The Information Security Program Lead Analyst is a senior level professional responsible for driving efforts to support governance, risk and compliance for CISO at Citi. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's cyber and information security policy. The role is part of the Global Cyber Risk & Issue Management and Reviews Team.
Responsibilities:
Production of monthly IS metrics for multiple legal entities and regional governance bodies.
Prepares periodic IS reports for senior management summarizing the risk posture for the business.
Provides guidance preparing for audits, resolving audit findings and ensuring closure. Assists with the strengthening of controls and process to pass audits with a satisfactory audit rating for all IS topics with no major IS issues.
Prepare and manage responses to regulatory bodies on behalf of the CISO regional leadership.
Preparation of management information.
Support governance of risk exceptions, issues, and corrective action plans.
Ensures that approvals and reviews are executed when needed.
Proactively engages with counterparts (in different disciplines) and teams to enhance risk oversight.
Establishes communication channels with cross-sector ISOs with an aim of strengthening relationships to efficiently tackle security issues that span multiple businesses.
Strong stakeholder management skills needed to effectively influence and communicate cyber risk.
Proactively builds relationships across peers and stakeholders within the geographies.
Focuses on process improvements, removing deficiencies and enhancing current tools for reducing overall risk profile.
Participates in the IS community on committees and cross-business / functional opportunities.
Attends and participate in internal/external forums and risk committees where appropriate.
Demonstrates extensive understanding of IS standards and best practices across multiple disciplines.
Complete additionally any other tasks in connection with the role but not detailed in the current job description, charged by the direct manager, supervisor, or the functional head.
Support the implementation of the IS Training Plan, by verifying training participants completed the training and understand IS requirements.
Ensure appropriate governance applied to regional cyber programs.
Escalate significant risks to the Regional/Sector IS Leadership for information or required actions.
Attend and participate in internal/external IS forums and risk committees when necessary.
Manage audits in line with CISO expectations and in partnership with peers from other product lines.
Ensure non-compliant items are resolved through coordination with colleagues across CISO and the legal entities.
Support the CISO policies, standards, and initiatives development and implementation.
Has the ability to operate with a limited level of direct supervision.
Can exercise independence of judgement and autonomy.
Acts as SME to senior stakeholders and /or other team members.
Qualifications:
6-10 years of relevant experience
Proficient in interpreting and applying policies, standards and procedures.
Consistently demonstrates clear and concise written and verbal communication.
Proven influencing and relationship management skills
Proven analytical skills.
Education:
Bachelor's degree/University degree or equivalent experience
Master's degree preferred.
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
------------------------------------------------------
Job Family Group:
Technology------------------------------------------------------
Job Family:
Information Security------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity reviewAccessibility at Citi.
View the "EEO is the Law" poster. View theEEO is the Law Supplement.
View theEEO Policy Statement.
View thePay Transparency Posting