User testing Jobs in Grand Rapids, MI

External Pen Testing Vendor Lead (Info Security Tech Lead Analyst - VP / Hybrid) SGP

This is a senior level professional position responsible for coordinating and interfacing directly with our internal clients who are seeking guidance on penetration testing engagements that will be conducted with our third-party penetration testing vendors. This role will also require the candidate to interface and engage with our third-party penetration testing vendors and serve as a liaison to address testing challenges, drive vulnerability discussions with Citi Stakeholders, drive operational health of the pen testing vendors along with their adherence to Citi procedures, analyze vulnerability trends to better improve the root cause model of existing testing mechanisms and maintain the overall security hygiene for the organization. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

Responsibilities :

• Serve internal clients by providing information related to ongoing vulnerability assessments.
• Liaise and engage with third-party vendor management activities.
• Be the central liaison between businesses and the external pen testing team / vendor, acting as a collaborator to provide updates to both businesses and the third-party vendors as it relates to the pen testing engagement.
• Knowledge of OWASP top 10 and SANs top 25.
• Act as an application security subject matter expert to assist both businesses and third party vendors during vulnerability discussions.
• Focus on and drive quality as it relates to the information submitted by the businesses who are requesting VA services and ensuring that the provided information is accurate and complete.
• Focus on maintaining a high level of operational oversight with all vendors and ongoing pen testing activities in order to ensure that engagements are progressing forward with the right level of attention.
• Have strong communication skills in order to effectively set expectations to our internal clients and ensure that they have a clear understanding of what is their responsibility in this process and what may be pending resolution.
• Have strong technical writing and presentation skills to articulate the penetration testing process end-to-end to any audience.
• Have strong reporting and research skills to create and execute reports that highlight trends and potential opportunities for enhanced oversight activities.
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.
• Identify opportunities to automate and standardize information security controls and for the supported groups.
• Reduce risk by analyzing the root cause of issues, their impact, and required corrective actions.
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

Qualifications :

Plus :

Education :

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Job Family Group : Technology

Job Family : Information Security

Time Type : Full time

J-18808-Ljbffr