Citi Information Security Officer ISO in Mexico
Primary Location: Mexico
Other Location: Latin America
Job Function: Technology
Shift: Day Job
Employee Status: Regular
Travel Time: Yes, 10 % of the Time
Job ID: 16075836
The Information Security Officeris responsible for managing risk, providing controls and compliance guidance, and support Business Areas and Development Units by ensuring compliance with Citi standards, policies, and procedures, liaising with internal and external auditors and coordinating audit responses.
Establish, maintain and manage an organization of effective Information Security at Banamex and its Affiliates
Ensuring that Information Security is managed as a Business Risk.
Ensure that the Business can prevent, detect and respond to any activity that might impact on its ability to provide essential services to customers in a secure manner.
Increase awareness of all employees about Information Security within the Region and identify specific Country or Business training needs.
Risk Management Responsibilities
Oversee the execution / maintenance of all Information Security programs ensuring that deliverables are completed per the global timelines
Establish high level discipline in addressing Information Security issues identified in the various IS programs.
Improve the effectiveness and efficiency of governance processes by proactively identifying risks, monitoring controls, and remediating issues
Applies in-depth understanding of concepts and procedures within own area and basic knowledge of other areas to resolve issues that have impact beyond own area.
Helps align business needs and objectives with IS program requirements.
Collaborates to create Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools (iCAPs, CIRAS, etc.).
Ensures IS Risk Assessment is performed according to Citi standards by partnering with the businesses throughout the ISRA process and determines the impact of control deficiencies
Collaborates and helps security incident response teams resolve and close the investigation of incidents with proactive suggestions.
Provides oversight to ensure that processes and projects are completed in a timely manner.
Ensures business compliance with IS policies, practices, and procedures.
Conducts periodic quality assurance reviews to identify areas of improvement.
Reporting and Governance Responsibilities
Analysis and identification of potential non-compliance issues
Contribute to ad-hoc requests and projects as required
Facilitate compliance to defined standards and develop tools to assist compliance
Identify opportunities for process improvement.
3+ years’ experience in IS and at least 3 IS programs including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment. Knowledge of key government regulations and local laws.
Project management experience.
Other Risk Management activities should be as Sector or business IS SME or some risk management role.
Excellent consulting and problem solving skills.
In depth knowledge of IS programs.
Advanced presentation skills, program management, and relationship management skills.
University degree in any technical or administration career is desirable; it could be replaced by 2-3 years of experience.
Professional certification, such as CISSP, CISM , CISA or willingness to obtain certification within 12-18 months of start date