27 ene
Citi
Xico
The Info Sec Prof Senior Analyst is an intermediate level position responsible for leading efforts to prevent, monitor and respond to information/data breaches and cyber-attacks.
The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.
**Responsibilities**:
- Identify potential information security (IS) risks and make recommendations for enhancement
- Collect and analyze security risk evidence and coordinate with internal and external compliance and auditing agencies / officials
- Execute meetings and communicate complex security topics and safe IS practices with all levels of the organization
- Ensure that controls are utilized daily and that non-compliance remediation is addressed
- Provide IS consulting services, including interpreting and/or clarifying information security policy, procedures, standards or concepts
- Assist with defining and implementing IS standards to align procedures and practices in compliance with Citi standards
- Educate and advise on safe information security practices and current, changing, and/or recommended information security requirements
- Validate compliance with IS policies, practices, and procedures, and resolve a variety of IS related issues in coordination with the business
- Assume informal/formal mentorship role within teams and assist with the coaching and training of new team members
- Has the ability to operate with a limited level of direct supervision.
- Can exercise independence of judgement and autonomy.
- Acts as SME to senior stakeholders and /or other team members.
**Qualifications**:
- 5-8 years of relevant experience
- Applicable Certifications or willingness to earn within 12 months of joining
- Consistently demonstrates clear and concise written and verbal communication
- Proven influencing and relationship management skills
- Proven analytical skills
**Education**:
- Bachelor's degree/University degree or equivalent experience
This job description provides a high-level review of the types of work performed.
Other job-related duties may be assigned as required.
- ** Activities description**
- Responsible for Third-Party Information Security Assessments (TPISA) process, covering the Latin American region including Mexico, reporting to the LATAM TPISA Utility.
- Contribute to the information security risk management keeping the teams' activities compliant to Citi's global institutional policies and regional or local regulations
- Serve as specialists for Latin America,
providing support to business areas and BISOs in the region in matters pertaining to the Third-Party Information Security Assessments (TPISA) program**Responsibilities**:
Accordance with Citi's established Third Party Information Security Assessment (TPISA) process and framework, the essential duties are as follows:
- Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers.
- Perform assessments on-site at supplier locations, including availability for travel to other countries in the region, or remotely via conference calls.
- Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls.
- Analyze the information to identify information security weaknesses or non-compliance with Citi standards.
- Produce detailed documentation of assessments and perform threat analyses of gaps identified.
- Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.
**Qualifications**:
- 5 years of experience in a similar IT Audit, Assessor, or Information Security Officer role
- Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains including:
- Excellent technical or IT audit background of a wide variety of technologies, including server infrastructure and operating systems, network and internet/telecommunications, database architecture and intrusion detection/prevention systems.
- Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques;
- Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines;
- Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately
- Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person, mainly in Spanish but English is also desirable
- Strong risk analysis and problem solving skills
- Must be flexible to ensure assessments are
Muestra tus habilidades a la empresa, rellenar el formulario y deja un toque personal en la carta, ayudará el reclutador en la elección del candidato.