• Competitive
  • Singapore
  • Permanent, Full time
  • Citibank NA
  • 20 Mar 18

AP Regional Markets BISO

AP Regional Markets BISO

  • Primary Location: Singapore,Singapore,Singapore
  • Other Location: Hong Kong SAR of PRC
  • Education: Bachelor's Degree
  • Job Function: Technology
  • Schedule: Full-time
  • Shift: Day Job
  • Employee Status: Regular
  • Travel Time: Yes, 25 % of the Time
  • Job ID: 17068446


The AP Regional Markets Business Information Security Officer (BISO) is a critical Business facing role and responsible for managing the Markets Business Stakeholders in the APAC region. The role is responsible for executing IS programs within the business units of APAC region (across several countries)  and also work with the other regions and Global team when needed. The BISO will work closely with Business, Operations & Technology teams and the overall ISO community to oversee and monitor adherence with Citi IS Policy and Standards, manage risk and provide Business advise on Information Security.
Key Responsibilities:
Focuses on Key BISO activities:
  • Ensure IS Risk assessments (ISRA) is conducted in accordance to Citi Standards by partnering with the business
  • Collaborate to create Risk Exceptions (REs) or Corrective Action Plans (CAPS) and track them to closure
  • Monitor Entitlement Reviews
  • Support business on IS matters during audit reviews and regulatory inspections
  • Report Security Incidents to management and provide relevant information to help business assess the impact
  • Oversee Electronic Transportable Media / Network File Transfer conducted by business
  • Validate third party issues and ensure management's awareness of the risk involved
  • Support MIS reporting and presentations on IS required monthly, weekly, quarterly for various business meetings.
Acts as a business partner:
  • Educates and advises the business on safe IS practices and current, changing, and/or recommended IS requirements
  • Work with the regulator, Association of Banks, Compliance and other Financial Institutions as needed
  • Coordinates IS activities with business plans
  • Articulates the value of IS controls and its bottom line impact
  • Seeks opportunities to enhance the efficiency of policies and processes
  • Assists in the IS education of new employees
  • Partners with coordinators in other disciplines (e.g., MCA, COB, Records Management, Fraud Management, Outsourcing, Compliance, etc.)
  • Support business in responding to clients' inquiries on cyber security and other IS controls
  • Minimize risk to the business
  • Provide guidance to business on implementing necessary control to mitigate significant IS threats and vulnerabilities
  • Support business to address instances of non-compliance in business processes/procedures, applications and outsourcing
  • Integrates IS in the day-to-day operations and culture of the business
  • Exercises oversight of the IS programs within the business, including programs, policies, and related reporting.
  • Assists in aligning IS plans with business objectives.
Builds and maintains supportive networks with key stakeholders and colleagues:
  • Communicates and interacts regularly with employees
  • Leverages the ISO network to pool resources, seek out best practices, and create efficiencies
  • Participates in the IS community on committees and cross-business/functional opportunities
  • Partners with application manager, GIDA or TISO as needed to address specific technical needs or requirements
  • Participate and where needed lead regional IS initiatives
  • Assist business units in preparation of Audit Risk and Reviews, by identifying deficiencies against Information Security Standards, construction of remediation plans and adherence to issue management standards by way of ensuring that Corrective Action Plans and Risk Acceptances are in place, including ad-hoc IS Risk related initiatives and projects.
  • Communicate regularly with the Regional and Group Information Security Officer to implement global and regional IS initiatives within the business.


  • Solid risk management skills and Information Security knowledge
  • Sound IT knowledge
  • Knowledge of key government regulations and local laws
  • Strong MS Office skills for creating metrics, presentations, and performing data analytics
  • Ability to articulate ideas to senior management, business staff as well as technology personnel.
  • Industry certifications: either one of CISA/CISSP/CISM preferred; the successful candidate will be expected to obtain an IS industry certification if not already held
  • Degree: at least a Bachelors' degree in either Computer Science/Engineering/Business/Finance; Masters' degree a plus Desired Work experience
  • At least 5 years in a similar ISO or risk and control role, or significant relevant business experience ; total work experience of at least 8 years
Other Requirements:
  • Solid risk management skills and Information Security knowledge
  • Sound IT knowledge
  • Knowledge of key government regulations and local laws
  • Excellent consulting and problem-solving/analytical skills.
  • Advanced presentation skills and program management
  • Good business communication skills
  • Team-player, proactive, assertive, service-oriented and has good people-skills.
  • Proven ability to manage multiple tasks and priorities.
  • Ability to manage tight time frames and communicate effectively with peers and management.
  • Flexibility to adapt to changing demands and priorities.
Education Level:  Bachelor's Degree
"In addition to the Singapore location, this role is being opened for recruitment also in Hong Kong given ICG business has no local BISO coverage within Hong Kong. If relevant candidates are available,  we intend to grow that support within Hong Kong to help manage the ICG business needs."
Singapore Singapore Singapore SG