Jobs
City logoCity

Country Information Security Officer (Hybrid)

POSITION OBJECTIVE

Country Information Security Officer (ISO):

  • Is accountable for all IS activities that are relevant to the franchise.
  • Performs IS activities as his/her primary function.
  • The ISOs primary area of focus is the IS Risk Management for the Business they support and its processes.
  • The Information Security Officer (ISO) is a senior professional responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks.
  • The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with applicable regulations and Citi's data security policy.

RESPONSIBILITIES AND DUTIES

  • Communicates and interacts regularly with employees and business management on IS related programs, policies, and standards.
  • Integrates CISO priorities into day-to-day business. Engages TISO, SME or senior ISO where additional technical knowledge is required.
  • Communicates with the key stakeholders, ie. business managers, function heads, Technology, ISOs, senior ISOs; escalates as appropriate.
  • Provides general IS consulting services including interpretation and/or clarification.
  • Exercises oversight to the IS program within the business, including programs, policies, and related reporting.
  • Assists in the definition and implementation of IS policies and standards at franchise level to ensure that procedures and practices comply with Citi policies, standards, procedures and Local Regulatory requirements.
  • Enforces compliance; demonstrates extensive understanding of IS standards and best practices across multiple disciplines.
  • Present Information Security updates at BRCC and other senior committees, forums.
  • Assist business in ensuring a successful rating in the IA (Internal Audit) as well as other internal & external audits.
  • Performs IS awareness and training activities, including IS education of new employees.
  • Ensures IS awareness materials are distributed per requirements.
  • Conduct risk assessments of the processes, platforms and applications being used within the business.
  • Ensures IS Risk Assessment is performed according to Citi standards by partnering with the businesses throughout the ISRA process and determines the impact of control deficiencies.
  • Highlight issues to senior management and assist in ensuring that Risk Acceptances or Corrective Action Plans are in place for the business in non-compliance area and track corresponding corrective actions via iCAPS. Supports development of corrective action language for all IS-related gaps and when necessary provides inputs for the closures by reviewing evidence to ensure the closure meets Citi requirements or industry best practices.
  • Ensures the franchise is familiar with and follows SIRT process. Helps security incident response teams resolve and close the investigation of incidents with proactive suggestions.
  • Assist with the review of all third parties that qualify for IS assessments in accordance with TPISA guidelines. Supports business by reviewing Third Party contract language as it relates to IS.
  • Ensures Information Owners review CSI, provides oversight for the IS-related field accuracy.
  • Ensure that semi-annual entitlement reviews (EERS and Manual Entitlement Reviews) are conducted as required, provides guidance as and when required.
  • Keeps oversight for entitlement review quality, Segregation of Duties, Toxic Combinations.
  • Assist in ensuring EUC related processes are in place and inventories are maintained.
  • Ensures schedule of VA testing and remediation of issues identified during testing process as per relevant processes.
  • Ensures business is in compliance with Citi’s Data Protection program in order to protect sensitive Citi data. Focuses to ensure compliance with Secure Email, Content Monitoring, Endpoint Monitoring, Portable Media, Secure File and Data Transfer related requirements. Where full compliance is not feasible for justified reasons ensures Risk Exception and appropriate compensating controls are in place to mitigate the risks.
  • Reviews Standalone PC inventory to ensure compliance with Citi IS policies and standards.
  • Oversees high risk privileges, USB, Administrative Access assigned to business users and ensures the entitlements are justified and risk exception is raised to cover high risk privileges.
  • Participates in Information Security / Internal Audit seminars / workshops / training sessions to keep abreast with latest technologies, audit tools and skills.
  • Reviews the quarterly Phishing test results conducted throughout Citigroup and take the necessary actions (such as conducting additional training, reporting the results to senior management).
  • Actively contributes to and assists IT risk management activities in terms of information security, classification of information assets and confidentiality, integrity and accessibility criteria of information assets.
  • Follows compliance with legislations, Citi policies and standards, procedure and process documents related to information security.
  • Takes part in the Information Security Committee and coordinates the activities of the committee.
  • Acts as a contact person to ensure communication between the local regulatory cyber security center and the Citi cyber security team regarding cyber security incidents.

*In spite of the responsibilities and duties mentioned above, additional responsibilities can enlarge the job description according to conditions and needs

QUALIFICATIONS

  • Interpretation, guidance with policy and standard
  • Experience with IS programs including risk assessment, training and awareness, third party assessment, identity and entitlement management, secure workplace, and incident management
  • Experience in Risk and Control Environment
  • Strong risk analytics and problem solving skills
  • Understanding of the IS risks that are inherent to a business
  • Experience with internal and external audits
  • Ability to work well with others at all levels of management
  • Strong communication and presentation skills
  • Fluent English language skills
  • Good negotiation, communication skills, ability to influence others and negotiate with internal and external parties.
  • Industry certification recommended (CISA, CISSP, CISM etc.)

-------------------------------------------------

Job Family Group:

Technology

-------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting

Cyber Security Jobs by Category

Full Time jobsCISM jobsCISO jobsAudit jobsIncident Response jobsConsulting jobsContract jobs

Cyber Security Salaries

Full Time SalaryCISM SalaryCISO SalaryAudit SalaryIncident Response SalaryConsulting SalaryContract Salary