• Competitive
  • Singapore
  • Permanent, Full time
  • Citibank NA
  • 2019-07-15

Senior Business Information Security Officer

Senior Business Information Security Officer

  • Primary Location: Singapore,Singapore,Singapore
  • Education: Bachelor's Degree
  • Job Function: Risk Management
  • Schedule: Full-time
  • Shift: Day Job
  • Employee Status: Regular
  • Travel Time: No
  • Job ID: 19022792


  • Responsible for managing all Information Security activity related to audit reviews conducted by Internal Audit, External Auditors for Banking and Technology reviews
  • Works closely with business/technology units to review control effectiveness as part of Audit preparedness exercises
  • Ensures that all aspects of the local Information Security program are in a state of continual control preparedness Ensures compliance to security practices and standards reducing likelihood of audit, regulatory and legal liabilities
  • Works closely with Technology and Business teams to conduct regular assessments for the various business processes/units Ensures that risks are highlighted and risk treatment plans are defined. Collaborates with business units for risk treatment/remediation
  • Demonstrates an in-depth understanding of how Information Security integrates within the overall Technology and Business functions to achieve objectives; requires a good understanding of the industry
  • Supports stakeholders within Enterprise Infrastructure, which are primarily technology organizations supporting various business sectors
  • A strong understanding of how these organizations function and how they provide quality service to their clients is required
  • Additionally, knowledge of the architecture and infrastructure technologies used by the business to assess the IS risk exposure to the business is beneficial.
  • Ensures alignment of IS program with business strategy and acts as a strategic partner for Enterprise Infrastructure business units by promoting partnerships and supporting the implementation and maintenance of an Information Security control framework
  • Proactively manages IS risk and control through the identification, escalation, and solution development for compliance and audit issues including direct interaction and coordination with business units, control officers, and other stakeholders
  • Analyses complex Information Security Issues, controls and provides adequate IS Governance or oversight for the businesses/departments supported
  • Engages with key internal and external stakeholders to support Citi's Intelligence Led Information Security strategy and is involved in external liaison activities with cyber threat industry associations, peer financial institutions, and information sharing communities
  • Provides a single point of contact on Information Security, and acts as consultant on Information Security topics, new projects, vendors, changes to processes, applications, infrastructure, IS risk assessments, management/oversight of IS governance, regional products and related activities for all business units across Enterprise Infrastructure business units in the region
  • Interface with Senior Management from across Enterprise Infrastructure to provide Risk Management and Information Security guidance in forums such as staff meetings, RCMC meetings and management offsite meetings
  • Supports the Business, ISOs and other Risk and Control stakeholders in the region on Information Security
  • Partners with BISOs, GISOs and Global IS Program Managers to improve processes and reduce risk for the organization Establishes working relationships with cross-sector ISOs with an aim of strengthening relationships to efficiently tackle security issues that span multiple businesses
  • Manages timeline and objectives of deliverables of all IS programs being driven across the franchise
  • Validates deliverables with other IS members to provide management oversight and objectively assess the progress for these programs
  • Participates in regional and corporate-level governance or program processes/committees to provide adequate representation for some aspect of program management e.g., ISRA Working Group, TPISA Working Group
  • Identifies potential requirements/enhancements to IS and IT standards, tools, and processes
  • Exercises control over policy formulation and planning


Skills / Knowledge / Experience:
  • 7+ years' experience in IS and at least 3 IS programs including, but not limited to, Audit Reviews, IS Risk Assessment, Awareness and Training, Identity Access and Management, Data Protection, Incident Management, Vulnerability Assessment. Knowledge of key government regulations and local laws
  • Knowledge and understanding of emerging risk areas e.g. mobile remote access, wireless technologies, cloud computing, etc. Strong technical exposure in technologies, e.g. databases, cloud computing, operating systems, virtualization technologies, networks, voice, etc.
  • Knowledge of local and global regulations; Strong Risk Management experience; Working knowledge of ISO 27001, COBIT, PCI DSS and ITIL framework
  • In depth knowledge of IS programs
  • Excellent communication skills required in order to negotiate internally or externally, often at a senior level
  • Excellent consulting and problem solving skills
  • Ability to analyze complex issues and present findings and potential solutions in plain-English to various levels of management
  • Able to convey ideas to senior management and staff
  • Presentation skills, program management, and relationship management skills
  • Able to work with senior business management to implement IS strategy
  • Minimum - Bachelor's degree or higher with a concentration in Information Technology, Cyber Security, or a related discipline
  • Preferred - Masters or higher preferred
  • CISSP, CISM, and/or CISA certification
  • The candidate will need to be a self-starter
  • Their work will need to be of a consistently high standard with a focus on timely and accurate delivery of information and reports
  • Take responsibility for ensuring work is complete, overcoming obstacles and challenges
  • Ability to influence staff and team members
  • Ensuring work is completed accurately and within time frames set
  • Ability to manage simultaneous tasks and priorities
  • Ability to manage aggressive time frames
  • Flexibility to adapt to changing demands and priorities