Job description 

Key Responsibilities -

Work within a dedicated security engineering function that accelerates and delivers creative and secure capabilities to unlock the value of Gen AI

Perform security assessments including threat modelling and security integration of Gen AI platforms and business solutions. Ensure that security design and controls are consistent with organization's security architecture principals.

Perform model input and output security including prompt injection and security assurance

Provide thought leadership and creativity to mature Gen AI security governance embedding into our existing cyber security risk appetite framework

Build internal and external networks to ensure alignment across programs, industry best practices, and to maintain current knowledge regarding cybersecurity threats and risks. Communicate with peers, regulators, law enforcement etc., when necessary.

Understand the current external threat environment and advise relevant stakeholders on the appropriate courses of action, promoting security as an enabler for business innovation and digitization, including the evaluation and recommendation of technical controls. Leverage threat intelligence to enhance engineering and operations

Identify, assess, track and report on security issues identified in supplier/third-party due diligence processes, self-assessments, architectural reviews, application testing, vulnerability scans, bug bounty programs, penetration testing, change management, cyber exercises, reviews and audits. Technically advise stakeholders on recommendations and remediation/mitigation  plans.

Ideate and leverage Gen AI to solve cybersecurity problems at scale for Citi

Support Global Information Security policies, standards, and initiatives development and implementation by representing in different Citi action groups such as Delegated Action Groups (DAG).

Partner with CISO engineering and Gen AI engineering organizations, directly embedded, in both leading and supporting capacities

Qualifications include:

7+ years of Information Security experience in areas of Information/Application Security

5+ years of Software engineering and/or software development experience is required

• Good  understanding  of application and data security, AI/Gen AI, Machine Learning or data science

Demonstrated  knowledge of software development processes (SLDC/Agile/Iterative/DevOps)

Experience of delivering security solution architecture from end-to-end.

Threat modelling using industry standard methodologies (e.g. STRIDE/DREAD)

Security architecture assessments for one or more IT systems such as Web, Mobile, APIs/Microservices, Cloud (AWS/GCP/Azure/Oracle)

Experience developing Reference Security Architecture and Design Patterns to support proactive and automated controls

• Demonstrated experience with cyber engineering and operations, which could include DevSecOps and MLSecOps

A demonstrated knowledge of information security standards, rules and regulations related to information security and data confidentiality and other various security standards and policies.

Ability to keep up to date  with  technology and security. Make informed decision and appropriate adjustments .

Ability to operate effectively across a highly matrixed, global business environment.

Good leadership, strategic thinking, and large-scale planning abilities.

Good interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex IS topics

Excellent problems solving abilities and analytical skills

Ability to apply a broad and comprehensive understanding across multiple functional areas.

Strong work ethic, and an excellent use of discretion and judgment.

Ability to organize, prioritize, and lead multiple deliverables simultaneously across a large, global corporate environment.

Education:

• Bachelor’s degree/University degree or equivalent experience
• Master’s degree preferred