Citi Third Party Lead IS Assessor in Mexico
Primary Location: Mexico,Distrito Federal
Education: Bachelor's Degree
Job Function: Technology
Shift: Day Job
Employee Status: Regular
Travel Time: No
Job ID: 17063236
Infrastructure Tech Analyst
In accordance with Citi’s established Third Party Information Security Assessment (TPISA) process and framework, the essential duties are as follows:
Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers.
Perform assessments on-site at supplier locations or remotely via conference calls.
Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls.
Analyze the information to identify information security weaknesses or non-compliance with Citi standards.
Produce detailed documentation of assessments and perform threat analyses of gaps identified.
Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.
Register and manage issues related to the findings identified in the Third Party Information Security Assessment (TPISA), performing their follow-up with the Relationship Managers and Vendors representatives.
The successful candidate will have the following proven skills and experience:
5 year of experience in a similar IT Audit, Assessor, or Information Security Officer role
Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains including:
Governance and risk management, access control, encryption, physical security, architecture and safety design, business continuity planning/ disaster recovery, network security, applications and operations security and incident management/compliance, as well as applicable laws and regulations.
Excellent technical or IT audit background of a wide variety of technologies, including server infrastructure and operating systems, network and internet/telecommunications, database architecture and intrusion detection/prevention systems.
Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques;
Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines;
Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately
Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person
Strong risk analysis and problem solving skills
Must be flexible to ensure assessments are performed by the mandated compliance date and be able to manage multiple assessments simultaneously;
Industry certification such as CISSP, CISA or CISM preferred, but not required in lieu of related successful and applicable experience and/or audit experience;
Must possess ability to communicate clear and concisely, both by phone and in person or by e-mail, in technical matters or not, mainly in Spanish.
English is 60% desirable
Bachelor degree in any career