We are seeking a highly skilled and execution-focused Platform Implementations Lead to drive the development and enhancement of platforms supporting our global Information Security Assessment program. This pivotal role requires close partnership with engineering teams to evolve these platforms to ensure the implementation of secure, efficient, and scalable solutions enabling effective risk identification, analysis, and mitigation across our technology landscape. This position offers an exciting opportunity to directly influence our Security Assessment program strategy and contribute to a robust security posture within a dynamic and collaborative environment.
Key Responsibilities:
- Structure and lead the platform implementations team for Information Security Assessments, aligning with cybersecurity, regulatory and business objectives.
- Partner closely with engineering teams to define, scope, and implement changes to the Security Assessments platforms, ensuring these platforms effectively support evolving security assessment needs and progress towards new platform uplifts.
- Collaborate with internal stakeholders including security assessments, risk management, compliance, audit, and technology teams, to translate security assessment requirements into practical and scalable technical solutions, considering local data sovereignty and compliance requirements.
- Design, build, and integrate modules and enhancements within the Security Assessments platforms that automate security assessment workflows, reporting, data aggregation from various sources (e.g., GRC tools, threat intelligence feeds), and risk register updates, leveraging cloud-native solutions and DevSecOps principles.
- Manage project delivery timelines, resources, and dependencies related to Security Assessments platform enhancements, adhering to agile methodologies and fostering effective communication.
- Champion security-by-design and privacy-by-design principles within the Security Assessments platforms, ensuring compliance with enterprise standards and seamless integration with existing GRC tools, risk registers, and third-party risk management platforms.
- Partner with stakeholders across Cybersecurity, Risk Management, Compliance, and Technology functions to validate the functionality of Security Assessments and address evolving risk assessment needs, incorporating feedback from key stakeholders.
- Conduct thorough user acceptance testing (UAT) of changes to Security Assessments, collect feedback, and drive iterative improvements post-implementation, ensuring smooth transition and optimal user experience.
- Proactively monitor the operational health of Security Assessments, track key risk indicators, and analyze platform performance to identify areas for continuous improvement and proactive risk mitigation.
- Develop and maintain comprehensive risk assessment methodologies and frameworks, staying abreast of industry best practices and regulatory changes, and ensuring these are reflected in the capabilities of Security Assessments.
Qualifications & Skills:
- 7+ years of experience in platform implementation, cybersecurity operations, or information security assessments, preferably in financial services.
- Strong understanding of information security frameworks (e.g., NIST, ISO 27001), risk management, and control assurance.
- Proven experience leading the implementation of technical platforms, ideally within GRC, assessment, or evidence management domains.
- Proficient in managing Agile/Waterfall projects with global stakeholders and technology teams.
- Familiarity with data architecture, APIs, and integration with enterprise platforms (e.g., ServiceNow, Archer, Jira).
- Strong analytical, problem-solving, and organizational skills with excellent attention to detail.
- Effective communicator with experience in stakeholder management, change adoption, and training delivery.
Preferred Qualifications:
- Experience with GRC Platforms (Service Now, IBM, etc.).
- Experience working in a global bank or regulated environment.
- Knowledge of secure software development lifecycle (SSDLC) and cloud-native platforms.
- Professional certifications such as CISSP, CISA, CRISC, or PMP are advantageous.
------------------------------------------------------
Job Family Group:
Technology------------------------------------------------------
Job Family:
Technology Project Management------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.
If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View Citi’s EEO Policy Statement and the Know Your Rights poster.
.png)
