Vice President, Business Information Security Officer


Citi Business Information Security Officer (BISO)

The key accountability of a Citi Business Information Security Officer (BISO) is to protect Citi's information assets by interpreting and providing guidance on the application of Citi’s Information Security Standards and any regulatory information security principles or rules.

The BISO works directly with Consumer and Corporate Bank Operations and Technology teams and regional and global Information Security resources to provide oversight of local franchise’s compliance to Citi’s Information Security Standards.

The BISO’s responsibilities include:

  • Provide advice to the board and senior management that assists with the active maintenance of the franchise’s information security capability
  • Maintaining awareness of the information security landscape and providing timely advice and applicable lesson learned to the Board, senior management
  • Maintaining and socialising the country franchise’s Information Security Framework
  • Reporting to the local franchise’s Board on Citi’s Information Security Capability, Controls, areas of noncompliance, and information security incidents using relevant and timely data points and metrics
  • Advising the businesses on the completion of their IS Risk Assessments (ISRA) and other related IS-related compliance processes
  • Participating in vendor reviews providing advice to the Vendor’s Business Activity Owner on matters arising from vendor related IS reviews
  • Advising the business on their corrective action plans or their risk exceptions arising from Information Security Control Testing (such as Management Control Self-Assessments, Audits, Risk Assessments, Application or Infrastructure Vulnerability Assessments and vendor IS Reviews)
  • Responding to information security incidents with the timely initiation and coordination of emergency actions to protect the country franchise and its customers
  • Assessing and reporting on the adequacy of Citi’s information security control testing and assessment programmes and escalating any material control design or execution issues.
  • Providing relevant reporting to, and where required attending, Information Security and governance forums including the ISO forums, Systems & Operations Committee (SOC), Risk Governance Council, and Country Coordinating Committee meetings.

Key skills and experiences required:

  • Bachelor's Degree  required
  • Preferred industry certification(s) such as CISM, CISA or CISSP experience (preferred)
  • 4-7 years of experience working in an Information Security role
  • 2+ years experience working in IS program areas, including, IS Risk Assessment, Third Party Assessment, Identity & Entitlement, Security Incident Response.
  • The ability to analyze data and provide meaningful and relevant data driven advise in terms appropriate to the audience within agreed timeframes
  • Experience identifying core issues and appropriate corrective actions plans and tracking their progress to completion
  • Experience working with virtual teams, spanning several countries and several functional groups.
  • Experience working within a matrix reporting management structure and balancing local and regional objectives
  • Experience dealing prudential and financial services regulators and their regulatory frameworks
  • Experience preparing and delivering Board and C level reports regarding on information security capability and assessments

Diversity Summary

When you work at Citi, you will be working for an organisation that truly has a global footprint and a powerful network that spans the globe. We celebrate individual ingenuity and use the diversity of our people in order to drive high performance. Through dedicated support, training and resources, we promote our talent and future leaders to bring about lasting and positive impact. Citi Australia is an Employer of Choice for Women and supports a flexible work environment.

Personal information (as defined in the Privacy Act 1988) will be handled in accordance with our Privacy Policy. Please see www.citi.com.au/privacy

#LI-W

-------------------------------------------------

Grade :All Job Level - All Job FunctionsAll Job Level - All Job Functions - AU

------------------------------------------------------

Time Type :Full time

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity CLICK HERE.

To view the "EEO is the Law" poster CLICK HERE. To view the EEO is the Law Supplement CLICK HERE.
To view the EEO Policy Statement CLICK HERE.
To view the Pay Transparency Posting CLICK HERE.


Citi Business Information Security Officer (BISO)

The key accountability of a Citi Business Information Security Officer (BISO) is to protect Citi's information assets by interpreting and providing guidance on the application of Citi’s Information Security Standards and any regulatory information security principles or rules.

The BISO works directly with Consumer and Corporate Bank Operations and Technology teams and regional and global Information Security resources to provide oversight of local franchise’s compliance to Citi’s Information Security Standards.

The BISO’s responsibilities include:

  • Provide advice to the board and senior management that assists with the active maintenance of the franchise’s information security capability
  • Maintaining awareness of the information security landscape and providing timely advice and applicable lesson learned to the Board, senior management
  • Maintaining and socialising the country franchise’s Information Security Framework
  • Reporting to the local franchise’s Board on Citi’s Information Security Capability, Controls, areas of noncompliance, and information security incidents using relevant and timely data points and metrics
  • Advising the businesses on the completion of their IS Risk Assessments (ISRA) and other related IS-related compliance processes
  • Participating in vendor reviews providing advice to the Vendor’s Business Activity Owner on matters arising from vendor related IS reviews
  • Advising the business on their corrective action plans or their risk exceptions arising from Information Security Control Testing (such as Management Control Self-Assessments, Audits, Risk Assessments, Application or Infrastructure Vulnerability Assessments and vendor IS Reviews)
  • Responding to information security incidents with the timely initiation and coordination of emergency actions to protect the country franchise and its customers
  • Assessing and reporting on the adequacy of Citi’s information security control testing and assessment programmes and escalating any material control design or execution issues.
  • Providing relevant reporting to, and where required attending, Information Security and governance forums including the ISO forums, Systems & Operations Committee (SOC), Risk Governance Council, and Country Coordinating Committee meetings.

Key skills and experiences required:

  • Bachelor's Degree  required
  • Preferred industry certification(s) such as CISM, CISA or CISSP experience (preferred)
  • 4-7 years of experience working in an Information Security role
  • 2+ years experience working in IS program areas, including, IS Risk Assessment, Third Party Assessment, Identity & Entitlement, Security Incident Response.
  • The ability to analyze data and provide meaningful and relevant data driven advise in terms appropriate to the audience within agreed timeframes
  • Experience identifying core issues and appropriate corrective actions plans and tracking their progress to completion
  • Experience working with virtual teams, spanning several countries and several functional groups.
  • Experience working within a matrix reporting management structure and balancing local and regional objectives
  • Experience dealing prudential and financial services regulators and their regulatory frameworks
  • Experience preparing and delivering Board and C level reports regarding on information security capability and assessments

Diversity Summary

When you work at Citi, you will be working for an organisation that truly has a global footprint and a powerful network that spans the globe. We celebrate individual ingenuity and use the diversity of our people in order to drive high performance. Through dedicated support, training and resources, we promote our talent and future leaders to bring about lasting and positive impact. Citi Australia is an Employer of Choice for Women and supports a flexible work environment.

Personal information (as defined in the Privacy Act 1988) will be handled in accordance with our Privacy Policy. Please see www.citi.com.au/privacy

#LI-W

-------------------------------------------------

Grade :All Job Level - All Job FunctionsAll Job Level - All Job Functions - AU

------------------------------------------------------

Time Type :Full time

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity CLICK HERE.

To view the "EEO is the Law" poster CLICK HERE. To view the EEO is the Law Supplement CLICK HERE.
To view the EEO Policy Statement CLICK HERE.
To view the Pay Transparency Posting CLICK HERE.

Are you viewing this job on LinkedIn? Click here to apply