Security Assessment Governance Analyst

Information Security is a primary area of focus for Citi. The CISO Global Security Assessments organization partners with software development and engineering teams and assesses applications, technology products and cloud services they deliver. This key position will be at the heart of the Security Assessment process and play a key role in ensuring regulatory compliance and professional quality of the security assessment work, and providing audit support related to security assessments.

Responsibilities:

• Establish controls framework for governing information security assessment processes in Citi. Operate and continuously monitor this framework, look for areas for improvement and lead initiatives for optimizing it.

• Ensure Citi’s security assessment criteria are consistent and map Citi standards correctly.

• Liaise with owners of information security standards to stay on top of changes; provide standard owners feedback and partner with them to align standards with practice.

• Liaise with cyber security architects and regulatory and compliance teams, translate their input into security assessment processes. Support businesses in case of any regulatory non-compliance.

• Identify and publish best practices practices for Citi’s security assessment criteria; partner with engineering and development teams to educate them and to gather feedback.

• Ensure security assessment processes are documented and are in line with practice.

• Support any audited partners with respect to security assessment, provide security assessments related deliverables, and represent the Security Assessment team on the audit.

• Manage any audits on Security Assessments, in partnership with risk teams. Partner with other teams to ensure audit readiness for the Security Assessment organization.

• Lead audit preparation efforts related to security assessment processes, identify, investigate problematic cases to find a solution, escalate when needed.

• Liaise with auditors on their expectations regarding security assessment processes.

Qualifications:

• Degree in a related discipline is strongly preferred.

• At least 3-4 years of experience in similar role, such as information security governance, risk management, compliance or audit.

• CISSP, CISM, CISA or CCSP exam, or willingness to pass one of these within one year.

• A broad overview of information security disciplines and governance frameworks (ISO 27001, CobIT, NIST Cybersecurity Framework).

• Fluency in English

• Security mindset; ability to think the way an attacker would think.

• Ability and willingness to both read and write technical documentation.

• Ability to oversee an IT architecture and assess it in terms of security. Ability to learn and understand new technologies and systems.

• Experience in multiple domains of IT or security, such as network security, identity management, key management, cloud security, software development, devsecops, etc. Hands-on experience in some areas is a plus.

• Communication – excellent writing and verbal skills, ‘can do’ attitude.

Education:

• Bachelor’s degree/University degree or equivalent experience

• Master’s degree preferred

What we can offer you:

By joining Citi Hungary, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive compensation package and enjoy a whole host of additional benefits that support you (and your family) to be well, live well and save well:

• Cafeteria Program

• Home Office Allowance (for colleagues working in hybrid work models)

• Paid Parental Leave Program (maternity and paternity leave)

• Private Medical Care Program and onsite medical rooms at our offices

• Pension Plan Contribution to voluntary pension fund

• Group Life Insurance

• Employee Assistance Program

• Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed

• Flexible work arrangements to support you in managing work - life balance

• Career progression opportunities across geographies and business lines

• Socially active employee communities with diverse networking opportunities

Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self every day.  We want the best talent around the world to be energized to join us, motivated to stay, and empowered to thrive. 

Sounds like Citi has everything you need? Then apply to discover the true extent of your capabilities.

#LI -OD1

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.