Citi TISO Sr. Analyst in Mexico
Primary Location: Mexico,Distrito Federal
Job Function: Technology
Shift: Day Job
Employee Status: Regular
Travel Time: Yes, 10 % of the Time
Job ID: 18010786
Sr. Information Security Officer
TISOs are the SMEs on application security.
These TISOs will participate in waterfall and agile projects ensuring that IS requirements are identified and properly implemented. In waterfall, the TISO will review and influence technical architecture and requirements documents. In agile, the TISO will work with the scrum teams directly, reviewing user stories and providing technical guidance on controls implementation.
In all cases, reviews will cover the following domains; authentication, authorization and access controls, data protection (storage and transmission); session management; logging/monitoring; systems infrastructure/integration.
In working with the development teams, TISOs also provide guidance on secure coding practices.
TISOs also influence the scope of vulnerability assessments that occur within the project lifecycle highlighting particular areas of risk or potential vulnerability on which the VA teams should focus.
In addition, the TISOs are called upon for IS consulting in ad-hoc cases as well as to provide formal threat modeling services in various instances.
We use the Microsoft DREAD threat model primarily.
Assists GISO (Group Information Security Officer) in activities related to all aspects of the Information Security program including technical ISO coordination, interviewing, and selection
Assists GISO in responding to security events by initiating and coordinating emergency actions to protect the business and its customers from an imminent loss of information or value
Implement security solutions according to Security Policy and Practices established by Citigroup.
Work with IT to develop processes and procedures to ensure information security policies and standards are integrated with the organization’s applications.
Defines secure application configurations leveraging technical knowledge and problem solving skills in accordance with the secure SDLC process.
Promote awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to IT.
Build and maintain relationship with IT to increase IS awareness within the development environments.
Interfaces with the business where technical IS solutions are required and advises on the impact to the bottom line while still satisfying business objectives.
Establishes and maintains relationships with domain architects, project managers, and others within the technology development unit.
Manages risk by analyzing the root cause of issues, impact to technology and required corrective actions leveraging advanced analytical skills.
Schedules, hosts, and drives meetings with multiple levels of technology management requiring strong communication, influence, and diplomacy skills to ensure that secure development procedures are addressed
Ability to periodically work across different time zones and areas.
5+ years’ experience with all IS programs including, but not limited to, GIDA, IAM, Data Protection, Incident Management, Vulnerability Assessment; and Internal Control areas such as CoB, ORM, MCA, RM, etc.
3-4 years’ experience of People Management
Experience working across lines of business.
Working knowledge of IS regulatory issues as well as company products and services
Deep knowledge of Information Security / Risk and Controls
University degree is desirable in a technical or administrative career, it could be replaced by 3-5 years of experience
Professional certification, such as CISSP, CISM , CISA or willingness to obtain certification within 12-18 months of start date
Exhibit strong influencing / negotiation skills as well as written/verbal communication skills.