Third-Party Information Security Assessor (TPISA)
Indexed description
Responsibilities:
- Develop corrective action language for Information Security (IS) gaps and ensure risk closure meets Citi requirements or industry best practices
- Facilitate the implementation of approved IS tools and identify/recommend new or improved security solutions or emerging technologies
- Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions
- Ensure IS compliance and seek opportunities to enhance the efficiency of IS policies and procedures
- Identify significant IS threats and vulnerabilities, and define appropriate controls for discovered threats, documenting the business response
- Disseminate changes to IS regulations and standards to Business and Program owners
- Provide Information Security advice and counsel as needed
- Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
- 6-10 years of relevant experience
- Additional technical certifications are preferred
- Demonstrated ability to research and apply current information regarding the IS field
- Consistently demonstrates clear and concise written and verbal communication
- Proven influencing and relationship management skills
- Proven analytical skills
- Bachelor’s degree/University degree or equivalent experience
- Master’s degree preferred
- Activities description
- Responsible for Third-Party Information Security Assessments (TPISA) process, being part of the Americas TPISA Utility.
- Contribute to the information security risk management, keeping the teams’ activities compliant to Citi’s global institutional policies and regional or local regulations.
- Serve as specialist, providing support to business areas and ISOs in matters pertaining to the Third-Party Information Security Assessments (TPISA) program.
- Responsibilities:
- Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers.
- Perform assessments on-site at supplier locations, including availability for travel to other countries in the region, or remotely via conference calls.
- Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls.
- Analyze the responses and documentations to identify information security weaknesses or non-compliance with Citi standards.
- Produce detailed documentation of assessments and perform threat analyses of gaps identified.
- Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.
- 5 years of experience in a similar IT Audit, Assessor, or Information Security Officer role
- Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains including:
- Governance and risk management, access control, encryption, physical security, architecture and safety design, business continuity planning/ disaster recovery, network security, applications and operations security and incident management/compliance, as well as applicable laws and regulations.
- Excellent technical or IT audit background of a wide variety of technologies, including server infrastructure and operating systems, network and internet/telecommunications, database architecture and intrusion detection/prevention systems.
- Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques.
- Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines.
- Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately.
- Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person, mainly in Spanish but English is also desirable.
- Strong risk analysis and problem-solving skills.
- Must be flexible to ensure assessments are performed by the mandated compliance date and be able to manage multiple assessments simultaneously.
- Industry certifications such as CISSP, CISA or CISM are preferred, or capability to be certified in 12 months from the hiring date.
- Advanced English proficiency level is desirable.
- Bachelor´s degree/University degree or equivalent experience.
Job Family Group:
Technology
------------------------------------------------------
Job Family:
Information Security
------------------------------------------------------
Time Type:
Full time
------------------------------------------------------
Most Relevant Skills
Please see the requirements listed above.
------------------------------------------------------
Other Relevant Skills
For complementary skills, please see above and/or contact the recruiter.
------------------------------------------------------
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.
If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View Citi’s EEO Policy Statement and the Know Your Rights poster.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search