Citi ISO Sr. Analyst in Mexico

  • Primary Location: Mexico,Distrito Federal

  • Education: Other

  • Job Function: Technology

  • Schedule: Full-time

  • Shift: Day Job

  • Employee Status: Regular

  • Travel Time: Yes, 10 % of the Time

  • Job ID: 16076572



The Information Security Officeris responsible for managing risk, providing controls and compliance guidance, and support Business Areas and Development Units by ensuring compliance with Citi standards, policies, and procedures, liaising with internal and external auditors and coordinating audit responses.


  • Establish, maintain and manage an organization of effective Information Security at Banamex and its Affiliates

  • Ensuring that Information Security is managed as a Business Risk.

  • Ensure that the Business or Region can prevent, detect and respond to any activity that might impact on its ability to provide essential services to customers in a secure manner.

  • Ensure that the efforts of Information Security are consistent across all entities of the Region.

  • Aligns business needs and objectives with IS program requirements

  • Participate in and promote within the Region assigned Information Security initiatives.

  • Increase awareness of all employees about Information Security within the Region and identify specific Country or Business training needs.

Risk Management Responsibilities

  • Oversee the execution / maintenance of all Information Security programs ensuring that deliverables are completed per the global timelines

  • Establish high level discipline in addressing Information Security issues identified in the various IS programs.

  • Improve the effectiveness and efficiency of governance processes by proactively identifying risks, monitoring controls, and remediating issues

  • Establish communication channels with cross-sector ISOs with an aim of strengthening relationships to efficiently tackle security issues

  • Communicates updates and changes to the global standards for all the ISO community

  • Applies in-depth understanding of concepts and procedures within own area and basic knowledge of other areas to resolve issues that have impact beyond own area.

  • Influences and negotiates with senior leaders across functions. Communicates with external parties as needed.

  • Helps align business needs and objectives with IS program requirements.

  • Ensures essential procedures are followed and provides feedback in defining standards.

  • Educates management and employees about the value that IS brings to their organization.

  • Defines the appropriate controls for IS threats and documents business response.

  • Provides oversight to ensure that processes and projects are completed in a timely manner.

  • Ensures business compliance with IS policies, practices, and procedures.

  • Conducts periodic quality assurance reviews to identify areas of improvement.

  • Monitors CAPs and remediation efforts in response to security events, assessment and audit results.

  • Periodically reviews metrics to analyze the effectiveness of the IS program in the business.

Reporting and Governance Responsibilities

  • Analysis and identification of potential non-compliance issues

  • Contribute to ad-hoc requests and projects as required

  • Facilitate compliance to defined standards and develop tools to assist compliance

  • Identify opportunities for process improvement

  • Participation in Corporate and Regional working groups



  • 5+ years’ experience in IS and at least 3 IS programs including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment. Knowledge of key government regulations and local laws.

  • Project management experience.

  • Other Risk Management activities should be as Sector or business IS SME or some risk management role.

  • Excellent consulting and problem solving skills.

  • In depth knowledge of IS programs.

  • Advanced presentation skills, program management, and relationship management skills.

  • Able to work with senior business management to implement IS strategy.

  • University degree, in any technical or adminstration career is desirable.

  • Professional certification, such as CISSP, CISM , CISA or willingness to obtain certification within 12-18 months of start date

  • Exhibit strong influencing / negotiation skills as well as written/verbal communication skills.

  • English 80%