Job Description

The Applications Development Technology Safety and Soundness (S&S) Lead Analyst is a senior level position responsible for establishing and implementing new or revised application systems and programs in coordination with the Technology Team. Safety and Soundness (S&S) is a first and second line of defense function that services our customers through the oversight and execution of information security and technology governance, risk and compliance (GRC). As a S&S Lead Analyst, you will be an integral member of the Client Reporting Team The overall objective of this role is to lead applications systems analysis and programming activities.

Responsibilities:

• Engage: Develop and drive ownership and accountability of control objectives supporting aligned IT initiatives.

• For reporting applications (legacy and recent) to stay on top of ensuring all internal and shared servers do not become overdue and CAP to be raised as appropriate.
• Upgrade/Move to new servers that become EOVS and EOL
• Drive clear, concise, pragmatic outcomes with Stakeholders that balance risk with business objectives.
• Provide cross-functional team engagement to ensure successful achievement of objectives.
• Manage vendor resources, follow-up with internal and partner development teams, CTI, Support teams to resolve issues with quicker turn-around time .
• Inspire: Develop trust and build strong, authentic, productive relationships within the organization and with key stakeholders. Effectively engage and collaborate with necessary parties, including but not limited too; Infrastructure teams, Application Leads, UAT & Production Support Managers, Development organizations and tool liaisons across our organization to develop, define and build on innovative ideas and business priorities.

• Act as a role model for developing and maintaining positive, collaborative stakeholder relationships.
• Engage across the organization to quickly connect information and people to drive enterprise projects, programs, and initiatives.
• Understand stakeholder drivers and use that knowledge and those relationships to drive effective prioritization and roadmaps for delivery.
• Develop: Create an environment of continual improvement both inside and outside of direct team.

• Be a Producer of Talent with individuals on your team and across the organization.
• Demonstrate the ability to learn and develop as a self-starter requiring little direction. We are looking for someone who shows the potential to do more, taking initiative and ownership.
• Out Front: Anticipate the needs of the application team and leadership and facilitate as well as motivate those around you to identify solutions that both improve the security of our environment and advance business objectives.

• Present balanced viewpoints of options and recommendations based on strong front-to-back understanding of existing capabilities and frameworks combined with a strong understanding of emerging technologies and best practices.
• Be curious about our business and seek to understand.
• Re-Imagine: Bring new ideas, methods, and approaches to the management of our control activities and support of the control process. Leverage own expertise to challenge the status quo and drive decisions and actions necessary to improve our business processes and related technology.
• Passion: Demonstrate an unyielding passion for the audit process and application manager experience, culture, mission and vision. Lead by example and inspire others to follow.

Qualifications:

• 12+ years of relevant experience
• 5+ years of Experience of being a Safety & Soundness lead
• Performed server upgrades, handled EOVS and EOL on servers
• Has knowledge on Blackduck, Checkmarx, SBT, CyberArk
• Strong analytical and problem-solving skills that apply passion, creativity, and skills (i.e., structural analysis) with ability to decipher and prioritize asks accordingly.
• Strong interpersonal skills and demonstrable ability to collaboratively work in virtual environment
• Experience in systems analysis and programming of software applications
• Demonstrated Subject Matter Expert (SME) in area(s) of Applications Development
• Demonstrated knowledge of client core business functions
• Demonstrated leadership, project management, and development skills
• Relationship and consensus building skills
• Proven solid written and oral communication skills with the ability to effectively communicate status, risks, and solutions to executive management.
• Strong time management, organizational and prioritization skills are also required

The Application S&S Lead is a position responsible for accomplishing results through the department to establish and implement new or revised application systems and programs in coordination with regional business and technology Bank teams. The overall objective of this role is to

• Identify and act on opportunities to improve and update application software, data and systems.
• Improve and update micro services and APIs that power Citi digital channels like Mobile, Internet banking and open banking partners, using latest cloud native technologies and frameworks and ensuring to maintain its within EOVS.
• Ensure compliance with Citis system development lifecycle and information security requirements
• Implement and maintain security controls to meet the requirements outlined by Info-Security.

