Info Sec Prof Lead Analyst - C13 - HEREDIA

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Job Overview

The Cyber Policy Governance & Consequence Management Team is a centralized team responsible for overseeing the cybersecurity policy process that provide management and operational controls to reduce risk and achieve regulatory compliance. The team helps cybersecurity program owners to align policy requirements with industry frameworks and regulatory expectations and manages the cybersecurity policy document workflow through iterative drafts, working group reviews, and governing body approvals. Additionally, consequence management plays a critical role in the risk reduction of potential CIA principles compromise by collaborating with investigative functions, HR, & legal in supporting the enterprise disciplinary framework.
Responsibilities:

• Supports the strategy for anchoring our standards in a modern control framework, aligning requirements to Citi’s cybersecurity risk tolerance, and establishing compliance monitoring as well as consequences for noncompliance.
• Oversees the cybersecurity policy process and ensures policy owners adheres to the enterprise policies.
• Closes gaps in control coverage, defines clear, measurable, and prescriptive requirements, and aligning with Citi’s global technology and risk management policy and standard requirements, as well as Citi’s global policy governance processes.
• Establishes and maintains strong connections across the Cybersecurity organization and makes recommendations to senior leadership regarding policy and control enhancements
• Assesses information security investigation reports for accuracy, completeness, and fairness of an investigation prior to issuing disciplinary actions.
• Identifies gaps and challenges any statements or conclusions that lack clear evidentiary backing for violations against information security policies.
• Articulates the rationale and supporting evidence for disciplinary actions to senior management

Qualifications:

• 6-10 years of relevant experience in the Information Security field
• Policy writing expertise, with the ability to present information clearly and concisely to a wide breadth of stakeholders / senior management
• Risk management experience, including regulatory assessments, audit interaction, and enterprise control frameworks
• Knowledge of industry control frameworks (e.g., CRI Profile, FFIEC CAT, NIST)
• Understanding of how investigations are conducted, including evidence collection, interview techniques, chain of custody, and forensic analysis - preferred
• Understanding of organizational risks and how investigations contribute to mitigating them.
• Ability to meticulously examine documents, data, and statements for subtle discrepancies, omissions, or inconsistencies.
• Excellent written and verbal communication skills
• Highly organized and capable of overseeing numerous endeavors
• Excels at orchestrating complex, multi-faceted projects
• Ability to motivate and manage by influence
• Self-starter who requires minimal supervision
• Results-oriented, high-energy, self-motivated
• Technical skills (e.g., system and network security, application security) preferred

Education:

• BA/BS degree or equivalent experience
• Master’s degree preferred
• Relevant certification (e.g., CISA, CISSP, CISM) preferred

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.