Back to All Jobs
Mumbai Maharashtra India, India
10 hours ago
Information Security Risk Lead - C13 - MUMBAI

The Information Security Business Risk Officer is a senior level professional responsible for driving efforts to support governance, risk and compliance for CISO at Citi. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's cyber and information security policy and country regulatory related requirements. The role is part of the Cyber Governance, Control and Policy Team.

Responsibilities:

Manage and validate deliverables of all Information Security (IS) programs, ensuring closure per agreed timelines and goalsManage regulatory exams and internal & external auditsWork closely with Global & Regional Information Security teams to improve processes and reduce risk, and support the IS regulatory related activities for IndiaPrior successful regulatory delivery experience (Bank/Assessor/Regulator side) in a senior capacity is essentialManage internal/external resources to organize cyber-attack simulations and penetration testing, coordinating and overseeing vulnerability, mitigation/remediation/correction action plans, and issues management processAs a key member of the IS team, with significant exposure globally and regionally, the role holder must have a proven track record of delivering complex regulatory assessments and requirementsAccountable for delivery of the associated remediation from regulatory assessmentsProficiency in preparing periodic updates / reports / presentation deck for both internal stakeholders and regulatorsProvide timely and appropriate updates to regional and global stakeholders; escalate issues in a timely manner to senior managementBuild and develop partnerships with business, IT, risk, compliance, IS, senior management staff and stakeholdersFacilitate and lead cross-functional meetings, assist in developing analytics and reporting to track effectiveness of process and identify potential process improvementsActs as IS/Cybersecurity SME to senior stakeholders and/or other team members.

Qualifications:

Minimum 10 years or above of relevant experience in Cyber Security Management / Cyber Security Operations / Technology Risk Management / Third-party Risk Management or IT Audit, preferably with experience gained from banking / finance services industry / consultancy / control compliance or legal disciplinesExperience in assessing cyber regulatory compliance from RBI, SEBI etc.Relevant professional qualifications with Risk / Security management e.g. CISSP, CRISC, CISM, CISA, or equivalentStrong understanding of International Standards/Frameworks such as: NIST, ISO 27001series, COBIT, CIS, GDPR, DORA, etc.Proficient in interpreting and applying policies, standards and proceduresExcellent project management and organizational skills. (PMP, PRINCE2, etc. is a plus)Strong consultation, reporting writing and communication skills with highly proficiency in both spoken and written English


Education:

Bachelor’s/University degree or equivalent experience in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline is preferredOne or more industry-recognized cybersecurity-related certifications such as CISSP, CISA, CISM, CRISC, ISO 27001) desired

Job Position: VP, Information Security Business Risk Officer
Job Family: Business Risk & Control

Job Description
The Information Security Business Risk Officer is a senior level professional responsible for driving efforts to support governance, risk and compliance for CISO at Citi. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's cyber and information security policy and country regulatory related requirements. The role is part of the Cyber Governance, Control and Policy Team.

Responsibilities:

Manage and validate deliverables of all Information Security (IS) programs, ensuring closure per agreed timelines and goalsManage regulatory exams and internal & external auditsWork closely with Global & Regional Information Security teams to improve processes and reduce risk, and support the IS regulatory related activities for IndiaPrior successful regulatory delivery experience (Bank/Assessor/Regulator side) in a senior capacity is essentialManage internal/external resources to organize cyber-attack simulations and penetration testing, coordinating and overseeing vulnerability, mitigation/remediation/correction action plans, and issues management processAs a key member of the IS team, with significant exposure globally and regionally, the role holder must have a proven track record of delivering complex regulatory assessments and requirementsAccountable for delivery of the associated remediation from regulatory assessmentsProficiency in preparing periodic updates / reports / presentation deck for both internal stakeholders and regulatorsProvide timely and appropriate updates to regional and global stakeholders; escalate issues in a timely manner to senior managementBuild and develop partnerships with business, IT, risk, compliance, IS, senior management staff and stakeholdersFacilitate and lead cross-functional meetings, assist in developing analytics and reporting to track effectiveness of process and identify potential process improvementsActs as IS/Cybersecurity SME to senior stakeholders and/or other team members.

Qualifications:

Minimum 10 years or above of relevant experience in Cyber Security Management / Cyber Security Operations / Technology Risk Management / Third-party Risk Management or IT Audit, preferably with experience gained from banking / finance services industry / consultancy / control compliance or legal disciplinesExperience in assessing cyber regulatory compliance from RBI, SEBI etc.Relevant professional qualifications with Risk / Security management e.g. CISSP, CRISC, CISM, CISA, or equivalentStrong understanding of International Standards/Frameworks such as: NIST, ISO 27001series, COBIT, CIS, GDPR, DORA, etc.Proficient in interpreting and applying policies, standards and proceduresExcellent project management and organizational skills. (PMP, PRINCE2, etc. is a plus)Strong consultation, reporting writing and communication skills with highly proficiency in both spoken and written English


Education:

Bachelor’s/University degree or equivalent experience in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline is preferredOne or more industry-recognized cybersecurity-related certifications such as CISSP, CISA, CISM, CRISC, ISO 27001) desired

------------------------------------------------------

Job Family Group:

Risk Management

------------------------------------------------------

Job Family:

Business Risk & Control

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting

Show More
Save & Apply Later Applying Later... Click to ApplyI AppliedDidn't Apply
Confirm your E-mail: Send Email
Apply for this job
Next Job »
All Jobs from CITI
20 CITI jobs in Mumbai Maharashtra India
Next Job »
Search Jobs Citi Apply Later
Processing Unique Jobs for You: