Gen AI Security Engineer

About Citi:
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

About Our Team:

The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.

Citi has an extensive and robust AI program, with strong global partnerships and business activities in progress. We view Generative AI as a significant opportunity, one we want to move quickly and embrace, but also one we want to embed security principles and engineering excellence into early. 

The Gen AI Security Engineer is a senior level position responsible for leading a variety of engineering activities including the design, acquisition and deployment of hardware, software and network infrastructure in coordination with the Technology team. The overall objective of this role is to lead efforts to ensure quality standards are being met within existing and planned framework. This role reports into the CISO organization with dedicated functional alignment to Citi’s Generative AI enablement group to enable close, collaborative strategic work to jointly design, engineer and run the capabilities needed to enable Gen AI and protect Citi and our assets.

Responsibilities:

• Work within a dedicated security engineering function that accelerates and delivers creative and secure capabilities to unlock the value of Gen AI

• Perform security assessments including threat modelling and security integration of Gen AI platforms and business solutions. Ensure that security design and controls are consistent with organization's security architecture principals.

• Perform model input and output security including prompt injection and security assurance

• Provide thought leadership and creativity to mature Gen AI security governance embedding into our existing cyber security risk appetite framework

• Build internal and external networks to ensure alignment across programs, industry best practices, and to maintain current knowledge regarding cybersecurity threats and risks. Communicate with peers, regulators, law enforcement etc., when necessary.

• Understand the current external threat environment and advise relevant stakeholders on the appropriate courses of action, promoting security as an enabler for business innovation and digitization, including the evaluation and recommendation of technical controls. Leverage threat intelligence to enhance engineering and operations

• Identify, assess, track and report on security issues identified in supplier/third-party due diligence processes, self-assessments, architectural reviews, application testing, vulnerability scans, bug bounty programs, penetration testing, change management, cyber exercises, reviews and audits. Technically advise stakeholders on recommendations and remediation/mitigation  plans.

• Ideate and leverage Gen AI to solve cybersecurity problems at scale for Citi

• Support Global Information Security policies, standards, and initiatives development and implementation by representing in different Citi action groups such as Delegated Action Groups (DAG).

• Partner with CISO engineering and Gen AI engineering organizations, directly embedded, in both leading and supporting capacities

• Serve as a technology subject matter expert for internal and external stakeholders and provide direction for all firm mandated controls and compliance initiatives, all projects within the group and in creating a technology domain roadmap

• Ensure that all integration of functions meet business goals

• Define necessary system enhancements to deploy new products and process enhancements

• Recommend product customization for system integration

• Identify problem causality, business impact and root causes

• Exhibit knowledge of how own specialty area contributes to the business and apply knowledge of competitors, products and services

• Advise or mentor junior team members

• Impact the engineering function by influencing decisions through advice, counsel or facilitating services

• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

Qualifications:

• 6+ years of Information Security experience in areas of Information/Application Security

• 5+ years of Software engineering and/or Software Development experience is required

• Good understanding  of Application Security and Data Security, Generative AI, Machine Learning or Data Science

• Demonstrated  knowledge of Software Development Processes (SLDC/Agile/Iterative/DevOps)

• Experience of delivering end-to-end Security Solution Architecture.

• Threat Modelling using industry standard methodologies (e.g. STRIDE/DREAD)

• Security Architecture Assessments for one or more IT systems such as Web, Mobile, APIs/Microservices, Cloud (AWS/GCP/Azure/Oracle)

• Experience developing Reference Security Architecture and Design Patterns to support proactive and automated controls

• Demonstrated experience with Cyber engineering and Operations, which could include DevSecOps and MLSecOps

• A demonstrated knowledge of information security standards, rules and regulations related to information security and data confidentiality and other various security standards and policies.

• Ability to keep up to date  with  technology and security. Make informed decision and appropriate adjustments .

• Ability to operate effectively across a highly matrixed, global business environment.

• Good leadership, strategic thinking, and large-scale planning abilities.

• Good interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex IS topics

• Excellent problems solving abilities and analytical skills

• Ability to apply a broad and comprehensive understanding across multiple functional areas.

• Strong work ethic, and an excellent use of discretion and judgment.

• Ability to organize, prioritize, and lead multiple deliverables simultaneously across a large, global corporate environment.

Education:

• Bachelor’s degree/University degree or equivalent experience

• Master’s degree preferred

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Primary Location:

------------------------------------------------------

Primary Location Full Time Salary Range:

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Anticipated Posting Close Date:

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting