Global Cloud Incident Response VP Security Strategy Leader

Cloud Incident Responder (Vice President) Apply (opens in new window) Job Req Id: 26963020 Location(s): Singapore, Singapore, Singapore Job Type: On-Site/Resident Posted: May. 20, 2026 Discover your future at Citi Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact. Job Overview At Citi , we get to connect millions of people across hundreds of cities and countries every day. And we've been doing it for more than 200 years. We do this through our unparalleled global network. We provide a broad range of financial services and products to our clients – whether they be consumers, corporations, governments or institutions – to help them meet their biggest opportunities and face the world's toughest challenges. Citi's Cloud Incident Response (Cloud IR) team seeks a Cloud Incident Responder (VP) to own and strategically lead security incident response within Citi's dynamic public cloud environments and critical SaaS/PaaS platforms. Every day, $5 trillion crosses through our network across 180+ countries — and your leadership will be central to protecting it. You will work closely with global stakeholders to ensure robust and effective security incident response, safeguarding the integrity of cloud based services and data across Citi's diverse technology footprint — including cloud-native databases like Snowflake and MongoDB , and enterprise productivity suites like M365 . Your leadership is critical in establishing a proactive and coordinated approach to responding to sophisticated cloud security incidents and strategically managing security risks in a timely and effective manner. You will align your objectives with the wider Cyber Security Operations priorities at Citi, driving the evolution of our processes, procedures, and cutting-edge tools to ensure the firm is ready to tackle the most critical security incident response challenges within the evolving cloud ecosystem and beyond. Responsibilities: Perform incident response functions including but not limited to: Detailed cloud-focused investigations by analyzing logs from CSPs, Snowflake, MongoDB, and M365 security platforms. Orchestrating the execution of automation to gather forensic artifacts (memory, disk, cloud resource configurations) for in-depth analysis. Implementing and overseeing cloud-native automation for decisive resource containment actions across compromised environments, including data platforms. Conducting advanced host-based and cloud-native analytical functions (digital forensics, metadata analysis) to proactively uncover Indicators of Compromise (IOCs) and Tactics, Techniques and Procedures (TTPs). Ensuring meticulous documentation capturing the Who, What, When, Where, Why and How of each incident, with a focus on actionable insights. Architect, refine, and champion cutting-edge incident response playbooks that proactively address emerging threats across cloud, SaaS, PaaS, and M365 ecosystems, driving operational excellence and swift resolution. Take ownership for and innovate the development of new automation capabilities and supporting playbooks across assigned cloud and enterprise SaaS/PaaS domains, fostering a culture of continuous improvement. Collaborate strategically with application and infrastructure stakeholders to identify key components and information sources — cloud environments, instances, middleware, applications, databases (Snowflake, MongoDB), M365 logs — influencing security architecture decisions. Engage with global multidisciplinary groups for triaging, defining scope, and investigating large-scale security incidents impacting diverse cloud and enterprise systems, acting as a central coordinator and trusted advisor to the CISO business function. Actively participate in threat modeling of new services and capabilities, readiness exercises such as purple team, tabletops, and CTFs — especially those involving cloud data, Snowflake, MongoDB, and M365 security scenarios — sharing expertise and influencing strategy. Qualifications: 6-10 years of relevant experience in Cloud Security and/or Incident Response Demonstrated technical expertise and genuine interest in Cloud security-focused services, tools, technologies and wider ecosystem Hands-on experience with security constructs and incident response within SaaS/PaaS offerings — specifically Snowflake, MongoDB, and M365 Security — including monitoring, threat detection, and response capabilities within these platforms Problem-solving capabilities with a strong understanding of security incident response processes, excellent technical documentation skills, and proven analytical skills to tackle novel, complex security challenges Experience with any l og aggregation & analytics tools such as Splunk, Sentinel, Chronicle and understanding of specific logging/auditing features of Snowflake, MongoDB, and M365 Security Tooling Experience with Aquasec, Wiz, AppOmni or similar cloud-native security platforms is a strong advantage Ability to operate independently with minimal oversight when dealing with technical analysis Relevant cloud focused certifications and accreditations are preferable, but not mandatory Education: Bachelor’s degree/University degree or equivalent experience Master’s degree preferred This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required. ------------------------------------------------------ Job Family Group: Technology ------------------------------------------------------ Job Family: Information Security ------------------------------------------------------ Time Type: Full time ------------------------------------------------------ Most Relevant Skills Please see the requirements listed above. ------------------------------------------------------ Other Relevant Skills For complementary skills, please see above and/or contact the recruiter. ------------------------------------------------------ Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi (opens in new window) . View Citi’s EEO Policy Statement (opens in new window) and the Know Your Rights (opens in new window) poster. Apply (opens in new window) #J-18808-Ljbffr Citi