The Corporate Center Information Security program supports the implementation of the Citi’s IS program initiatives and ensures there is an appropriate IS coverage for the businesses within its span of control. The Corporate program is seeking to hire a proficient and astute information security professional (ISP) with an excellent communication skill.

The incumbent will possess business smarts, acuity and gravitas and must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision. The individual fulfilling this role will work with Corporate Center GISOs, Senior Business Leaders, and applicable stakeholders to lead the coordination of relevant and consistent reporting that represents the risk posture for the component businesses to facilitate garnering support for IS initiatives within the sector.

The individual will work to ensure IS risks are proactively managed and effectively controlled, mitigated and/or remediated with Senior Business Heads’ support and buy-in. The ISP will work to ensure Citi's information is protected by effectively applying the Confidentiality, Integrity and Availability framework as required by Citi IS policy and standards.

The ISP will partner with the business to ensure information risks are identified, assessed, mitigated and controlled through the deployment of a sustainable information security risk management program.

The incumbent will also work with the business and ISOs to recommend changes, enhancements or additions to the security controls of business applications that will enhance the Information Security profile of the organization's processes. As needed, the ISP will work with application development organizations to assist in the development of strategies and plans for improving both Architecture and application security. In this role it is necessary to insure the technology is in compliance with Information Security standards and meets the specific business goals.

Supports  end to end information security work for assigned businesses.

∙ Prepares periodic IS reports for senior management summarizing the risk posture for the business.

∙ Interprets and translates the information security requirements of the business IS program into technical requirements.

∙ Monitors changes in the risk profile of the highly critical systems.

∙ Provides ad-hoc security advice.

∙ Supports risk assessments whenever expertise is required. 

∙ Assists the system development and/or the Security Incident Response Teams in the investigation of incidents, and infrastructure units in identifying IS risks and the appropriate controls for development, day-to-day operation, and remediation of non-compliance.

Additionally, the incumbent:

- Responds to security events by initiating and coordinating emergency actions to protect the business unit from an imminent loss of information or value 

- Provides guidance preparing for audits, resolving audit findings and ensuring closure

- Reports IS non-compliance issues to the Business as applicable with appropriate documentation 

- Recommends and facilitates implementation of security solutions according to Citi's Information Security Policy and Standards

- Continuously reviews and becomes familiar with applicable all sections of Citi’s IS Standards

- Helps to determine the appropriate levels of controls to safeguard sensitive data and validate those controls are being implemented.

4+ years hands-on experience in Information Security with demonstrable, game-changing accomplishments in the Information Security area.

∙ Demonstrable superior communication skills at all levels and within the user community as well as with technology staff; specifically, the ability to translate “technical jargon" into common business language is a must; so incumbent must have a proven experience communicating with, and influencing senior business and technology leaders

∙ BS degree in Information Security/Computer Science/Electrical, Mechanical Engineering /Information Technology. An advanced degree in a relevant business area will be considered a positive.

∙ At least one Industry related certification such as Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), or Certified Information Systems Security Professional (CISSP) is highly desired

-------------------------------------------------

Grade :All Job Level - All Job FunctionsAll Job Level - All Job Functions - US

------------------------------------------------------

Time Type :Full time

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity CLICK HERE.

To view the "EEO is the Law" poster CLICK HERE. To view the EEO is the Law Supplement CLICK HERE.
To view the EEO Policy Statement CLICK HERE.
To view the Pay Transparency Posting CLICK HERE.