SOC Incident Response Manager - Senior Vice President

SOC Incident Response Manager - Senior Vice President

Join to apply for the SOC Incident Response Manager - Senior Vice President role at Citi

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests.

Our technology solutions are the foundations of everything we do, from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first‑class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services. Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins.

We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all.

• Lead, mentor, and manage a global team of 6‑10 Security Operations Center Incident Responders, fostering a culture of excellence and continuous improvement.
• Oversee and direct incident response functions, ensuring adherence to established playbooks and best practices across diverse computing environments.
• Drive strategic initiatives to enhance incident detection, containment, and eradication capabilities.
• Lead and support in-depth triage and investigations of urgent cyber incidents.
• Manage team performance, conduct regular reviews, and facilitate career development for direct reports.
• Ensure the team effectively performs host‑based analytical functions (e.g., digital forensics, metadata, malware analysis) through investigating Windows, Unix‑based, appliances, and Mac OS X systems to uncover indicators of compromise (IOCs) and/or tactics, techniques and procedures (TTPs).
• Oversee the creation of metrics based on the MITRE ATT&CK Framework and other standard security‑focused models, using these to drive continuous improvement.
• Lead collaboration with application and infrastructure stakeholders to identify key components and information sources such as various environments (on‑premises versus other distributed systems), servers, workstations, middleware, applications, databases, logs, etc.
• Direct incident response efforts using forensic and other custom tools to identify sources of compromise and/or malicious activities.
• Collaborate with global multidisciplinary groups for triaging and defining the scope of large‑scale incidents.
• Direct the documentation and presentation of investigative findings for high‑profile events and other incidents of interest to senior leadership.
• Lead and participate in readiness exercises such as purple team and tabletop exercises.
• Develop and implement training programs for junior and mid‑level colleagues on relevant best practices and advanced incident response techniques.
• Act as a key escalation point for critical incidents and provide expert guidance to the team.

• Bachelor's degree in Computer Science, Information Security, Engineering, Digital Forensics, or related technical domain.
• 10+ years of professional experience in cybersecurity and/or information security, or demonstrable equivalent capability.
• 5+ years hands‑on working in cyber incident response and investigations, with at least 3 years in a leadership or management capacity overseeing medium to large global teams, with exposure to cloud and traditional infrastructure.
• Proven experience in leading, mentoring, and developing technical teams.

• Demonstrated expertise or oversight in Dev/Sec/Ops practices within various computing…