Citi

Third-Party Information Security Assessor (TPISA)

Citi  •  Republic of Costa Rica (Onsite)  •  3 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

The Info Sec Prof Lead Analyst is an intermediate level position responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

Responsibilities:

  • Develop corrective action language for Information Security (IS) gaps and ensure risk closure meets Citi requirements or industry best practices
  • Facilitate the implementation of approved IS tools and identify/recommend new or improved security solutions or emerging technologies
  • Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions
  • Ensure IS compliance and seek opportunities to enhance the efficiency of IS policies and procedures
  • Identify significant IS threats and vulnerabilities, and define appropriate controls for discovered threats, documenting the business response
  • Disseminate changes to IS regulations and standards to Business and Program owners
  • Provide Information Security advice and counsel as needed
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.


Qualifications:

  • 6-10 years of relevant experience
  • Additional technical certifications are preferred
  • Demonstrated ability to research and apply current information regarding the IS field
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills


Education:

  • Bachelor’s degree/University degree or equivalent experience
  • Master’s degree preferred


This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

  • Activities description
  • Responsible for Third-Party Information Security Assessments (TPISA) process, being part of the Americas TPISA Utility.
  • Contribute to the information security risk management, keeping the teams’ activities compliant to Citi’s global institutional policies and regional or local regulations.
  • Serve as specialist, providing support to business areas and ISOs in matters pertaining to the Third-Party Information Security Assessments (TPISA) program.

  • Responsibilities:

Accordance with Citi’s established Third Party Information Security Assessment (TPISA) process and framework, the essential duties are as follows:

  • Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers.
  • Perform assessments on-site at supplier locations, including availability for travel to other countries in the region, or remotely via conference calls.
  • Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls.
  • Analyze the responses and documentations to identify information security weaknesses or non-compliance with Citi standards.
  • Produce detailed documentation of assessments and perform threat analyses of gaps identified.
  • Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.

Qualifications:

The successful candidate will have the following proven skills and experience:

  • 5 years of experience in a similar IT Audit, Assessor, or Information Security Officer role
  • Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains including:
    • Governance and risk management, access control, encryption, physical security, architecture and safety design, business continuity planning/ disaster recovery, network security, applications and operations security and incident management/compliance, as well as applicable laws and regulations.
  • Excellent technical or IT audit background of a wide variety of technologies, including server infrastructure and operating systems, network and internet/telecommunications, database architecture and intrusion detection/prevention systems.
  • Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques.
  • Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines.
  • Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately.
  • Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person, mainly in Spanish but English is also desirable.
  • Strong risk analysis and problem-solving skills.
  • Must be flexible to ensure assessments are performed by the mandated compliance date and be able to manage multiple assessments simultaneously.
  • Industry certifications such as CISSP, CISA or CISM are preferred, or capability to be certified in 12 months from the hiring date.

Education:

  • Advanced English proficiency level is desirable.
  • Bachelor´s degree/University degree or equivalent experience.

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi

View Citi’s EEO Policy Statement and the Know Your Rights poster.

Citi

About Citi

Citi's mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients. We have over 200 years of experience helping our clients meet the world's toughest challenges and embrace its greatest opportunities. We are Citi, the global bank – an institution connecting millions of people across hundreds of countries and cities.

For information on Citi’s commitment to privacy, visit on.citi/privacy.

Industry
Finance & Insurance
Company Size
10,000+ employees
Headquarters
New York, New York
Year Founded
1812
Social Media