Security Incident Management Analyst

About Our Team:
The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to end program - one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.

The Security Incident Management Analyst is an intermediate level position responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

**Responsibilities**

As a Security Incident Management Analyst, your primary responsibility is to manage risk throughout the security incident lifecycle. Related activities include, but are not limited to:

- Work as part of a best in class ‘follow the sun’ security incident response team.
- Lead and manage incident response activities to ensure that requisite triage, containment, and eradication are completed within targeted timeframes.
- Ensure that the security incident record is complete, accurate and fit for purpose.
- Collect and analyze evidence including investigative findings and prepare to coordinate with internal and external compliance and audit personnel.
- Execute incident response meetings and communicate complex security topics; exhibit good judgment and discretion when initiating escalations to all levels of the organization.
- Ensure that controls are utilized daily and that non-compliance remediation is addressed by appropriate selection.
- Provide IS consulting services, including interpreting and/or clarifying information security policy, procedures, standards or concepts.
- Assist with defining and implementing information security standards to align procedures and practices in pursuit of compliance with Citigroup standards.
- Validate compliance with information security policies, practices, and procedures, and resolve a variety of information security related issues in coordination with the relevant business(es).
- Assume both informal and formal mentorship roles within the team, and assist with coaching and training of new team members.
- Act as an authority for cyber security incidents, with the ability to reliably identify and escalate threats with appropriate urgency.

**Qualifications**
- Stay current with the evolving landscape of cyber threat activities and cybersecurity best practices
- Work independently with mínimal oversight
- Adapt to changing requirements in a fast paced environment
- Multitask and meet deadlines despite competing priorities
- Navigate operational impediments in order to complete time sensitive tasks
- Identify and document any opportunities for process improvement
- Be a reliable team player.
- Practice mutual respect at all times
- Establish trust and build strong partnerships
- Resolve conflict in a constructive manner and use as an opportunity to develop team unity
- Prioritize collective success ahead of individual ambition
- Strong communicator.
- Establish clear narratives to describe observations, ideas and recommendations
- Motivate colleagues and partners to cooperate and support as needed
- Exert influence, both verbally and in writing, through all levels of the organization

**Requirements**:

- Relevant professional certifications issued by GIAC, AWS, etc., preferably GCCC, GCIH, CEH, ECSA.
- General Industry knowledge of reporting obligations pertaining to local and national laws and regulatory bodies such as OCC, SEC, ECB, MAS
- Working knowledge of common security models (Defense-in-Depth) and frameworks (MITRE Attack, Cyber Kill Chain, STIX)
- Working knowledge of VERIS taxonomy
- Working knowledge of OSI model
- Working knowledge of security and/or incident response in cloud environments
- Working knowledge of software development best practices, including agile methods
- Familiar with Atlassian tools
- Previous experience working in highly regulated environment
- Previous experience in a fusion center and/or exposure to large scale incident response
- Prior experience with information technology and/or information security in the financial services industry
- Prior experience with cloud environments (e.g. AWS, GCP, Azure)
- Working knowledge of common security threats and vulnerabilities, attack vectors, and adversary tactics, techniques, and procedures (TTP's)
- Proficient threat intelligence supported by a clear understanding of Cyber Adversarial levels, their motives and capabilities.
- Must have flexibility to work outside of normal business hours when necessary

**Education and Experience**
- Bachelor’s degree in Computer Science, Computer Engineering, Information Security, Di