Security Assessment Governance Analyst

• Establish controls framework for governing information security assessment processes in Citi
• Ensure Citi’s security assessment criteria are consistent and map Citi standards correctly
• Liaise with owners of information security standards to stay on top of changes
• provide standard owners feedback and partner with them to align standards with practice
• Liaise with cyber security architects and regulatory and compliance teams, translate their input into security assessment processes
• Identify and publish best practices practices for Citi’s security assessment criteria
• Ensure security assessment processes are documented and are in line with practice
• Support any audited partners with respect to security assessment, provide security assessments related deliverables, and represent the Security Assessment team on the audit
• Manage any audits on Security Assessments, in partnership with risk teams
• Lead audit preparation efforts related to security assessment processes, identify, investigate problematic cases to find a solution, escalate when needed
• Liaise with auditors on their expectations regarding security assessment processes

• Degree in a related discipline is strongly preferred
• At least 3-4 years of experience in similar role, such as information security governance, risk management, compliance or audit
• CISSP, CISM, CISA or CCSP exam, or willingness to pass one of these within one year
• A broad overview of information security disciplines and governance frameworks (ISO 27001, CobIT, NIST Cybersecurity Framework)
• Fluency in English
• Security mindset
• ability to think the way an attacker would think
• Ability and willingness to both read and write technical documentation
• Ability to oversee an IT architecture and assess it in terms of security
• Ability to learn and understand new technologies and systems
• Experience in multiple domains of IT or security, such as network security, identity management, key management, cloud security, software development, devsecops, etc. Hands-on experience in some areas is a plus
• Communication – excellent writing and verbal skills, ‘can do’ attitude

Hands-on experience in some areas is a plus

• Cafeteria Program
• Home Office Allowance (for colleagues working in hybrid work models)
• Paid Parental Leave Program (maternity and paternity leave)
• Private Medical Care Program and onsite medical rooms at our offices
• Pension Plan Contribution to voluntary pension fund
• Group Life Insurance
• Employee Assistance Program
• Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
• Flexible work arrangements to support you in managing work - life balance
• Career progression opportunities across geographies and business lines
• Socially active employee communities with diverse networking opportunities