Asia TTS Business Information Security Officer
Citigroup Inc
Hong Kong, Hong Kong, HKG


Asia TTS Business Information Security Officer - Vice President


  • Communicates and interacts regularly with employees and business management on IS related programs, policies, and standards Integrates Business and Regional GISO priorities into day-to-day business
  • Communicates with the Business and Regional GISOs and business managers; escalates as appropriate
  • Provides general IS consulting services including interpretation and / or clarification
  • Supports the business by reviewing Third Party contract language as it relates to ISExercises oversight to the IS program within the business, including programs, policies, and related reporting
  • Helps security incident response teams resolve and close the investigation of incidents with proactive suggestions
  • Assists in the definition and implementation of IS standards at the business level to ensure that procedures and practices comply with Citi standards
  • Participates in the IS community on committees and cross-business / functional opportunities
  • Enforces compliance; demonstrates extensive understanding of IS standards and best practices across multiple disciplines
  • Reviews status of business IS program and oversees corrective action when necessary
  • Develops corrective action language for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets Citi requirements or industry best practices
  • Collaborates to create Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools (iCAPs, CIRAS, etc.)
  • Ensures that approvals and reviews are executed when needed
  • Performs IS awareness and training activities, including IS education of new employees.
  • Ensures IS awareness materials are distributed per CISS requirementsMonitors / tracks IS training per CISS requirements
  • Assists with Third Party IS Assessment (TPISA) follow-up
  • Ensures IS Risk Assessment is performed according to Citi standards by partnering with the businesses throughout the ISRA process and determines the impact of control deficiencies
  • Ensures Information Owners periodically review CSI IS-related information and it is accurate
  • Engages a TISO, SME or another senior ISO where additional technical knowledge is required
  • Educates and advises the business on safe IS practices and current, changing, and / or recommended IS requirements
  • Plans and executes the IS strategy Provides periodic IS risk management reports highlighting key issues and corrective action plans
  • Coordinates IS activities with business plans
  • Articulates the value of IS controls and its bottom line impact
  • Seeks opportunities to enhance the efficiency of policies and procedures
  • Partners with business coordinators in other disciplines; e.g., MCA, CoB, Records Management, Fraud Management, etc.
  • Reviews IS action plans with management and monitors implementation of approved plans
  • Leverages the ISO network to pool resources, seek out best practices, and create efficiencies
  • Monitors vulnerability assessments and ethical hacks, ensuring that issues are addressed for all applications that are not managed by Citi technology groups;
  • for example, vendor-managed / hosted

  • Manages risk by analyzing the root cause of issues, impact to business, and required corrective actions by leveraging analytical skills
  • Guides the business to ensure that IS risks, controls, and tests are embedded in the IS component of MCA
  • Enhance IS posture of the business through reports, presentations, awareness and ad-hoc trainings
  • Qualifications

  • Soft skills (team player, able to communicate fluently in English written / spoken across multiple levels staff all the way to senior management)
  • Strong MS office skills (especially with Word / Excel / PowerPoint) are critical
  • Industry certifications : either one of CISA / CISSP / CISM preferred; the successful candidate will be expected to obtain an IS industry certification if not already held
  • Degree : at least a Bachelors’ degree in either Computer Science / Engineering / Business / Finance; Masters’ degree a plus Desired Work experience
  • At least 3 years in a similar ISO or risk and control role, or significant relevant business experience ; total work experience of at least 8 years
  • 申請
    通過點擊“繼續”,我允許neuvo同意處理我的數據並向我發送電子郵件提醒,詳見neuvo的 隱私政策 。我可以隨時撤回我的同意或退訂。