Citi Bi-Lingual (Spanish & English) Business Information Security Officer - VP - Irving, TX in Irving, Texas
Primary Location: United States,Texas,Irving
Education: Bachelor's Degree
Job Function: Risk Management
Shift: Day Job
Employee Status: Regular
Travel Time: No
Job ID: 16047694
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.
Citi’s Mission and Value Propositionexplains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients’ and the public’s trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.
Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop to are widely available to all.
Job Purpose: To manage and co-ordinate all Information Security activities, programs and initiatives for one or more Citi Technology Infrastructure business units.
Job Background/context: Information Secuirty is a primary area of focus for Citi. This key position reports to global information security GISO (Group Information Security Officer).
This position is a key member of the Citi Technology Infrastructure (CTI) global structure and supports the business to achieve it’s shared responsibility for meeting Global Technology Infrastructure strategic goals.
o Provide a single point of contact on Information Security for one or more Citi Technology Infrastructure business units in the Latam Region (CTI, CRS)
o Provide technical security advice to business units staff to help meet information security requirements.
o Provide oversight of business unit issue remediation activities
o Manage and support the completion of regular business unit IS actions, including Entitlement Review System, Third Party Security Assessments, and Information Security Risk Assessments.
o Support business units with their disclosure, recognition of control issues, including the review of all evidence to ensure that issues are managed to consistently high standards.
o Apply knowledge of standards, best practices, position papers and general process areas to coordinate the effective review of the entities operating processes and process control manuals commensurate with published risk methodologies and business strategies.
o Work with various risk teams in presenting recommendations for improvement to technology subject matter experts and management.
o Interface and engage with external parties reviewing the entities seeking external certifications or undergoing audits.
o Engage with cross sector, global and risk teams in the review and reengineering of key controls and processes to effectively and efficiently manage IS issues.
o Contribute to, interpret and disseminate IS policy, standards and awareness throughout the business units.
o Lead Global IS forums, such as BISO Working Group, Functional ID requirements or other as and when initiatives / programs are assigned by GISO
o Additional ad-hoc IS & Risk related initiatives and projects
o In-depth knowledge and understanding of CTI and CRS processes.
o In-depth knowledge and understanding of Windows, Unix Server, Database and Mainframe security.
o Knowledge of key government regulations and local laws.
o Experience with scripting and programming languages is a plus.
o Knowledge and understanding of emerging risk areas, e.g. mobile remote access, wireless technologies, DLP, cloud computing, etc.
o Demonstrated experience of working with ITIL, ISO 27001 and processes and procedures, including document controls
o Audit experience and exposure is essential
o Strong risk management background in a multi-national financial organization
o Spanish Language (oral and written) is required
o High level of proficiency with all MS Office products
o Excellent interpersonal and written skills
o Team leader and contributor
o Strong work ethic and excellent use of discretion and judgment
o Strong organizational ability
o Proven leadership skills
o Ability to build strong relationships between businesses and across countries
o Strong oral and written communicator
o Ability to analyse complex issues and present findings and potential solutions in plain-English to various levels of management
· Min 5 years of Information Security experience
· Bachelor’s degree or higher with a concentration in Information Technology or a related discipline
· Min 2 IS certifications or willingness to earn within 12 months of joining (CISSP, CISM, CISA or Equivalent)
· Technical expertise and hands-on experience (5-10 years) with two or more of the following technologies:
o Windows Server 2003, Active Directory, Exchange 2003/2007,
o Linux, Solaris, and other Unix based operating systems
o Firewalls, VPNs, IDS/IPS, Routers, Switches, Load Balancers.
o Web Servers (Apache, IIS, Sun One Web servers)
o Databases (Oracle, SQL server, Sybase)
o Thorough understanding of network architectures and protocols.
o SAN (Storage Area Networks), NAS (Network Attached Storage(, DASD (Direct Access Storage Devices), VTS (Virtual Tape Systems), Network Backup Solutions and Media Sanitization solutions
· Expert in IS programs including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Secure SDLC, Incident Management, Vulnerability Assessment, Third Party IS Assessment, Secure Configurations, Patch Management, etc.
• Proactively engage the businesses to identify, document and drive remediation of excessive risks and non-compliant activities.
• Escalate significant risks to the Regional/Sector IS Leadership for information or action.
• Demonstrate continuous improvement on all IS program by assessing and promptly reporting Corrective Action plan.
• Proactively engage with O&T counterparts (in different disciplines) and teams to enhance O&T risk oversight.
• Attend and participate in internal/external forums and risk committees where appropriate.
• Provide updates to business through established communication channels.
• Ensure that appropriate stakeholders are held accountable as to the state of their controls and that they understand their responsibilities as to risk mitigation and remediation.
• Informal and formal training needs are identified by the employee and discussed with management on an ongoing basis
• Focus on process improvements, removing deficiencies and enhancing current tools for reducing overall risk profile.
• Ensure compliance to security practices & standards reducing likelihood of audit, regulatory & legal liabilities.
• Contribute to improving overall VOE scores and participation level.
• Assist to pass with a satisfactory audit rating for all IS topics with no major IS issues.
• Ensure timely engagement and delivery on information security, business and/or technology initiatives and projects.
• Reduce security risks leveraging controls and minimizing weaknesses in our applications portfolio.
• Engage with Business Managers and business staff to ensure non-compliant items are addressed.
• Support GIS policy and standards development and initiatives implementation.
• Support the business in its initiatives by providing guidance on Information Security aspects of projects
• Provide a unified and holistic view of vulnerabilities and associated risk exposure.
• Establish communication channels with cross-sector ISOs with an aim of strengthening relationships to efficiently tackle security issues that span multiple businesses.