• Competitive
  • Singapore
  • Permanent, Full time
  • Citibank NA
  • 22 Nov 17

Regional Business Information Security Officer - GCG

Regional Business Information Security Officer - GCG

  • Primary Location: Singapore,Singapore,Singapore
  • Education: Bachelor's Degree
  • Job Function: Technology
  • Schedule: Full-time
  • Shift: Day Job
  • Employee Status: Regular
  • Travel Time: Yes, 10 % of the Time
  • Job ID: 17060008


Description

  • Work with ASPAC GCG Group Information Security Officer (GISO) as well as Global Information Security team, as needed to manage IS programs, Shared services and operations for Asia Pacific
  • The primary responsibility of this role is to serve as engagement manager for Information Security to the Business and Product Leader(s) within ASPAC Regional GCG LOB to provide Information Security advice, business risk advice and risk mitigation approaches by engaging Global and Regional SMEs across various domains of Information Security
  • Ensure Business initiatives and related - design and approach is reviewed from an IS perspective and support the Business to effectively implement new products and solutions in line with Citi's Information Security Policies and Standards
  • Work with the ASPAC GCG GISO to develop easy to use Information Security standards for the relevant GCG business which are mandatory and which can be managed with relevant mitigating controls. The personnel must have both the aptitude and knowledge to review the policy and controls with the risk based rationale given the nature of the business and the Products leveraged
  • Work closely with the Global IS office and ensure alignment to various IS programs in the region as well as collaborate on new products, associated risks and its management
  • Provide management and leadership support to the ASPAC GCG GISO including being the second-in-command when needed and as part of succession planning
  • Ensure coverage and oversight of BAU operational needs, where needed for the GCG domains and manage IS escalations effectively
  • Implement & monitor corporate IS Policies / Programs in the region in collaboration with the global IS functions, with focus on the corporate Fast Track and High Focus IS programs
  • Implement IS Programs like TPISA, ISRA etc., for the AP Region both in terms of program roll-out and metrics management
  • Engage in Cyber security related events, exercises and client response / presentations to support the relevant business.
  • Understand and implement requirements from other relevant Citigroup policies, legal and regulatory requirements that impact IS and Technology Risk Management
  • Develop a strong understanding of the business to be able to engage with the ISOs from the Technical team as well as other domains to be able to interpret how technical requirements of the IS Policy and provide appropriate consultation to the businesses on the resolution options
  • Manage all relevant IS metrics specific to ASPAC region and countries as needed and provide early & timely detection, reporting, escalation and remediation of IS risks and outstanding issues
  • Explore and implement solutions to efficiently manage the IS programs and simplify the processes
  • Demonstrate a comprehensive understanding of how areas of IS controls collectively integrate to contribute to achieving business goals (good financial industry knowledge is expected)
  • Provide oversight to ensure that processes and projects are completed in a timely manner
  • Monitor IS related Risk Exceptions, Corrective Action Plans and remediation efforts in response to security events, Security assessments and audits
  • Maintain up-to-date knowledge of the status of all IS programs and initiatives in the business
*LI-SG

Qualifications

  • University Degree and CISA/CISM/CISSP certification(s)
  • 8 to 10 years of solid experience in business engagement for Information Security, Risk or Control & Compliance, IT Analysis / Design, Program / Project Management, Information Security, Risk or Control & Compliance
  • Strong collaborative and communication skills. Highly dependable team player with ongoing commitment to excellence
  • Ability to interface with Senior management from the supported Business Units and present/articulate IS related concerns and improvements
  • Strong aptitude, detail oriented, be accountable and ensure the business trust is established as well as ability to clearly separate the difference between the Technology and Business needs of the Information Security impact from policy, issue, incident etc.
  • Organized, self-motivated and able to work independently with minimal supervision in a fast-paced environment and with tight schedules
  • Be available to team and management for providing solutions, support and guidance
  • Ability to influence IS team members across various countries in the ASPAC region and work closely with other Line of Business ISO and related ISO community
  • Collaborative, can-do attitude, ownership minded, strong analytical and execution capability
  • Excellent communication and interface skills. Proficiency in any local Asian languages would be an advantage
  • Ability to operate in diverse environments and cultures
  • In depth knowledge of Operations & Processes, ideally across multiple geographies
  • Must be highly organized and have strong project management skills
  • Able to operate and articulate effectively in a matrix environment