Application S&S Lead

• Utilize in-depth Info-Security knowledge and skills across multiple Applications product domain areas to provide oversight, formulate strategies to ensure compliance.
• Manage operation, maintenance, versioning and upgrading of application(s) hardware and software throughout its lifecycle.
• Serves as key player in the implementation of security governance, risk, compliance program across applications.
• Develop comprehensive knowledge of how areas of compliance impact the business area through monitoring delivery of end results
• Appropriately assess risk and controls when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.
• Review and Analyze proposed mitigation solutions for info-security issues by thorough understanding of integration with upstream or downstream touch points.
• Good understanding of technology stack, Backlog management.
• Should be a team player.
• Excellent Analytical skill to navigate unstructured problems and define solution
• Excellent communication & negotiation skill to manage the Business stakeholders.
• Actively participate in the training process to improve your skills, knowledge of software & Citi applications.
• Ability to understand technical infrastructure, including a deep understanding in application operations in info-security area.
• Expertise in Risk Management of Info-security issues and has good experience in working out a resolution with documented Corrective Action Plan or Business Risk Exceptions.
• Formulates CAP/RE with proper milestones and track it meticulously with no milestone overdue and ensure CAP/RE Closure well before due date.
• Consolidation of info-security items across Applications from Risk/Audit/Compliance perspective and presentation to Sr. Mgmt with resolution plans.
• Expertise in sizing of Info-Security & Tech Mandate changes and and demand fitment in release.
• Good understanding in Vulnerability Assessment from Project and Annual Compliance perspective across Application & Infrastructure.
• Hands on experience in VA Management wrt Planning, Scheduling, Vendor Engagement, Test Data Preparations, Purchase Order Releases, Execution, Report Generation, Closure of VA Execution formally and then Tracking Issues to closure.

Duties:

• Track and maintain hardware and software inventories across applications being managed.
• Track and remediate code quality issues /application vulnerabilities leveraging agreed upon action plans and timelines with responsible technology partners and application teams
• Implements the required user access policies.
• Should be able to produce evidence in the form of logs, reports, document for Audits and SLAs with various teams.

Roles & Responsibilities:

• Application Management

• Manage and keep application hardware and software inventories up to date and ensure continuous data quality is upkept and applications are not End of Version/ End of Life.
• Ensure all compliance activities (ARR/ ARP/ Entitlement Feeds/ Export Licensing Agreement/ COB/ Compliance VA/ Critical Data Asset/ Sensitive Data Management Attestations/ ID Management & Reviews/ Scans & Patches) are performed timely within defined SLA.

Application Information Security and Code Quality Governance

• Identify, assess, track and mitigate issues and risks at multiple levels (software, third party components/ libraries, servers). Determine if success metrics are in place and if not, work to define them.
• Drive outstanding safety and soundness items (CAMP) across all teams to closure and turn it around to become prevention instead of reacting to issues.
• Manage partnership with TISO, BISO, PMO, Risk and Compliance team ensure that the application is delivered within the defined quality and timeline
• Analyze, fix, build / configure and implement applications to address infosec/code quality/VA issues and ensure no repeat findings by ensuring checklist and updating knowledge base.
• Oversee information security entitlements & compliance training adherence
• Prepare, Represent, Present S&S metrics in CIO governance forum
• Involve and support application audits by coordinating with Risk & Control Tech team (entitlement reviews)
• Closely interact with the Risk & Control Tech team to proactively ensure controls and compliance
• Track & Ensure all application CSI has met with CoB testing needs
• Single point of Contact for Technology mandatory changes wrt Sizing &Project Prioritization

Job Family Group: Technology



Job Family: Applications Development



Time Type: Full time



Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review .

View the " " poster. View the .

View the .

View the

Citigroup