Citi Watch this video to learn more about Citi
Job Details
CISO
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.
We are seeking a SOC Incident Response Manager - Senior Vice President. Being talent-driven, we are focused on attracting, developing, and retaining diverse and inclusive talent with a high technical skill level. As a leader of our team, we will provide you with career development opportunities at all stages of your career. Our employees model a passion for protecting Citi and our clients and believe in treating others with dignity and respect.
Lead, mentor, and manage a global team of 6-10 Security Operations Center Incident Responders, fostering a culture of excellence and continuous improvement.
Oversee and direct incident response functions, ensuring adherence to established playbooks and best practices across diverse computing environments.
Drive strategic initiatives to enhance incident detection, containment, and eradication capabilities.
Lead and support in-depth triage and investigations of urgent cyber incidents.
Manage team performance, conduct regular reviews, and facilitate career development for direct reports.
Ensure the team effectively performs host-based analytical functions (e.g., digital forensics, metadata, malware analysis, etc.) through investigating Windows, Unix-based, appliances, and Mac OS X systems to uncover Indicators of Compromise (IOCs) and/or Tactics, Techniques and Procedures (TTPs).
Oversee the creation and tracking of metrics based on the MITRE ATT&CK Framework and other standard security-focused models, using these to drive continuous improvement.
Lead collaboration with application and infrastructure stakeholders to identify key components and information sources such as various environments (on-premises versus other distributed systems), servers, workstations, middleware, applications, databases, logs, etc.
Direct incident response efforts using forensic and other custom tools to identify sources of compromise and/or malicious activities.
Collaborate with global multidisciplinary groups for triaging and defining the scope of large-scale incidents.
Direct the documentation and presentation of investigative findings for high-profile events and other incidents of interest to senior leadership.
Lead and participate in readiness exercises such as purple team, table tops, etc.
Develop and implement training programs for junior and mid-level colleagues on relevant best practices and advanced incident response techniques.
Act as a key escalation point for critical incidents and provide expert guidance to the team.
Bachelor's degree in a technically rigorous domain such as Computer Science, Information Security, Engineering, Digital Forensics, etc.
10+ years of professional experience in cybersecurity and/or information security, or demonstrated equivalent capability.
5+ years hands-on working in cyber incident response and investigations, with at least 3 years in a leadership or management capacity, overseeing medium to large global teams, with exposure to various computing environments including cloud and traditional infrastructure.
Proven experience in leading, mentoring, and developing technical teams.
Demonstrated expertise or oversight in Dev/Sec/Ops practices within various computing environments.
Deep understanding and experience with common services and platforms from a security and incident response perspective.
Proven experience leading or directing forensic investigations or large-scale incident response efforts across diverse environments.
Strong understanding and strategic leadership in containerization methods and tools (e.g., Docker, Kubernetes), including incident response and digital forensics considerations.
Advanced certifications (e.g., GIAC, CISSP) in security or equivalent expertise.
Demonstrated ability to lead teams in analyzing and pivoting through large data sets during incident investigations.
Extensive experience in leading digital forensics (e.g., computer, network, mobile device forensics, and forensic data analysis) activities, including:
Memory collection and analysis from various platforms.
Evidence preservation, following industry best practices.
Familiarity with malware analysis and Reverse Engineering of samples (e.g., static, dynamic, de-obfuscation, unpacking).
In-depth file system knowledge and analysis.
In-depth experience with timeline analysis.
In-depth experience with Registry, event, and other log file and artifact analysis.
Hands-on experience with a DFIR toolset and related scripting.
Current expertise with an EDR system.
Multiple advanced GIAC (e.g., GCFE, GCFA, GREM, GCIH, GASF, GNFA, etc.) or other digital forensic and/or incident response certifications.
Windows Operating Systems / UNIX / Mac OS X, specifically in system administration, command line use, and file system knowledge.
Proficient in basic scripting and automation of tasks (e.g., C/C++, PowerShell, JavaScript, Python, bash, etc.).
Leadership & Mentorship: Ability to inspire, motivate, and develop a high-performing global team.
Strategic Thinking: Capacity to define and execute incident response strategy aligned with business objectives.
Communication: Excellent verbal and written communication skills for presenting complex technical information to both technical and non-technical audiences, including senior management.
Stakeholder Management: Proven ability to build and maintain strong relationships with internal and external stakeholders.
Decision-Making: Sound judgment and decision-making skills under pressure during critical security incidents.
Problem-Solving: Advanced analytical and problem-solving skills to guide the team through complex technical challenges.
Adaptability: Ability to adapt to rapidly changing threat landscapes and evolving technologies.
Working knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection/prevention systems, encryption, load balancing, and other network protocols. This understanding should be leveraged for strategic oversight and guiding team investigations.
Working knowledge of relational database systems and concepts (SQL Server, PostgreSQL, etc.).
Working knowledge of virtualization products (e.g., VMware Workstation).
Must have flexibility to work outside of normal business hours when necessary to lead incident response efforts.
Exceptional candidates from non-traditional backgrounds or who otherwise do not meet all of these criteria may be considered for the role provided they demonstrate sufficient skill and experience.
------------------------------------------------------
Job Family Group:
Technology------------------------------------------------------
Job Family:
Information Security------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Primary Location:
Irving Texas United States------------------------------------------------------
Primary Location Full Time Salary Range:
$156,160.00 - $234,240.00
In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.
------------------------------------------------------
Most Relevant Skills
Please see the requirements listed above.------------------------------------------------------
Other Relevant Skills
For complementary skills, please see above and/or contact the recruiter.------------------------------------------------------
Anticipated Posting Close Date:
Jan 19, 2026------------------------------------------------------
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.
If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View Citi’s EEO Policy Statement and the Know Your Rights poster.
About Citi Working at Citi is far more than just a job. A career with us means joining a team of more than 200,000 dedicated people from around... Read more