Citi Information Security Officer ISO in Mexico

  • Primary Location: Mexico

  • Other Location: Latin America

  • Education: Other

  • Job Function: Technology

  • Schedule: Full-time

  • Shift: Day Job

  • Employee Status: Regular

  • Travel Time: Yes, 10 % of the Time

  • Job ID: 16075836


The Information Security Officeris responsible for managing risk, providing controls and compliance guidance, and support Business Areas and Development Units by ensuring compliance with Citi standards, policies, and procedures, liaising with internal and external auditors and coordinating audit responses.


  • Establish, maintain and manage an organization of effective Information Security at Banamex and its Affiliates

  • Ensuring that Information Security is managed as a Business Risk.

  • Ensure that the Business can prevent, detect and respond to any activity that might impact on its ability to provide essential services to customers in a secure manner.

  • Increase awareness of all employees about Information Security within the Region and identify specific Country or Business training needs.

Risk Management Responsibilities

  • Oversee the execution / maintenance of all Information Security programs ensuring that deliverables are completed per the global timelines

  • Establish high level discipline in addressing Information Security issues identified in the various IS programs.

  • Improve the effectiveness and efficiency of governance processes by proactively identifying risks, monitoring controls, and remediating issues

  • Applies in-depth understanding of concepts and procedures within own area and basic knowledge of other areas to resolve issues that have impact beyond own area.

  • Helps align business needs and objectives with IS program requirements.

  • Collaborates to create Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools (iCAPs, CIRAS, etc.).

  • Ensures IS Risk Assessment is performed according to Citi standards by partnering with the businesses throughout the ISRA process and determines the impact of control deficiencies

  • Collaborates and helps security incident response teams resolve and close the investigation of incidents with proactive suggestions.

  • Provides oversight to ensure that processes and projects are completed in a timely manner.

  • Ensures business compliance with IS policies, practices, and procedures.

  • Conducts periodic quality assurance reviews to identify areas of improvement.

Reporting and Governance Responsibilities

  • Analysis and identification of potential non-compliance issues

  • Contribute to ad-hoc requests and projects as required

  • Facilitate compliance to defined standards and develop tools to assist compliance

  • Identify opportunities for process improvement.



  • 3+ years’ experience in IS and at least 3 IS programs including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment. Knowledge of key government regulations and local laws.

  • Project management experience.

  • Other Risk Management activities should be as Sector or business IS SME or some risk management role.

  • Excellent consulting and problem solving skills.

  • In depth knowledge of IS programs.

  • Advanced presentation skills, program management, and relationship management skills.

  • University degree in any technical or administration career is desirable; it could be replaced by 2-3 years of experience.

  • Professional certification, such as CISSP, CISM , CISA or willingness to obtain certification within 12-18 months of start date

  • English 80%.