This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
The Info Sec Prof Lead Analyst is an intermediate level position responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.
Job Responsibility
Develop corrective action language for Information Security (IS) gaps and ensure risk closure meets Citi requirements or industry best practices
Facilitate the implementation of approved IS tools and identify/recommend new or improved security solutions or emerging technologies
Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions
Ensure IS compliance and seek opportunities to enhance the efficiency of IS policies and procedures
Identify significant IS threats and vulnerabilities, and define appropriate controls for discovered threats, documenting the business response
Disseminate changes to IS regulations and standards to Business and Program owners
Provide Information Security advice and counsel as needed
Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers
Perform assessments on-site at supplier locations, including availability for travel to other countries in the region, or remotely via conference calls
Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls
Analyze the responses and documentations to identify information security weaknesses or non-compliance with Citi standards
Produce detailed documentation of assessments and perform threat analyses of gaps identified
Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks
Requirements
6-10 years of relevant experience
Additional technical certifications are preferred
Demonstrated ability to research and apply current information regarding the IS field
Consistently demonstrates clear and concise written and verbal communication
Proven influencing and relationship management skills
Proven analytical skills
Bachelor's degree/University degree or equivalent experience
Master's degree preferred
5 years of experience in a similar IT Audit, Assessor, or Information Security Officer role
Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains including: Governance and risk management, access control, encryption, physical security, architecture and safety design, business continuity planning/ disaster recovery, network security, applications and operations security and incident management/compliance, as well as applicable laws and regulations
Excellent technical or IT audit background of a wide variety of technologies, including server infrastructure and operating systems, network and internet/telecommunications, database architecture and intrusion detection/prevention systems
Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques
Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines
Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately
Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person, mainly in Spanish but English is also desirable
Strong risk analysis and problem-solving skills
Must be flexible to ensure assessments are performed by the mandated compliance date and be able to manage multiple assessments simultaneously
Industry certifications such as CISSP, CISA or CISM are preferred, or capability to be certified in 12 months from the hiring date
Advanced English proficiency level is desirable
Bachelor's degree/University degree or equivalent experience
Nice to have
Additional technical certifications
Master's degree
Industry certifications such as CISSP, CISA or CISM, or capability to be certified in 12 months from the hiring date