Business Information Security Officer

Job description

• Provides Regional Information Security Officer with program management support for the production of monthly IS metrics
• Prepares periodic IS reports for senior management summarizing the risk posture for the business
• Establishes communication channels with cross-sector ISOs with an aim of strengthening relationships to efficiently tackle security issues that span multiple businesses.
• Provides guidance preparing for audits, resolving audit findings and ensuring closure. Assists with the strengthening of controls and process
• Attends and participates in internal/external forums and risk committees where appropriate
• Supports Global Information Security policy, standards development and initiatives implementation
• Participates in the IS community on committees and cross-business / functional opportunities
• Communicates and interacts regularly with employees and business management on IS related programs, policies, and standards
• Provides general IS consulting services including interpretation and/or clarification
• Demonstrates extensive understanding of IS standards and best practices across multiple disciplines
• Proactively engages with counterparts (in different disciplines) and teams to enhance risk oversight
• Helps security incident response teams resolve and close the investigation of incidents with proactive suggestions. Conducts SIRT analysis and follow ups
• Assists in the definition and implementation of IS standards at the business level to ensure that procedures and practices comply with Citi standards
• Focuses on process improvements, removing deficiencies and enhancing current tools for reducing overall risk profile
• Develops corrective action language for all IS-related gaps and approves all closures
• Reviews status of business IS program and oversees corrective action when necessary
• Collaborates to create Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools
• Performs IS awareness and training activities, including IS education of new employees.
• Interprets and translates the information security requirements of the business IS program into technical requirements

Requirements

• 5+ years’ experience in IS or other Risk Management activities and at least 3 IS programs including, but not limited to, Audit Reviews, IS Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment
• Knowledge of key government regulations and local laws
• An awareness of the fundamentals of information security
• Project management experience
• Good understanding of IS policies, standards and procedures
• Understanding of the IS risks that are inherent to a business
• Working knowledge of the technology aspects of security
• Sophisticated verbal and written communications skills
• BS degree in Information Security/Computer Science/Electrical, Mechanical Engineering /Information Technology. An advanced degree in a relevant business area will be considered a positive
• Certified Information Systems Security Professional desired
• Outstanding organizational and administrative skills
• Ability to work as part of the team
• Self-starter, who takes ownership and shows proactive attitude
• Fluent in English is a must
• Further Industry related certification such as CISM or CISA or ISO 27001 Lead Auditor is an advantage

We offer

• Build on current expertise in IS with interaction with Senior Regional Business Management, Regional/Sector IS Heads and Global IS Program Leadership
• Working in a challenging area of the financial industry with one of the world's leading companies
• Exposure on multinational project oriented regional and global teams
• Extended business understanding and commercial awareness
• Competitive compensation package and excellent benefits