Head of Infrastructure, Application Security

Description

Head of Infrastructure & Application Security

Location: Iselin, NJ (Preferred); Johnston, RI; Westwood, MA; Boston, MA, Phoenix, AZ; Plano, TX, Columbus, OH
Department: Information Security
Reports To: Chief Information Security Officer (CISO)

About the Role

Citizens Bank is seeking an experienced and visionary Head of Infrastructure & Application Security to lead and expand our security strategy across cloud, network, endpoint, and application environments. This senior leader will play a critical role in ensuring the confidentiality, integrity, and availability of the bank’s systems and data.

The ideal candidate is a strategic thinker and hands-on leader with deep technical expertise in infrastructure and application security, experience in highly regulated industries, and the ability to influence across business and technology teams.

Key Responsibilities

Leadership & Strategy

• Define and execute a comprehensive security strategy covering infrastructure, applications, and vulnerability management aligned to business and regulatory requirements.
• Build and lead a high-performing team of cloud, network, endpoint, and application security professionals.
• Partner with enterprise architecture, IT, and operations leaders to embed security into all technology initiatives.

Cloud Security

• Oversee the design and implementation of secure cloud infrastructure across public, private, and hybrid environments.
• Ensure compliance with security frameworks, regulatory expectations, and industry best practices (e.g., NIST, FFIEC, ISO).
• Lead cloud security posture management and threat detection programs.

Network Security

• Manage and enhance network security architecture, including firewalls, IDS/IPS, and segmentation.
• Oversee secure connectivity across internal, external, and third-party environments.
• Drive resiliency and monitoring to prevent and detect advanced threats.

Endpoint Security

• Lead the strategy for securing laptops, mobile devices, and virtual desktop environments.
• Implement endpoint detection and response (EDR), mobile device management (MDM), and zero-trust access principles.
• Ensure a frictionless but secure end-user experience.

Application Security

• Establish and oversee secure software development lifecycle (SDLC) practices.
• Implement application security testing (SAST, DAST, IAST) and code review processes.
• Partner with development teams to integrate security into DevOps and CI/CD pipelines.

Vulnerability Management

• Develop and lead an enterprise vulnerability management program across infrastructure and applications.
• Ensure timely identification, prioritization, and remediation of vulnerabilities.
• Provide executive-level reporting on vulnerability posture and risk reduction progress.

Governance & Risk Management

• Establish policies, standards, and metrics to measure security posture.
• Partner with Risk, Audit, and Compliance to ensure continuous alignment with regulatory obligations.
• Provide regular updates and metrics to the CISO, senior executives, and board committees.

Qualifications & Experience

• 12+ years of progressive experience in cybersecurity, with at least 5 years in leadership roles.
• Deep expertise in infrastructure and application security within complex enterprise environments.
• Experience in the banking or financial services industry (preferred).
• Strong understanding of regulatory and compliance frameworks (e.g., FFIEC, SOX, GLBA, NIST, PCI).
• Proven ability to build, mentor, and scale high-performing teams.
• Excellent communication and executive presentation skills.

Education

• Bachelor’s degree in Computer Science, Cybersecurity, or related field (Master’s preferred).
• Industry certifications such as CISSP, CISM, CCSP, or equivalent are a plus.Work Schedule: Monday–Friday

Pay Transparency

• The salary range for this position is $185,000 - $240,000 per year plus an opportunity to earn an annual discretionary bonus. Actual pay is based on various factors including but not limited to the work location, and relevant skills and experience.
• We offer competitive pay, comprehensive medical, dental and vision coverage, retirement benefits, maternity/paternity leave, flexible work arrangements, education reimbursement, wellness programs and more. Note, Citizens’ paid time off policy exceeds the mandatory, paid sick or paid time-away policy of every local and state jurisdiction in the United States. For an overview of our benefits, visit https://jobs.citizensbank.com/benefits.

Some job boards have started using jobseeker-reported data to estimate salary ranges for roles. If you apply and qualify for this role, a recruiter will discuss accurate pay guidance.

Equal Employment Opportunity

Citizens, its parent, subsidiaries, and related companies (Citizens) provide equal employment and advancement opportunities to all colleagues and applicants for employment without regard to age, ancestry, color, citizenship, physical or mental disability, perceived disability or history or record of a disability, ethnicity, gender, gender identity or expression, genetic information, genetic characteristic, marital or domestic partner status, victim of domestic violence, family status/parenthood, medical condition, military or veteran status, national origin, pregnancy/childbirth/lactation, colleague’s or a dependent’s reproductive health decision making, race, religion, sex, sexual orientation, or any other category protected by federal, state and/or local laws. At Citizens, we are committed to fostering an inclusive culture that enables all colleagues to bring their best selves to work every day and everyone is expected to be treated with respect and professionalism. Employment decisions are based solely on merit, qualifications, performance and capability.