Skip to main content

Third-Party Information Security Assessor (TPISA)

Job Req Id:

26968587

Location(s):

Heredia, Provincia de Heredia, Costa Rica

Job Type:

Hybrid

Posted:

Jul. 03, 2026

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Job Overview

The Info Sec Prof Lead Analyst is an intermediate level position responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

Responsibilities:

  • Develop corrective action language for Information Security (IS) gaps and ensure risk closure meets Citi requirements or industry best practices
  • Facilitate the implementation of approved IS tools and identify/recommend new or improved security solutions or emerging technologies
  • Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions
  • Ensure IS compliance and seek opportunities to enhance the efficiency of IS policies and procedures
  • Identify significant IS threats and vulnerabilities, and define appropriate controls for discovered threats, documenting the business response
  • Disseminate changes to IS regulations and standards to Business and Program owners
  • Provide Information Security advice and counsel as needed
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.


Qualifications:

  • 6-10 years of relevant experience
  • Additional technical certifications are preferred
  • Demonstrated ability to research and apply current information regarding the IS field
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills


Education:

  • Bachelor’s degree/University degree or equivalent experience
  • Master’s degree preferred


This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

  • Activities description

  • Responsible for Third-Party Information Security Assessments (TPISA) process, being part of the Americas TPISA Utility.
  • Contribute to the information security risk management, keeping the teams’ activities compliant to Citi’s global institutional policies and regional or local regulations.
  • Serve as specialist, providing support to business areas and ISOs in matters pertaining to the Third-Party Information Security Assessments (TPISA) program.

  • Responsibilities:

Accordance with Citi’s established Third Party Information Security Assessment (TPISA) process and framework, the essential duties are as follows:

  • Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers.
  • Perform assessments on-site at supplier locations, including availability for travel to other countries in the region, or remotely via conference calls.
  • Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls.
  • Analyze the responses and documentations to identify information security weaknesses or non-compliance with Citi standards.
  • Produce detailed documentation of assessments and perform threat analyses of gaps identified.
  • Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.

Qualifications:

The successful candidate will have the following proven skills and experience:

  • 5 years of experience in a similar IT Audit, Assessor, or Information Security Officer role
  • Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains including:
    • Governance and risk management, access control, encryption, physical security, architecture and safety design, business continuity planning/ disaster recovery, network security, applications and operations security and incident management/compliance, as well as applicable laws and regulations.
  • Excellent technical or IT audit background of a wide variety of technologies, including server infrastructure and operating systems, network and internet/telecommunications, database architecture and intrusion detection/prevention systems.
  • Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques.
  • Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines.
  • Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately.
  • Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person, mainly in Spanish but English is also desirable.
  • Strong risk analysis and problem-solving skills.
  • Must be flexible to ensure assessments are performed by the mandated compliance date and be able to manage multiple assessments simultaneously.
  • Industry certifications such as CISSP, CISA or CISM are preferred, or capability to be certified in 12 months from the hiring date.

Education:

  • Advanced English proficiency level is desirable.
  • Bachelor´s degree/University degree or equivalent experience.

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.

A man walks his dog, enjoying a well-earned break from work.

Global Benefits

Discover the top benefits offered to our global workforce, designed to support your well-being, growth and work-life balance. Explore a few of the highlights that make working with us rewarding.

Learn About Global Benefits

A woman enjoying work-life balance with her family

Explore More Jobs

  • Early Career Talent Network

    Sign up to receive personalized job matches based on your skills and interests. We'll help you discover opportunities that align with your goals.

    Join Early Career Network

  • 4 people standing on a staircase

    Career Professionals Talent Network

    Sign up to receive tailored job matches based on your skills and experience. Discover opportunities that align with your ambitions.

    Join Career Professionals Network