Citigroup Technical Information Security Officer (TISO) - Core Infrastructure Technologies in Irving, Texas
Information Security is a primary area of focus for Citi. This position reports to a Group ISO and is a key member of the Global Information Security team supporting the Engineering and Infrastructure Technology organizations.
The purpose of this position is to manage and co-ordinate all Information Security activities, programs and initiatives for the End-User Computing Services, Shared Enterprise Infrastructure Services, including Architecture, Engineering & Operations.
The Technical Information Security Officer (TISO) is the role that supports the implementation of the IS program. TISOs provide advice and oversight to ensure that businesses related processes and procedures are in compliances with Citi’s Information Security Policies.
Key Responsibilities :
• Provide security guidance to engineering and operations partners to help them meet Information Security requirements.
• Proactively engage the businesses to identify, document and drive remediation of excessive risks and non-compliant activities
• Influence and support corporate IT Information Security policies
• Create and review security metrics to measure security effectiveness
• Monitor security violations and driving resolutions to security policy
• Ensure that appropriate stakeholders are held accountable as to the state of their controls and that they understand their responsibilities regarding risk mitigation and remediation
• Partnering with IT Teams to ensure that IT systems are managed, operated and designed to minimize risk
• Escalate significant risks to the Regional/Sector/Global IS Leadership for information or action
• Act as point of contact to executive leadership for dimensioning, managing and driving remediation of information security risks
• Facilitate, attend and participate in internal/external meetings and risk committees
• Provide updates to business groups, partners and senior management through established communication channels
• Reduce security risks by leveraging controls and minimizing weaknesses in Citi’s Infrastructure portfolio
• Engage with Business Managers and staff to ensure non-compliant items are addressed in timely fashion
• Ensure compliance to security practices & standards. Reducing likelihood of audit findings, regulatory & legal liabilities
• Engage with cross sector, regional, global risk and control teams in the review and reengineering of key controls and processes to effectively and efficiently manage IS issues
• Contribute to, interpret and disseminate IS policy, standards and awareness throughout the business units
• Ensure timely engagement and delivery on information security, business and/or technology initiatives and projects
• Protect the firm by following sound risk management protocols and adhering to regulatory requirements
• Bachelor’s degree (or higher with a concentration in Information Technology or a related discipline) or equivalent work experience.
• 3+ years of Information Technology and/or Security experience
• Knowledge in IS programs including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Secure SDLC, Incident Management, Vulnerability Assessment, Third Party IS Assessment, Secure Configurations, Patch Management, etc.
•Experience working with ISO 27001 and related processes and procedures.
• 2 IS certifications preferred, or willingness to earn within 12 months of joining (CISSP, CISM, CISA or Equivalent)
• Ability to provide effective leadership and subject matter expertise in Information Security topics to senior management, technology and business partners.
• Employ influencing skills to obtain buy-in and participation from various groups and stakeholders without direct control.
• Build and maintain collaborative relationships with partners, clients and peers.
• Ability to communicate effectively at different levels of the organization, and with various technical and business audiences.
• Excellent problem solving abilities and analytical skills. Ability to see the big picture with high attention to critical details.
• Results oriented, is able to achieve desired outcomes independently and at appropriate priority levels.
Technical Skills :
• Expert level knowledge of Infrastructure and Security Architectures
• Direct experience with infrastructure and security technologies including network technologies, certificate authorities, cloud access security brokers, network access control, identity and access management technologies, etc.
• Good understanding of security constructs like encryption, DLP, Anti-Malware, IAM, mobile technologies, networking protocols and infrastructures design.
• Knowledge of Cloud deployment models and associated security risks.
Job Family Group:
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi (https://www.citigroup.com/citi/accessibility/application-accessibility.htm) .
View the "EEO is the Law (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/eeopost.pdf) " poster. View the EEO is the Law Supplement (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf) .
View the EEO Policy Statement (http://citi.com/citi/diversity/assets/pdf/eeo_aa_policy.pdf) .
View the Pay Transparency Posting (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp_%20English_formattedESQA508c.pdf)
Citi is an equal opportunity and affirmative action employer. Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.