Citi Information Security Officer in Mexico

  • Primary Location: Mexico,Distrito Federal

  • Education: Bachelor's Degree

  • Job Function: Technology

  • Schedule: Full-time

  • Shift: Day Job

  • Employee Status: Regular

  • Travel Time: Yes, 10 % of the Time

  • Job ID: 17052593


Descripción :

The Information Security Officer is responsible for managing risk, providing controls and compliance guidance, and support Business Areas and Development Units by ensuring compliance with Citi standards, policies, and procedures, liaising with internal and external auditors and coordinating audit responses.


  • Establish, maintain and manage an organization of effective Information Security at Banamex and its Affiliates

  • Ensuring that Information Security is managed as a Business Risk.

  • Ensure that the Business or Region can prevent, detect and respond to any activity that might impact on its ability to provide essential services to customers in a secure manner.

  • Ensure that the efforts of Information Security are consistent across all entities of the Region.

  • Aligns business needs and objectives with IS program requirements

  • Participate in and promote within the Region assigned Information Security initiatives.

  • Increase awareness of all employees about Information Security within the Region and identify specific Country or Business training needs.

Risk Management Responsibilities

  • Applies in-depth understanding of concepts and procedures within own area and basic knowledge of other areas to resolve issues that have impact beyond own area.

  • Influences and negotiates with senior leaders across functions. Communicates with external parties as needed.

  • Helps align business needs and objectives with IS program requirements.

  • Ensures essential procedures are followed and provides feedback in defining standards.

  • Educates management and employees about the value that IS brings to their organization.

  • Defines the appropriate controls for IS threats and documents business response.

  • Provides oversight to ensure that processes and projects are completed in a timely manner.

  • Ensures business compliance with IS policies, practices, and procedures.

  • Conducts periodic quality assurance reviews to identify areas of improvement.

  • Monitors CAPs and remediation efforts in response to security events, assessment and audit results.

  • Periodically reviews metrics to analyze the effectiveness of the IS program in the business.

Reporting and Governance Responsibilities

  • Analysis and identification of potential non-compliance issues

  • Contribute to ad-hoc requests and projects as required

  • Facilitate compliance to defined standards and develop tools to assist compliance

  • Identify opportunities for process improvement

  • Participation in Corporate and Regional working groups


Calificaciones :

  • 3+ years’ experience in IS and at least 3 IS programs including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment. Knowledge of key government regulations and local laws.

  • Project management experience.

  • Other Risk Management activities should be as Sector or business IS SME or some risk management role.

  • Excellent consulting and problem solving skills.

  • In depth knowledge of IS programs.

  • Advanced presentation skills, program management, and relationship management skills.

  • Able to work with senior business management to implement IS strategy.

  • University degree is desirable, it could be replaced by 3-5 years of experience

  • Professional certification, such as CISSP, CISM , CISA or willingness to obtain certification within 12-18 months of start date

  • Exhibit strong influencing / negotiation skills as well as written/verbal communication skills.

  • English 70%