Information Security and Continuity of Business & Controls Senior Manager-[C13-VP] 253194

  • Competitive
  • Shanghai, Shanghai Shi, China
  • Permanent, Full time
  • Citi China Company Limited 花旗中国
  • 19 Sep 17

Information Security and Continuity of Business & Controls Senior Manager-[C13-VP] 253194

  • Primary Location: China,Shanghai,Shanghai
  • Education: Bachelor's Degree
  • Job Function: Technology
  • Schedule: Full-time
  • Shift: Day Job
  • Employee Status: Regular
  • Travel Time: Yes, 10 % of the Time
  • Job ID: 17062436


Job Function and Scope
  • Leading CTI China for compliance with Citigroup technology infrastructure related standard policies and procedures as well as local regulatory requirements. 

  • Covering whole country

Duties & Responsibilities
  • Support CTI management for all risk and control activities.  Drive a proactive Risk Management Framework and risk cautious culture.  Enhance CTI China risk profile in line with the changing environment. 
  • Carry out TI Risk and Control initiatives and activities.  Be responsible for CTI policy and standard procedure execution and compliance include change, I&P, Info. Sec, COB, OSP & vendor management, record management etc. 
  • Ensure safe and sound internal controls by proactively identifying, escalating and addressing issues in a timely manner.
  • Be responsible for Internal Audit and ensure of the satisfactory result.  Follow up for interview, audit deliverables, audit report discussion and review as well as issue confirmation and remediation. 
  • Coordinate for all external audits include KPMG SOC1 audit, ISO 9001 & 27001 surveillance audit, IT system classified protection annual assessment and ad hoc regulator on-site inspection.  Liaise with regional R&C and operation platforms for deliverables of audit requirement.
  • Be responsible for risk and control for CNDC and server room.  Working closed with regional supporting platforms for compliance with Citi standard as well as local regulator requirement for Data Center.
  • Lead the independent assess for the controls effectiveness and determine the potential impact of any control failures and corrective action required.   Conduct the Manager Control Assessment (MCA) with effective rating every quarter.  Ensure timely and high quality of MCA testing.  Ensure self-identified issue in MCA has CAP documented and on track for follow up until closure.
  • Comply with requirements for Local regulatory reporting directive.  Ensure the completeness, accuracy and timely submission of various local regulatory reports
  • Provide TI related risk and issue advisory and policy consultation
  • Serve as a member of the IT incident response team
  • Implement the TI related Regulatory Compliance Process and manage its ongoing execution
  • Follow regulatory new guideline and policy.  Bridge the regional and local team to ensure the gap analyze is conducted and necessary remediation implemented.  Complete the iTRAC timely.
  • Raise CAP for self-identified issue as well as internal and external audit/regulatory review finding.  Ensure all CAPs are closed before due date
  • For TI specific law and regulation, proactively conduct TI related regulation gap analysis and remediation plan.
  • Coordinate for the annual knowledge sharing training for APPC to CCCL tech team.


Qualification & Skill required

  • University degree, IT related (or engineering quality related)
  • 5-8Y working experience in risk and control field. Intensive understanding and experienced in control and compliance process.
  • Good knowledge of Quality principles and enforcing best practices within technology operations.
  • Experience in audit, compliance, ISO certification
  • Knowledge of LAN, WAN, and voice environment and technical control to monitor such environments
  • Good documentation sense and skill.  Good command for English both orally and in written.
  • Skill of convincing people, systematic methodology and dedicated personality, team player
  • Working under pressure and task driven to fulfill roles assignment Working under pressure and task driven to fulfill roles assignment