Вакансии ИТ

Business Information Security Officer

Дата:30 Мая
Требования:Communicates and interacts regularly with employees and business management on IS related programs, policies, and standards.
Integrates GISO priorities into day-to-day business. Engages TISO, SME or senior ISO where additional technical knowledge is required.
Communicates with the business managers, Technology, BISOs, lead cluster ISO, GISO; escalates as appropriate.
Provides general IS consulting services including interpretation and/or clarification.
Exercises oversight to the IS program within the business, including programs, policies, and related reporting.
Assists in the definition and implementation of IS standards at the business level to ensure that procedures and practices comply with Citi standards, guidelines and Local Regulatory requirements.
Enforces compliance; demonstrates extensive understanding of IS standards and best practices across multiple disciplines.
Present Information Security updates in IT Steering Committee and BRCC.
Assist business in ensuring a successful rating in the IA (Internal Audit) as well as other internal & external audits.
Performs IS awareness and training activities, including IS education of new employees. Ensures IS awareness materials are distributed per CISS requirements. Monitors / tracks IS training per CISS requirements.
Conduct risk assessments of the processes, platforms and applications being used within the business.
Ensures IS Risk Assessment is performed according to Citi standards by partnering with the businesses throughout the ISRA process and determines the impact of control deficiencies.
Highlight issues to senior management and assist in ensuring that Risk Acceptances, Corrective Action Plans are in place for the business in non-compliance area and track corresponding corrective actions via iCAPS. Develops corrective action language for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets Citi requirements or industry best practices.
Ensure the existence and communication of a SIRT process. Helps security incident response teams resolve and close the investigation of incidents with proactive suggestions.
Assist with the review of all third parties that qualify for IS assessments to be performed by BISO in accordance with TPISA guidelines. Ensuring all 3rd Parties with access to Citi confidential information or higher are updated in the Citi Approved Supplier Program (CASP). Supports business by reviewing Third Party contract language as it relates to IS.
Ensure Information Owners periodically review resources under their ownership and participate in ISRA program as required.
Assist to ensure semi-annual entitlement reviews (EERS and Manual Entitlement Reviews) are conducted in a timely manner.
Assist technology and business to ensure smooth centralization of remaining applications to GIDA, i.e. 3rd party application to GIDA ESO.
Responsible for performing a business information security review and approval of 3rd party network connectivity requests for business units that are entered into the Citi Connectivity Registry (CCR).
Ensure schedule of VA testing and remediation of issues identified during testing process as per AVA process. Remediation of issues identified during testing process.
Ensure business is in compliance with Citi's data Protection program in order to protect sensitive Citi data. Focus to ensure compliance with Secure email, Email monitoring, Endpoint Monitoring, Portable Media, Secure File and Data Transfer related requirements. Where full compliance is not feasible for justified reasons ensure Risk Exception and appropriate compensating controls are in place to mitigate the risks.
Review Standalone PCs to ensure compliance with Citi IS policies and standards.
Oversee high risk privileges, USB, Administrative Accesses assigned to business users and ensure the entitlement is justified.
Assist in ensuring compliance to Citi CTR (Citi Transfer Repository) directive and guidelines in the business.
Participate in Information Security / Internal Audit seminars / workshops / training sessions to keep abreast with latest technologies, audit tools and skills.
Participates in the IS community forums, on committees and cross-business / functional opportunities
Provides input for BRCC/attends BRCC.
Participate in Information Security / Internal Audit seminars / workshops / training sessions to keep abreast with latest technologies, audit tools and skills.
Ensure compliance with local regulation associated with Information Security matters.
Provide support and advise the Business on queries related to Information Security.
Квалификация:Accountable for all IS activities that are relevant to the Business they support.
Performs IS activities as his/her primary function.
The BISOs primary area of focus is the IS Risk Management for the Business they support (Front Office, Operations, or Technology) and its processes.
This position reports to the ICG IS Cluster Head, who reports to the EMEA ICG Information Security GISO.
Контакты:(044) 490-10-00