Job opening - Business Information Security Officer at Citi (Warren, NJ; Cincinnati, OH; Irving, TX)

Business Information Security Officer (BISO)

Support Global Mobile Chief Information Officer

Actively executes the IS program elements and other plans developed by the Business or as Applicable

Assists the business in the completion of the IS Risk Assessments and other related IS-related compliance processes, ensuring that they are understood, that appropriate controls are embedded in the day-to-day operation, and remediation of non-compliance is documented and addressed

Responds to security events by initiating and coordinating emergency actions to protect the Business unit and its customers from an imminent loss of information or value

Provides IS security advice to the business managers and staff

Reports IS issues to the Business as applicable with appropriate documentation

Coordinates the capture of IS key indicator metrics for reporting to the Business as applicable.

Implement security solutions according to Security Policy and Practices established by Citigroup.

Ensure the business complies with the applicable requirements of the Information Security policies.

Continuously review and modify as applicable information security practices and procedures.

Determine the appropriate levels of controls to safeguard sensitive data and validate those controls are being implemented.

Manage the Risk Assessment process to include asset inventory, system criticality, and data classification, threat analysis and action plans.

Provide guidance preparing for audits, resolving audit findings and ensuring closure.

Work with the Business to develop processes and procedures to ensure information security policies and standards are integrated.

Perform Vendor Security Questionnaires and/or Vendor Onsite Security Reviews.

Guide the business! in development of action plans while reporting and tracking t! o closure all information security issues resulting from Self Assessment, Audit, Risk Assessment, Ethical Hacks, Vendor Reviews, etc

Facilitates awareness and training programs as specified by the Business and as applicable

Work with the IS peer teams to develop, coordinate and implement a robust Security Awareness & Training program.

Promote awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit.

Manage an aggressive program to promote employees' awareness and understanding of Information Security Policy, Standards & procedures.

Distribute information security awareness materials and publications appropriately within the business.

Conduct annual Security Awareness Days. 

Tailor and deploy training materials providing training sessions as necessary.

Track and rep! ort status of all required training sessions and awareness initiatives.

Build relationship with the International Business Heads and Senior Management teams.

Frequently interact with, and educate, the Business Heads and their Senior Management teams on current issues and overall status of the information security program.

Help drive best practices between organizations and countries.

Identify key business contacts to ensure adequate coverage for the business' security program.

Maintain a relationship with internal and external auditors.

Meet regularly with business and technology managers.

Attend Business Information Security Officer (BISO) meetings.

Apply for this job vacancy