the tools and resources they need to succeed.

📄 Application & Technical Interview Process

Interview Process:

  • Technical Assessment: Demonstrate a strong understanding of Information Security, Technology Risk, and Cybersecurity principles, with a focus on application security and risk assessment.
  • Behavioral Interview: Showcase excellent communication, influencing, and negotiation skills, with the ability to engage in deep technical discussions and translate complex concepts to senior leadership and less-technical stakeholders.
  • Final Evaluation: Demonstrate the ability to execute technical responsibilities independently or in collaboration with technical teams, with a strong focus on problem-solving, critical thinking, and attention to detail.

Portfolio Review Tips:

  • Highlight relevant risk assessments, security recommendations, and corrective action plans from your portfolio.
  • Showcase your ability to communicate complex technical concepts effectively and persuasively.
  • Demonstrate your understanding of Citi's security policies, practices, and standards, and provide examples of how you have applied them in previous roles.

Technical Challenge Preparation:

  • Brush up on your knowledge of Information Security, Technology Risk, and Cybersecurity principles, with a focus on application security and risk assessment.
  • Familiarize yourself with Citi's security policies, practices, and standards, and be prepared to discuss how you would apply them in a real-world scenario.
  • Practice communicating complex technical concepts effectively and persuasively, with a focus on problem-solving and critical thinking.

📝 Enhancement Note: The interview process for this role is designed to assess the candidate's technical expertise, communication skills, and problem-solving abilities, with a strong focus on their ability to execute technical responsibilities independently or in collaboration with technical teams.

🛠 Technology Stack & Web Infrastructure

Security Frameworks & Standards:

  • NIST, ISO/IEC 27001, SOC2, and other relevant cybersecurity frameworks.
  • Citi's internal security policies, practices, and standards.

Risk Assessment Tools:

  • Vulnerability assessment and related risk assessment tools.
  • Application development experience is a plus.

Collaboration & Communication Tools:

  • MS Office products, particularly PowerPoint and Excel.
  • Other collaboration and communication tools as needed to support the team's work.

📝 Enhancement Note: The technology stack for this role is focused on Information Security, Technology Risk, and Cybersecurity, with a strong emphasis on application security and risk assessment.

👥 Team Culture & Values

Information Security Values:

  • Proactive: Anticipate and address potential security threats and vulnerabilities before they become significant issues.
  • Collaborative: Work closely with multiple technology development areas to ensure proper risk considerations throughout the systems/software development life cycle.
  • Adaptable: Stay up-to-date with emerging cybersecurity trends and technologies, and adapt security practices and standards to meet the evolving needs of the organization.
  • Innovative: Contribute to the development of security best practices and standards within the organization, driving strategic initiatives to improve the security posture of Citi's technology infrastructure.

Collaboration Style:

  • Cross-functional: Work closely with domain architects, project managers, and other technology development unit members to ensure security is integrated into the development process.
  • Code Review: Participate in code reviews and other collaborative development practices to ensure security is integrated into the development process.
  • Knowledge Sharing: Share your expertise and insights with junior team members, mentoring them and fostering a culture of continuous learning and innovation.

📝 Enhancement Note: Citi fosters a collaborative and innovative work environment, with a strong focus on supporting the needs of its employees and providing them with the tools and resources they need to succeed.

⚡ Challenges & Growth Opportunities

Technical Challenges:

  • Emerging Technologies: Stay up-to-date with emerging cybersecurity trends and technologies, and adapt security practices and standards to meet the evolving needs of the organization.
  • Complex Environments: Work with multiple technology development areas to ensure proper risk considerations throughout the systems/software development life cycle, in complex and diverse environments.
  • Legacy Systems: Address security challenges in legacy systems, recommending enhancements or defining mitigating controls to existing systems.
  • Regulatory Compliance: Ensure that Citi's technology infrastructure and applications comply with relevant regulations and industry standards, such as PCI-DSS, GLBA, and NYDFS.

Learning & Development Opportunities:

  • Technical Skills: Stay up-to-date with emerging cybersecurity trends and technologies, and develop expertise in specific areas of interest, such as cloud security, mobile security, or application security.
  • Leadership Development: Develop leadership skills by mentoring junior team members, leading projects, and driving strategic initiatives to improve the security posture of the organization.
  • Architecture Decisions: Participate in architecture decision-making processes, providing technical expertise and guidance to ensure security is integrated into the design and implementation of Citi's technology infrastructure.

📝 Enhancement Note: Citi offers numerous opportunities for career growth and development, with a strong focus on fostering a culture of continuous learning and innovation.

💡 Interview Preparation

Technical Questions:

  • Security Principles: Demonstrate a strong understanding of Information Security, Technology Risk, and Cybersecurity principles, with a focus on application security and risk assessment.
  • Risk Assessment: Explain your approach to risk assessment, and provide examples of how you have identified and mitigated security risks in previous roles.
  • Security Recommendations: Describe your process for recommending security solutions and enhancements, and provide examples of how you have successfully implemented them in previous roles.
  • Security Standards: Discuss your experience with security standards, policies, and practices, and explain how you have ensured compliance with relevant regulations and industry standards.

Company & Culture Questions:

  • Citi's Security Culture: Describe your understanding of Citi's security culture, and explain how you would contribute to its ongoing development and improvement.
  • Collaboration & Communication: Explain your approach to collaboration and communication, and provide examples of how you have worked effectively with cross-functional teams in previous roles.
  • Problem-Solving: Describe your problem-solving approach, and provide examples of how you have successfully addressed complex security challenges in previous roles.

Portfolio Presentation Strategy:

  • Portfolio Organization: Organize your portfolio to highlight relevant risk assessments, security recommendations, and corrective action plans, with a focus on communicating complex technical concepts effectively and persuasively.
  • Portfolio Walkthrough: Prepare a structured walkthrough of your portfolio, demonstrating your understanding of Citi's security policies, practices, and standards, and providing examples of how you have applied them in previous roles.
  • Portfolio Q&A: Be prepared to answer questions about your portfolio, and demonstrate your ability to communicate complex technical concepts effectively and persuasively.

📝 Enhancement Note: The interview process for this role is designed to assess the candidate's technical expertise, communication skills, and problem-solving abilities, with a strong focus on their ability to execute technical responsibilities independently or in collaboration with technical teams.

📌 Application Steps

To apply for this Information Security Officer position at Citi:

  1. Customize Your Portfolio: Highlight relevant risk assessments, security recommendations, and corrective action plans from your portfolio, with a focus on communicating complex technical concepts effectively and persuasively.
  2. Optimize Your Resume: Tailor your resume to emphasize your experience in Information Security, Technology Risk, and Cybersecurity, with a focus on application security and risk assessment.
  3. Prepare for Technical Interviews: Brush up on your knowledge of Information Security, Technology Risk, and Cybersecurity principles, with a focus on application security and risk assessment. Familiarize yourself with Citi's security policies, practices, and standards, and be prepared to discuss how you would apply them in a real-world scenario.
  4. Research Citi: Gain a deep understanding of Citi's security culture, and prepare for behavioral interview questions that focus on collaboration, communication, and problem-solving.

Application Requirements

Candidates should have over 5 years of experience in Information Security and Technology Risk, with a strong understanding of cybersecurity frameworks and application security. A bachelor's degree in a related field and professional certifications are preferred.