Info Sec Prof Lead Analyst, Citi

Citi

Location:
Costa Rica, Heredia

Category:
IT - Administration

Contract Type:
Employment contract

Salary:

Not provided

Save Job

Apply Position

Job Description:

The Cyber Policy Governance & Consequence Management Team oversees the cybersecurity policy process, aligns policy requirements with industry frameworks and regulatory expectations, and manages workflow. This team connects cybersecurity policy owners and ensures regulatory compliance and risk reduction through investigations and policy control enhancements.

Job Responsibility:

supports the strategy for anchoring our standards in a modern control framework, aligning requirements to Citi’s cybersecurity risk tolerance, and establishing compliance monitoring as well as consequences for noncompliance
oversees the cybersecurity policy process and ensures policy owners adhere to the enterprise policies
closes gaps in control coverage, defines clear, measurable, and prescriptive requirements, and aligns with Citi’s global technology and risk management policy and standard requirements, as well as Citi’s global policy governance processes
establishes and maintains strong connections across the Cybersecurity organization and makes recommendations to senior leadership regarding policy and control enhancements
assesses information security investigation reports for accuracy, completeness, and fairness of an investigation prior to issuing disciplinary actions
identifies gaps and challenges any statements or conclusions that lack clear evidentiary backing for violations against information security policies
articulates the rationale and supporting evidence for disciplinary actions to senior management

Requirements:

6-10 years of relevant experience in the Information Security field
policy writing expertise, with the ability to present information clearly and concisely to a wide breadth of stakeholders / senior management
risk management experience, including regulatory assessments, audit interaction, and enterprise control frameworks
knowledge of industry control frameworks (e.g., CRI Profile, FFIEC CAT, NIST)
understanding of how investigations are conducted, including evidence collection, interview techniques, chain of custody, and forensic analysis - preferred
understanding of organizational risks and how investigations contribute to mitigating them
ability to meticulously examine documents, data, and statements for subtle discrepancies, omissions, or inconsistencies
excellent written and verbal communication skills
highly organized and capable of overseeing numerous endeavors
excels at orchestrating complex, multi-faceted projects
ability to motivate and manage by influence
self-starter who requires minimal supervision
results-oriented, high-energy, self-motivated
technical skills (e.g., system and network security, application security) preferred

Nice to have:

understanding of how investigations are conducted, including evidence collection, interview techniques, chain of custody, and forensic analysis
technical skills (e.g., system and network security, application security)
relevant certification (e.g., CISA, CISSP, CISM)

What we offer:

equal opportunity employer policies
global benefits designed to support well-being, growth, and work-life balance

Additional Information:

Job Posted:
August 19, 2025

Employment Type:

Fulltime

Work Type:

On-site work

View All Jobs In This Company

Job Link Share:

Info Sec Prof Lead Analyst