Cyber Defense Analyst, Citi

Citi

Location:
Mexico, Ciudad De Mexico

Category:
IT - Software Development

Contract Type:
Employment contract

Salary:

Not provided

Save Job

Apply Position

Job Description:

The cyber defense analyst for Services within the Business, Functions and Technology (BFT) is responsible for maintaining a secure technology ecosystem free from high-risk vulnerabilities and rapidly responding to the changing threat landscape and business demand to mitigate cyber risk for the Services business.

Job Responsibility:

Ensure business and technology remain within risk tolerance for all applicable Cybersecurity risk appetites and sustain it with the consistent operating model
Enhance current vulnerability management (VTM) operating model in line with BFT Risk Governance organization with Path-to-appetite and reporting
Timely escalate to CISO Leadership and Businesses and ensure VTM risk treatment responses are entered in a timely fashion
Support Vulnerability Organization to improve the quality and integrity of VTM/GEM reports
Continue supporting vulnerability management Uplift Program activities and reduce risk while reducing stakeholders’ pain-points (data/reporting, false positives, processes)
Perform root cause analysis of VA Issues and identification of repeated offenders for high risk vulnerabilities
Conduct security reviews to check for security compliance to Bank’s requirements
Identify areas of repeating SIRT incidents, related trending and work with technology team and ISO contacts in reducing repeat volume instances
Identify opportunities for improving SIRT workflow efficiencies and developing reporting which better reports on root causes for bringing down repeat instance volumes
Work with SIM and ISO community to facilitate the adherence of SIRT reporting timelines as per defined within SIRT standard, as well as identify deviations and its cause
Define and document escalation and response procedures between IR CFSC and Cyber Defense
Document/update a Cyber Response plan or guideline to complement Business or Country Crisis Management Plans and support Crisis Management Team training.

Requirements:

Ensure business and technology remain within risk tolerance for all applicable Cybersecurity risk appetites and sustain it with the consistent operating model
Enhance current vulnerability management (VTM) operating model in line with BFT Risk Governance organization with Path-to-appetite and reporting
Timely escalate to CISO Leadership and Businesses and ensure VTM risk treatment responses are entered in a timely fashion
Support Vulnerability Organization to improve the quality and integrity of VTM/GEM reports
Continue supporting vulnerability management Uplift Program activities and reduce risk while reducing stakeholders’ pain-points (data/reporting, false positives, processes)
Perform root cause analysis of VA Issues and identification of repeated offenders for high risk vulnerabilities
Conduct security reviews to check for security compliance to Bank’s requirements
Identify areas of repeating SIRT incidents, related trending and work with technology team and ISO contacts in reducing repeat volume instances
Identify opportunities for improving SIRT workflow efficiencies and developing reporting which better reports on root causes for bringing down repeat instance volumes
Work with SIM and ISO community to facilitate the adherence of SIRT reporting timelines as per defined within SIRT standard, as well as identify deviations and its cause
Define and document escalation and response procedures between IR CFSC and Cyber Defense
Document/update a Cyber Response plan or guideline to complement Business or Country Crisis Management Plans and support Crisis Management Team training.

Additional Information:

Job Posted:
November 19, 2025

Employment Type:

Fulltime

Work Type:

Hybrid work

View All Jobs In This Company

Job Link Share:

Cyber Defense Analyst