Citi MYS CTSM KL - Asia Securities Services Business Information Security Officer - AVP/VP in Malaysia

  • Primary Location: Malaysia,Wilayah Persekutuan,Kuala Lumpur

  • Education: Bachelor's Degree

  • Job Function: Technology

  • Schedule: Full-time

  • Shift: Day Job

  • Employee Status: Regular

  • Travel Time: Yes, 10 % of the Time

  • Job ID: 15092763

Description

  • Communicates and interacts regularly with employees and business management on IS related programs, policies, and standards

  • Integrates Business and Regional GISO priorities into day-to-day business

  • Communicates with the Business and Regional GISOs and business managers; escalates as appropriate

  • Provides general IS consulting services including interpretation and/or clarification

  • Supports the business by reviewing Third Party contract language as it relates to IS

  • Exercises oversight to the IS program within the business, including programs, policies, and related reporting

  • Helps security incident response teams resolve and close the investigation of incidents with proactive suggestions

  • Assists in the definition and implementation of IS standards at the business level to ensure that procedures and practices comply with Citi standards

  • Participates in the IS community on committees and cross-business / functional opportunities

  • Enforces compliance; demonstrates extensive understanding of IS standards and best practices across multiple disciplines

  • Reviews status of business IS program and oversees corrective action when necessary

  • Develops corrective action language for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets Citi requirements or industry best practices

  • Collaborates to create Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools (iCAPs, CIRAS, etc.)

  • Ensures that approvals and reviews are executed when needed

  • Performs IS awareness and training activities, including IS education of new employees. Ensures IS awareness materials are distributed per CISS requirements

  • Monitors / tracks IS training per CISS requirements

  • Assists with Third Party IS Assessment (TPISA) follow-up

  • Ensures IS Risk Assessment is performed according to Citi standards by partnering with the businesses throughout the ISRA process and determines the impact of control deficiencies

  • Ensures Information Owners periodically review CSI IS-related information and it is accurate

  • Engages a TISO, SME or another senior ISO where additional technical knowledge is required

  • Educates and advises the business on safe IS practices and current, changing, and/or recommended IS requirements

  • Plans and executes the IS strategy

  • Provides periodic IS risk management reports highlighting key issues and corrective action plans

  • Coordinates IS activities with business plans

  • Articulates the value of IS controls and its bottom line impact

  • Seeks opportunities to enhance the efficiency of policies and procedures

  • Partners with business coordinators in other disciplines; e.g., MCA, CoB, Records Management, Fraud Management, etc.

  • Reviews IS action plans with management and monitors implementation of approved plans

  • Leverages the ISO network to pool resources, seek out best practices, and create efficiencies

  • Monitors vulnerability assessments and ethical hacks, ensuring that issues are addressed for all applications that are not managed by Citi technology groups; for example, vendor-managed / hosted

  • Manages risk by analyzing the root cause of issues, impact to business, and required corrective actions by leveraging analytical skills

  • Guides the business to ensure that IS risks, controls, and tests are embedded in the IS component of MCA

Qualifications

  • Soft skills (team player, able to communicate fluently in English – written/spoken – across multiple levels – staff all the way to senior management), as well as strong MS office skills (especially with Word / Excel / PowerPoint) are critical

  • Industry certifications: either one of CISA / CISSP/ CISM preferred; the successful candidate will be expected to obtain an IS industry certification if not already held

  • Degree: at least a Bachelors’ degree in either Computer Science/Engineering/Business/Finance; Masters’ degree a plus

  • Desired Work experience: at least 3 years in a similar ISO or risk & control role, or significant relevant business experience; total work experience of at least 8 years