The Information Security Program Lead Analyst is a senior level professional responsible for driving efforts to support governance, risk and compliance for CISO at Citi. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi’s cyber and information security policy. The role is part of the Global Cyber Risk & Issue Management and Reviews Team.

QUALIFICATIONS:

• Proficient in interpreting and applying policies, standards and procedures
• Consistently demonstrates clear and concise written and verbal communication
• Proven influencing and relationship management skills
• Proven analytical skills

EDUCATION:

• Bachelor’s degree/University degree or equivalent experience
• Master’s degree preferred
  This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
  -

MOST RELEVANT SKILLS

Please see the requirements listed above.
-

OTHER RELEVANT SKILLS

For complementary skills, please see above and/or contact the recruiter.
-
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.
If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View Citi’s EEO Policy Statement and the Know Your Rights poster

• Production of monthly IS metrics for multiple legal entities and regional governance bodies.
• Prepares periodic IS reports for senior management summarizing the risk posture for the business.
• Provides guidance preparing for audits, resolving audit findings and ensuring closure. Assists with the strengthening of controls and process to pass audits with a satisfactory audit rating for all IS topics with no major IS issues.
• Prepare and manage responses to regulatory bodies on behalf of the CISO regional leadership.
• Preparation of management information.
• Support governance of risk exceptions, issues, and corrective action plans.
• Ensures that approvals and reviews are executed when needed.
• Proactively engages with counterparts (in different disciplines) and teams to enhance risk oversight.
• Establishes communication channels with cross-sector ISOs with an aim of strengthening relationships to efficiently tackle security issues that span multiple businesses.
• Strong stakeholder management skills needed to effectively influence and communicate cyber risk.
• Proactively builds relationships across peers and stakeholders within the geographies.
• Focuses on process improvements, removing deficiencies and enhancing current tools for reducing overall risk profile.
• Participates in the IS community on committees and cross-business / functional opportunities.
• Attends and participate in internal/external forums and risk committees where appropriate.
• Demonstrates extensive understanding of IS standards and best practices across multiple disciplines.
• Complete additionally any other tasks in connection with the role but not detailed in the current job description, charged by the direct manager, supervisor, or the functional head.
• Support the implementation of the IS Training Plan, by verifying training participants completed the training and understand IS requirements.
• Ensure appropriate governance applied to regional cyber programs.
• Escalate significant risks to the Regional/Sector IS Leadership for information or required actions.
• Attend and participate in internal/external IS forums and risk committees when necessary.
• Manage audits in line with CISO expectations and in partnership with peers from other product lines.
• Ensure non-compliant items are resolved through coordination with colleagues across CISO and the legal entities.
• Support the CISO policies, standards, and initiatives development and implementation.
• Has the ability to operate with a limited level of direct supervision.
• Can exercise independence of judgement and autonomy.
• Acts as SME to senior stakeholders and /or other team members.