Overview
Citi Information Security Office (CISO) information risk & compliance role supports the APAC Citi Information Security Office group.
The candidate will help design, implement, and monitor risk and control frameworks, working with SMEs on internal and external audits, driving compliance of processes, infrastructure, and applications with Citi Policies, and contributing to effective management control assessments.
Although primary focus is APAC, the role influences global CISO risk and compliance processes.
Responsibilities
Manage and support multiple risk and control programs for the organization, defining strategy, approach, processes, quality, tools, and reporting to provide APAC risk management consistency within CISO.
Demonstrate strong understanding of APAC regulatory requirements (e.g., MAS 644, MAS 655, RBI, SEBI, APRA, HKMA, Bank Negara, etc.).
Socialize emerging risks with key stakeholders and establish mitigation strategies.
Identify engagement areas based on investment level, inherent risk, complexity of change, and other risk factors.
Execute risk control coverage strategy, ensure appropriate risk mitigation actions, and escalate to senior management as needed.
Supervise Risk Control team efforts and help prioritize and address roadblocks.
Assign key metrics (e.g., KRIs/KPIs) to monitor and manage operational risk, including controls assurance; ensure issues and corrective actions address gaps.
Oversee CAP remediation activities for audit and control issues, including quality completion of risk exception documentation and annual renewals.
Support remediation of corrective actions on assigned technology platforms for self-identified and audit issues, ensuring timely delivery and quality in line with IBAM.
Support technology platforms during internal and external audits; assist in audit deliverables, fieldwork, monitoring, and meetings.
Leverage reporting to identify trends, themes, and areas needing improved controls.
Drive Manager’s Control Assessment monitoring, quarterly approvals, and improvements required.
Assess risk in business decisions, uphold Citi’s reputation and safeguarding of clients and assets, ensure compliance with laws and regulations, follow policy, and escalate/report control issues with transparency; supervise others accordingly.
Complete tasks related to organizational activities as assigned by management.
Ideal Background
10+ years’ experience in risk and compliance.
Demonstrable information security risk knowledge from real-world environments.
Strong understanding of APAC regulatory requirements (MAS, RBI, SEBI, APRA, HKMA, Bank Negara, etc.).
Excellent communication skills for internal negotiations at senior levels; some external communication may be required.
Full management responsibility of a team or multiple teams.
Education
Bachelor’s degree or equivalent; Master’s degree potential.
Relevant professional qualifications in risk/security management (e.g., CISM, CISA, CISSP or equivalent).
Benefits
Opportunity to broaden knowledge of technology risk in a global financial services organization.
Long-term career path across geographies and business lines.
Friendly work atmosphere.
Competitive compensation package.
Flexible work arrangements.
Job Details
Job function: Management and Manufacturing
Industries: Banking, Financial Services, and Investment Banking
Employment type: Full-time
Seniority level: Not Applicable
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.
If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity, please review Accessibility at Citi and Citi’s EEO Policy Statement.
#J-18808-Ljbffr