Citi Third Party Lead IS Assessor in Mexico

  • Primary Location: Mexico,Distrito Federal

  • Education: Bachelor's Degree

  • Job Function: Technology

  • Schedule: Full-time

  • Shift: Day Job

  • Employee Status: Regular

  • Travel Time: No

  • Job ID: 17063236


Infrastructure Tech Analyst


In accordance with Citi’s established Third Party Information Security Assessment (TPISA) process and framework, the essential duties are as follows:

  • Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers.

  • Perform assessments on-site at supplier locations or remotely via conference calls.

  • Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls.

  • Analyze the information to identify information security weaknesses or non-compliance with Citi standards.

  • Produce detailed documentation of assessments and perform threat analyses of gaps identified.

  • Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.

  • Register and manage issues related to the findings identified in the Third Party Information Security Assessment (TPISA), performing their follow-up with the Relationship Managers and Vendors representatives.


The successful candidate will have the following proven skills and experience:

  • 5 year of experience in a similar IT Audit, Assessor, or Information Security Officer role

  • Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains including:

  • Governance and risk management, access control, encryption, physical security, architecture and safety design, business continuity planning/ disaster recovery, network security, applications and operations security and incident management/compliance, as well as applicable laws and regulations.

  • Excellent technical or IT audit background of a wide variety of technologies, including server infrastructure and operating systems, network and internet/telecommunications, database architecture and intrusion detection/prevention systems.

  • Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques;

  • Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines;

  • Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately

  • Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person

  • Strong risk analysis and problem solving skills

  • Must be flexible to ensure assessments are performed by the mandated compliance date and be able to manage multiple assessments simultaneously;

  • Industry certification such as CISSP, CISA or CISM preferred, but not required in lieu of related successful and applicable experience and/or audit experience;

  • Must possess ability to communicate clear and concisely, both by phone and in person or by e-mail, in technical matters or not, mainly in Spanish.

  • English is 60% desirable

  • Bachelor degree in any career