Citi Information Security Officer in Mexico
Primary Location: Mexico,Distrito Federal
Education: Bachelor's Degree
Job Function: Technology
Shift: Day Job
Employee Status: Regular
Travel Time: Yes, 10 % of the Time
Job ID: 17052593
The Information Security Officer is responsible for managing risk, providing controls and compliance guidance, and support Business Areas and Development Units by ensuring compliance with Citi standards, policies, and procedures, liaising with internal and external auditors and coordinating audit responses.
Establish, maintain and manage an organization of effective Information Security at Banamex and its Affiliates
Ensuring that Information Security is managed as a Business Risk.
Ensure that the Business or Region can prevent, detect and respond to any activity that might impact on its ability to provide essential services to customers in a secure manner.
Ensure that the efforts of Information Security are consistent across all entities of the Region.
Aligns business needs and objectives with IS program requirements
Participate in and promote within the Region assigned Information Security initiatives.
Increase awareness of all employees about Information Security within the Region and identify specific Country or Business training needs.
Risk Management Responsibilities
Applies in-depth understanding of concepts and procedures within own area and basic knowledge of other areas to resolve issues that have impact beyond own area.
Influences and negotiates with senior leaders across functions. Communicates with external parties as needed.
Helps align business needs and objectives with IS program requirements.
Ensures essential procedures are followed and provides feedback in defining standards.
Educates management and employees about the value that IS brings to their organization.
Defines the appropriate controls for IS threats and documents business response.
Provides oversight to ensure that processes and projects are completed in a timely manner.
Ensures business compliance with IS policies, practices, and procedures.
Conducts periodic quality assurance reviews to identify areas of improvement.
Monitors CAPs and remediation efforts in response to security events, assessment and audit results.
Periodically reviews metrics to analyze the effectiveness of the IS program in the business.
Reporting and Governance Responsibilities
Analysis and identification of potential non-compliance issues
Contribute to ad-hoc requests and projects as required
Facilitate compliance to defined standards and develop tools to assist compliance
Identify opportunities for process improvement
Participation in Corporate and Regional working groups
3+ years’ experience in IS and at least 3 IS programs including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment. Knowledge of key government regulations and local laws.
Project management experience.
Other Risk Management activities should be as Sector or business IS SME or some risk management role.
Excellent consulting and problem solving skills.
In depth knowledge of IS programs.
Advanced presentation skills, program management, and relationship management skills.
Able to work with senior business management to implement IS strategy.
University degree is desirable, it could be replaced by 3-5 years of experience
Professional certification, such as CISSP, CISM , CISA or willingness to obtain certification within 12-18 months of start date
Exhibit strong influencing / negotiation skills as well as written/verbal communication skills.