Business Information Security - Senior Analyst will support and provide guidance on the implementation and execution of the IS Program and Strategies that align with Citi Information Security Standards for the US Mortgage Sales and Origination and Technology organizations. The individual will work to ensure IS risks are proactively managed and effectively controlled, mitigated and/or remediated with Senior Business Head support and buy-in.
Information Security Implementation:
• Actively supports the execution of the IS program and other plans developed by the Business or as applicable.
• Strong working knowledge related to Governance, Controls, Development and Monitoring.
• Support data owners and provide guidance related to access, usage, storage, and sharing of all data including existing and emerging data (e.g. digital, unstructured).
• Working knowledge related to Operations and Technologyrisks and control management.
• Practical knowledge with Consumer Operations, Vendor Oversight, Data Security, regulatory risk and AML/KYC controls.
• Ability to support a digital transformation related to customer experience and needs.
• Engages with senior leaders to address, identify and/or escalate security concerns and emerging risks.
• Provides the business and senior management with strategic security guidance to ensure consistency in development/deployment globally.
• Identify key risks to applications and understand business risk tolerance in order to identify solutions and provide guidance.
• Reports IS issues/risks to the Business as applicable with appropriate documentation and supports the response to securityevents.
• Implement security solutions according to Security Policy and Practices established by Citigroup.
• Determine the appropriate levels of controls to safeguard sensitive data and validate those controls are being implemented.
• Manage the Risk Assessment process to include asset inventory, system criticality, data classification, threat analysis and action plans.
• Provide guidance preparing for audits, support the resolution of audit findings and ensuring closure.
• Work with the Business to develop processes and procedures to ensure information security policies and standards are integrated.
• Review Vendor Security Questionnaires and/or Vendor Onsite Security Reviews. Guide the business in development of action plans while reporting and tracking to closure all information security issues resulting from Security Assessments, Audit, Risk Assessment, Ethical Hacks, Vendor Reviews, etc.
• Engages/connects with the Cyber Intelligence Center to ensure constant awareness of emerging risks
Awareness & Training:
• Creates and facilitates awareness and training programs as needed based on issue/risk trends.
• Promote awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit.
• Manage an aggressive program to promote employees’ awareness and understanding of Information Security Policy, Standards & procedures.
• Distribute information security awareness materials and publications appropriately within the business.
• Build relationship and engage frequently with the Business and IT leads.
• Frequently interact with, and educate the Business and IT team on current issues and overall status of the information security program.
• Help drive best practices between organizations and countries.
• Identify key business contacts to ensure adequate coverage for the business’ security program.
• Support both internal and external audits.
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.
Citi’sMission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients’ and the public’s trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.
Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop to are widely available to all.
• Bachelor’s Degree preferred but not required in lieu of related successful and applicable experience, certifications (i.e. CISSP, CISM, CISA or CIPP) and/or project management experience
• 3+ years of Information Security experience
• Past experience with multiple IS program element areas, including, Risk Assessment, Third Party Assessment, Data Protection, Application Security, etc.
• Experience with interpretation and application of IS
• Experience with Third Party Information Security requirements
• Strong risk analysis and problem solving skills
• Knowledge of business, regulatory and compliance requirements
• Project management skills
• Understanding of the IS risks that are inherent to the Business and access to technical security resources as necessary
• Ability to manage and prioritize responsibilities through the effective use of time management and organizational techniques. Must be able to apply analytical skills to improve performance of all securityassociated projects and initiatives
• Strong strategic thinking skills to support global projects. Must have the ability to look horizontally across the global community in addition to supporting the individual (vertical) business areas. Support the implementation of global control framework consistent across the various regions
• Must have strong planning and organizing skills and the ability to work well with seasoned and inexperienced team members. Must be flexible and be able to lead and/or manage several projects simultaneously. Must be able to work through cross-departmental situations, track performance, communicate expectations, anticipate and recognize problems, and when appropriate, escalate appropriately
• Ability to interact and communicate both written and verbally with the Business and technology representatives. Have capacity to communicate with both the Business and the Technology groups to effectively facilitate issues and requirements. Strong written skills are required in the documentation of policies, procedures and standards as they apply to security
• Must be able to help motivate team members and project owners to successful completion of required projects
• Excellent leadership skills required to direct and advise areas of the business on information security matters. Must be positive and lead by example. Must be proactive and forward thinking
• Ability to create metrics, presentations and other documents as needed
• Knowledge of Privacy and Payment Card Industry (PCI) a plus