The Information Security Operations (ISO) Sr. Analyst is an intermediate level position responsible for leading efforts to prevent, monitor and respond to information / data breaches and cyber-attacks.
The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.
Address security issues identified in the various information security programs
Review and address issues identified within various Information Security (IS) programs and ensure all IS issues related to Internal Audit, and External Auditors are closed by their original target date
Improve the efficacy of governance processes by identifying risks, monitoring controls, and remediating issues
Establish cross-sector working relationships and complete weekly awareness discussions with local team to efficiently tackle security issues
Ensure risk exceptions are raised, registered and closed on a timely basis and communicate updates and changes to the global standards
Complete Risk Assessment process, including completing accurate inventory reporting, data classification, threat analysis, and action plans
Test and validate that the business complies with applicable IS requirements; develop and implement IS policies and procedures
Determine and validate appropriate level of controls are being implemented to safeguard sensitive data
Develop Corrective Action Plans for all Information Security-related gaps and approve all closures through reviewing evidence to ensure each closure meets Citi Requirements
Assume informal / formal mentorship role within teams and assist with the coaching and training of new team members
Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
5-8 years of relevant experience
Proficient in interpreting and applying policies, standards and procedures
Consistently demonstrates clear and concise written and verbal communication
Proven influencing and relationship management skills
Proven analytical skills
Bachelor’s degree / University degree or equivalent experience
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
Key Responsibilities :
Work directly with IT development units and relevant stakeholders (e.g. Control officers, Technology Mgmt) to facilitate the execution of Citi’s Information Security risk assessment and risk management processes
Perform Information Security assessments , in conjunction with Sr. Application Security Architect, for key business applications (e.
g. high franchise and high financial risk) to determine that the appropriate technical / process solutions are in place to protect assets.
Work with business and technology management to drive the information security program and information risk management activities including Identity Access Management
Provide strategic risk guidance for business and technology projects, including the evaluation and recommendation of IS controls
Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
Participate / provide, as required, IS awareness training programs for employees, contractors and approved system users.
Reporting and Governance Responsibilities
Compile data and prepare application IS risks reports for management
Analysis and identification of potential non-compliance issues
Monitor progress of corrective action plans and risk exceptions
Lead and / or contribute to ad-hoc requests and projects as required
Act as subject matter expert on Application Information Security topics during Audit meetings
Identify opportunities for process improvement
Facilitate compliance to defined standards and develop tools to assist compliance
Alignment of processes across regions and globally, where possible
Participation in Corporate and GFTS-level working groups
Specifications / Qualifications :
7+ years in Information Technology and / or Information Security as Security Architect or Application Architect with Security knowledge and skill
Bachelor's degree in Technology or equivalent work experience
Experience in Application Security and Identity Access Management
Grade : All Job Level - All Job FunctionsAll Job Level - All Job Functions - IN
Time Type :
Citi is an equal opportunity and affirmative action employer.
Minority / Female / Veteran / Individuals with Disabilities / Sexual Orientation / Gender Identity.
Citigroup Inc. and its subsidiaries ("Citi ) invite all qualified interested applicants to apply for career opportunities.
If you are a person with a disability and need a reasonable accommodation to use our search tools and / or apply for a career opportunity CLICK HERE.
To view the "EEO is the Law" poster CLICK HERE. To view the EEO is the Law Supplement CLICK HERE.
To view the EEO Policy Statement CLICK HERE.
To view the Pay Transparency Posting CLICK HERE.