Vice President - Business Risk Information Security Analyst
Hong Kong, Hong Kong SAR

Key Responsibilities

Specific to this new role :

Review and address issues identified within various Information Security (IS) programs and ensure all IS issues related to Internal Audit, and External Auditors are closed by their original target date

Test and validate that the business complies with applicable IS requirements; develop and implement IS policies and procedures

Act as the point of escalation for issues identified by the relevant electronic communication surveillance team, with responsibilities to ensure completeness of investigation, root cause review, further escalation if necessary, and the requisite reporting..

Determine and validate appropriate level of controls are being implemented to safeguard sensitive data

Develop Corrective Action Plans for all Information Security / Data Privacy-related gaps and approve all closures through reviewing evidence to ensure each closure meets Citi Requirements

In general for the BCMA IBR&C team :

Oversight of internal controls, identification of key operational and emerging risks by ensuring appropriate review and continuous assessment, design and execution of those controls and compliance with regulations.

Maintain line-of-sight on risk and control matters across all countries in the APAC region with BCMA presence.

Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

Participate in various management forums at both the local and Regional levels. Keep BCMA management aware of the risk and control environment of the Business through continuous and open communication, by preparing and hosting Business Risk Committee meetings with Senior Management to present and follow-up on issues, concerns and correct action plans.

Update and maintain a robust global Manager’s Control Assessment (MCA) through Citi’s Governance, Risk and Control (GRC) framework.

Engage in the risk assessment process, controls and Key Risk Indicators (KRI) thresholds design, as well as continuous monitoring of Key Operational Risks (KORs) in compliance with Citi’s Operational Risk Management Policy.

Act as main point of contact for audit groups and ensure that all audit requests are timely and appropriately addressed.

Conduct root cause analysis on potential issues identified and support the business in the design of corrective and preventive action plans.

Discuss remediation plans with reviewers prior to validation stage.

Coordinate the implementation of global and regional risk and control projects and initiatives. Work with the relevant country franchise and Second Line teams (including processes tied to internal and external third parties) to map and document processes in order to achieve consistency while addressing local nuances.

Knowledge / Experience :

Strong experience in Information Security, Data Privacy, auditing, risk management or another oversight, monitoring function in the Financial Industry

Previous experience in corporate / investment banking and / or capital markets is a plus

Good understanding and knowledge of operational, conduct risk and internal control principles; ability to assess risk trends

Unquestionable ethics, an understanding of implications of decisions and client confidentiality

We are seeking candidates from a wide variety of backgrounds and value diversity.

Skills :

Proficient in Microsoft Office with an emphasis on MS Excel

A critical mindset paired with strong analytical skills and an interest to analyse data / processes to identify issues or control gaps

Ability to work independently with minimal direct supervision, and to excel under-pressure for meeting any tight deadlines

Strong communication skills (both written & verbal) at all organisational levels

Ability to demonstrate presence and professionalism particularly in critical, intense situations

Good organizational and time management skills, including the ability to prioritize tasks

Ability to partner efficiently within team environments and as an individual contributor

Pragmatic problem-solver with ability to identify and remediate root causes.

Cantonese and or Mandarin language skills would be an advantage


Thank you for reporting this job!

Your feedback will help us improve the quality of our services.

通過點擊“繼續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。