Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cyber Fusion Program Manager
Company Citi
Location New York
Preferred GIAC Certifications GCGE, GCFA, GREM
Travel 5%
Salary Not provided
Contact Name Anonymous
Contact Email jason.flournoy/at/
Expires 2021-04-19

Job Description


Citi's Global Cyber Investigations Team seeks a highly skilled program manager to support critical efforts aimed at protecting Citi infrastructure, assets, clients and stakeholders. This is a demanding role with global exposure and responsibility. You will serve both as a subject matter expert and as an ambassador for the global investigations team. You will be assigned to Citi's Cyber Security Fusion Center, and will collaborate closely with a talented cadre of security specialists and cyber investigators as they react aggressively to urgent security events. Your observations and recommendations will impact security decisions across the organization, and play an important part in maturing the fusion center's team-of-teams operation.

As a Program Manager for the Cyber Fusion Investigations Team your primary responsibility is to provide global governance for all regional fusion center investigators as they triage and examine critical security events. Related activities include but are not limited to:

Define, document and champion best practices for cyber investigative standards and procedures
Define and deliver global program support
Evolve the tech stack with focus on standardization and automation
Improve methods for defining, monitoring and reporting key performance indicators
Improve knowledge management and reporting
Influence decision makers across the organization to address inadequate security controls and to mitigate risks
Provide guidance and leadership to a cohort of regional fusion center investigators
Generate and present material for a broad audience, including technical, executive and regulatory groups
You should be all of the following:

1. A competent manager and goal oriented contributor. Success will depend on your ability to:

Practice service based leadership
Lead and motivate a team of individual contributors
Stay current with the evolving landscape of threat activities and cybersecurity best practices
Work independently with minimal oversight
Adapt to changing requirements in a fast paced environment
Multitask and meet deadlines despite competing priorities
Navigate operational impediments in order to complete time sensitive tasks
Identify and document any opportunities for process improvement
2. A reliable team player. Success will depend on your ability to:

Practice mutual respect at all times
Establish trust and build strong partnerships
Resolve conflict in a constructive manner and use as an opportunity to develop team unity
Prioritize collective success ahead of individual ambition

3. A great communicator. Success will depend on your ability to:

Establish clear narratives to describe observations, ideas and recommendations
Motivate colleagues and partners to cooperate and support as needed
Exert influence, both verbally and in writing, through all levels of the organization
Minimum Requirements
Education and Experience
Bachelor’s degree in Computer Science, Computer Engineering, Information Security, Digital Forensics Sciences, or other IT related field
10+ years of professional experience in cybersecurity and/or information security, or demonstrated equivalent capability
5+ years managing a professional staff, cyber program or resources
Previous experience governing global programs
Previous experience in policy development, implementation, and training
Previous experience in establishing new procedure(s)
Previous experience with cyber investigations and/or incident response
Previous experience working in highly regulated environments
Previous experience in building and leading teams
Previous experience in digital forensic analysis
Knowledge and Skills
Working knowledge of how computer applications, systems, and networks are managed and secured
Working knowledge of common security threats and vulnerabilities, attack vectors, and adversary tactics, techniques and procedures (TTP's)
Working knowledge of cyber forensic and eDiscovery procedures to collect, handle, examine, and analyze evidentiary artifacts while preserving integrity and maintaining a strict chain of custody
Working knowledge of any DFIR toolset (e.g. EnCase, FTK, Sleuth Kit)
Working knowledge of some of the following tools: Splunk, Tanium, Nuix, Relativity, Metasploit, Plaso, Powergrep,Security Onion, SIFT Workstation, Volatility, Wireshark, Yara
Must have flexibility to work outside of normal business hours when necessary
Preferred Requirements
Education and Experience
Graduate degree in Computer Science, Computer Engineering, Information Security, Digital Forensics Sciences, or other IT related field
Previous experience in a fusion center and/or exposure to large scale incident response
Prior success leading forensic investigations and/or managing individual contributors
Prior experience with information technology and/or information security in the financial services industry
Prior experience with cloud environments (e.g. AWS, GCP, Azure) and DevOps technologies (e.g. Docker, Kubernetes, Jenkins, Git)
Knowledge and Skills
Any professional certifications issued by GIAC, AWS, etc.
Working knowledge of common security models (Defense-in-Depth), standards (NIST 800-53, CIS 20 Controls) and frameworks (MITRE Attack, Cyber Kill Chain, STIX)
Working knowledge of OSI model
Working knowledge of security and/or incident response in cloud environments
Working knowledge of software development best practices, including agile methods
Familiar with Atlassian tools

Job Family Group:

Corporate Services

Job Family:


Time Type:


Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting