Third Party Information Security Assessor

• Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers
• Perform assessments on-site at supplier locations or remotely via conference calls
• Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls
• Analyze the information to identify information security weaknesses or non-compliance with Citi standards
• Produce detailed documentation of assessments and ensure stakeholder understanding of gaps identified
• Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks

• Industry certification such as CISSP, CISA or CISM is a plus
• 6+ years experience in a similar IT Audit, Assessor, or Information Security Officer role
• Demonstrated in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains, including governance & risk management, access control, cryptography, physical security, security architecture and design, business continuity/disaster recovery planning, network security, application & operations security and compliance/incident management
• Excellent technical and/or IT audit background in/practical knowledge of a wide variety of technologies, including server infrastructure & operating systems, network & web infrastructures, database architecture and intrusion detection/prevention systems
• Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques
• Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines
• Exemplary ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person
• Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately
• Excellent risk analysis and problem-solving skills
• Must be flexible to ensure assessments are performed by the mandated compliance date and be able to manage multiple assessments simultaneously
• Position requires travel (both US domestic and international - Canada) on an average of 25%
• Bachelor’s degree/University Degree or equivalent experience

Certification such as CISSP, CISA or CISM is a plus

• Medical, dental & vision coverage
• 401(k)
• Life, accident, and disability insurance
• Wellness programs
• Paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays