Vp - Service Manager, Security Operations Center

The Service Management organization is part of the Chief Information Security Office (CISO) - an organization that collectively administers the Information Security program for Citi. Our SPM service managers are aligned to support Cyber Security Operations: Security Operation Center.

The Service Manager for Security Operations Center is responsible for designing and driving large scale projects to meet client, Information Security (IS), and regulatory requirements and needs to work closely with different IS sector champions to achieve targeted goals.

The primary responsibility for this role is to serve as the key contact for holistic risk and control oversight for their security functions.

This position is responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

**Responsibilities**:

- Risk, Controls and Compliance Representative: Serve as primary representative to internal audit (IA), external auditors, regulatory examiners, partners and clients on behalf of their target security areas.
- Control Oversight: Responsible for oversight of the internal control environment through reporting, analysis, and strategic planning.
- Assist with governance of process control manuals to ensure compliance with internal IT & IS standards and policies, local and cross border regulations, privacy laws, and various information security frameworks.
- Lead and partner with personnel in risk-related roles to ensure unified progress toward shared goals and systemic risk mitigation.
- Manage oversight and creation of Control Issues and Corrective Action Plans with program owners, engineers, and operational managers to ensure all control gaps and risks are properly documented per Citi’s policy and are progressing toward resolution.
- Assist with risk & control repository maturity across target security areas and peer security areas, improving the scalability of risk & control oversight across the larger organization

**Qualifications**:

- Computer Engineering/Science Degree is required
- Minimum 5 years of experience in a Risk Management role for a global enterprise is required, 7+ is preferred
- Intermediate or Advanced knowledge/experience in the following Information Security (IS) technology frameworks is required: ITIL Service Management, COBIT and NIST Frameworks.
- Intermediate or Advanced knowledge of typical IS laws and regulations is required.
- Intermediate or Advanced knowledge/experience in the following Information Security (IS) technologies is required: security operations centers (SOC), firewalls, proxies, antivirus and other data security products and services.
- Working knowledge of cybersecurity & networking principles.

**Skills**:

- Fluent in oral and written English.
- Great communications skills; Must be able to interact with senior management from both a business and technical perspective.
- Must be able to present to different audiences and adjust accordingly (business, technical, and management) either structured presentations or ad-hoc.
- Business process improvement mindset with a drive for controls, automation and efficiency.
- Must be able to multitask efficiently and provide accurate, reliable, consistent end-to-end service.

**Competencies**:

- Strong self-management, work autonomy and use of own initiative.
- Ability to handle ambiguity and make decisions and recommendations with limited data.
- Solid analytical/problem-solving skills with capability to identify solutions to unusual and complex problems.
- Operates with passion and drive when pursuing goals.
- Self-motivated and goal-oriented with the ability to seize the initiative, garner consensus and develop and implement an effective strategy.
- Demonstrates a high level of analytical rigor in formulating strategies, objectives and measuring results.
- Willingness to challenge and question the status quo, making recommendations for best solutions.
- Organizationally astute, with superior influencing, collaboration and communication skills.

LI-Hybrid
- **Job Family Group**:
Technology
- **Job Family**:
Information Security
- **Time Type**:
Full time
- Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

View the "**EEO is the Law**" poster. View the **EEO is the Law Supplement**.

View the **EEO Policy Statement**.

View the **Pay Transparency Posting