Citi ISO Sr. Analyst in Mexico
Primary Location: Mexico,Distrito Federal
Job Function: Technology
Shift: Day Job
Employee Status: Regular
Travel Time: Yes, 10 % of the Time
Job ID: 16077762
Sr. Information Security Officer
The SR. ISO is responsible for managing risk, providing controls and compliance guidance, and support Business Areas by ensuring compliance with Citi standards, policies, and procedures, liaising with internal and external auditors and coordinating audit responses. The SR. ISO needs to expand the capability to address the increasing numbers of vulnerabilities and security issues found in production application environments and processes. Sr. ISO responsibilities include any special project that is related to IS programs and processes.
Manages IS Officer teams for one or more business areas, one or more of which may be complex and may have variable issues with significant impact over areas(s).
Manages ISOs and directs ISO activities for all aspects of the IS program
Establishes narrow communication with ISOs in the organization to provide direction, advice, and guidance
Establishes, maintains and manages an organization of effective Information Security at Banamex and its Affiliates
Ensures Information Security is managed as a Business Risk.
Participates in and promote within the Mexico Region assigned Information Security initiatives.
Develops Specific Regional or Country Information Security Programs when needed.
Ensures the efforts of Information Security are consistent across all entities of the Mexico Region.
Ensuring that Information Security is managed as a Business Risk. (S041 security model )
Risk Management Responsibilities
Applies in-depth understanding of concepts and procedures within the own area and basic knowledge of other areas to resolve issues that have impact beyond the own area.
Influences and negotiates with senior leaders across functions. Communicates with external parties as needed.
Manages and resolves the most complex and highly variable issues with substantial potential impact.
Oversees corporate IS efforts to ensure they are completed.
Participates in discussions about strategic solutions for the business.
Helps align business needs and objectives with IS program requirements.
Ensures essential procedures are followed and provides feedback in defining standards.
Periodically reviews metrics to analyze the effectiveness of the IS program in the business.
Provides oversight to ensure that processes and projects are completed in a timely manner.
Manages IS risk during the development of new products and applications, ensuring that risks are mitigated during the development process; e.g., ID/password, encryption, system configuration, access, and administration
Participates in the evaluation and selection of IS applications and systems.
Developed communication and diplomacy skills are required to persuade and influence others; may negotiate with external parties.
Provide expert advice and analyze information on S041 features, functionalities and operability based on users info queries.
Documentation and Administration of system S041 Encryption Keys
Overseeing and guaranteeing the S041 Users/Entitlements compliant Report feed to EERS
Review and analyze user request for integrating systems, transactions and/or screens to system S041 security model.
Reporting and Governance Responsibilities
Analysis and identification of potential non-compliance issues
Contribute to ad-hoc requests and projects as required
Analysis and identification of potential non-compliance issues (Catalog security model )
Contribute to ad-hoc requests and projects as required (Catalog security model )
Act as subject matter expert on Application Information Security topics during Audit meetings
Identify opportunities for process improvement
Participation in Corporate and Regional working groups
5+ years’ experience with all IS programs including, but not limited to, GIDA, IAM, Data Protection, Incident Management, Vulnerability Assessment; and Internal Control areas such as CoB, ORM, MCA, RM, etc.
3-4 years’ experience of People Management
Experience working across lines of business.
Working knowledge of IS regulatory issues as well as company products and services
Deep knowledge of Information Security / Risk and Controls
University degree is desirable in a technical or administrative career, it could be replaced by 3-5 years of experience
Professional certification, such as CISSP, CISM , CISA or willingness to obtain certification within 12-18 months of start date
Exhibit strong influencing / negotiation skills as well as written/verbal communication skills.