Job Description

The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi\'s clients\' and our proprietary data. We manage information security as one end-to end program \xe2\x80\x93 one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions. The APAC CISO covers all countries and organisations within the Region. The primary responsibility of this role is to oversee the CISO functions in APAC, providing services globally as part of a follow-the-sun support model. The position is also accountable for the Regional Programs and responsible for the execution of the Regional and Country IS Strategy and; reports directly to the ICG CISO (Institutional Clients Group - Chief Information Security Officer) and has a matrix reporting line to the APAC O&T Head. This leadership role within CISO is responsible for ensuring all business needs in Asia are met by developing and maintaining strong relationships with key stakeholders across all sectors while having a deep understanding of the services offered and the capabilities of our global organization. The candidate is required to establish themselves as trusted entity among senior management and routinely handle very complex, high-pressure situations by leveraging strong leadership and communication skills. Responsible for collaborating with senior leadership globally to ensure technology and services are standard and globally aligned. This position will also be our main information security interface with numerous local regulators in the region. Key Responsibilities -

• Manage regional relationships and successfully represent the global CISO interests
• Manage a large/complex matrixed team, including the people, budget, policy formation, and strategy planning, within a globally matrixed organization.
• Be fully responsible for data-driven and threat focused cyber and information security program in the region
• Lead regional cyber and information security organization, which includes hiring, staff development, performance management, diversity, equity, and inclusion.
• Manage the budget for cyber and information security in the region.
• Build internal and external networks to ensure alignment across programs, industry best practices, and to maintain current knowledge regarding cybersecurity threats and risks. Communicate with peers, regulators, law enforcement etc., when necessary.
• Communicate and drive priorities from CISO Leadership management to matrixed and non-matrixed teams within the organization through influence and strong communication skills.
• Manage deliverables pertaining to regional CISO reporting and audit/regulatory related requests
• Ensure that global CISO initiatives and processes are successfully and consistently implemented regionally with an informed view of risk and available options
• Oversee incident handling efforts in the region working with operations teams regarding incident handling playbooks, security incident response, recovery and investigations, post-mortem and root cause analyses, and collaborate with stakeholders to remediate them.
• Supervise incident response coordination for large-scale cyber incidents and crises, maintaining alignment and momentum with peer teams
• Build and maintain relationships with internal and external customers, and business partners and stakeholders
• Understand the current external threat environment and advise relevant stakeholders on the appropriate courses of action, promoting security as an enabler for business innovation and digitization, including the evaluation and recommendation of technical controls.
• Identify, assess, track and report on security issues identified in third-party due diligence processes, self-assessments, architectural reviews, application testing, vulnerability scans, bug bounty programs, penetration testing, change management, cyber exercises, reviews and audits. Technically advise stakeholders on recommendations and remediation plans.
• Provide regular reporting on the current status of the information and cyber security program to senior management and business unit leaders.
• Provide regular updates on the state of Information and Cyber Security to the Boards of Directors for each Legal Vehicle based in the Region
• Demonstrate a comprehensive understanding of industry knowledge about how the disciplines of CISO Controls collectively integrate to contribute to achieving business goals
• Develop and support program management staff to support the APAC CISO Programs
• Provide oversight to ensure that processes and projects are completed in a timely manner
• Monitor CAPs and remediation efforts in response to security events, assessment and audit results
• Develop Global CISO talent
• Engage with Clients in partnership with business to maintain and enhance relationships leveraging cybersecurity expertise

Qualifications include:

• 15+ years of experience in Information/Cybersecurity in a highly regulated industry such as Finance, Healthcare, and/or Government within a large multi-national organization with a global scope with high influence requirements. 10+ years people management experience across a global organization, with hands-on experience building diverse teams while promoting an inclusive organization.
• A demonstrated knowledge of information security standards, rules and regulations related to information security and data confidentiality and other various security standards and policies.
• Ability to understand not only emerging industry trends as far as cyber security is concerned, but also the landscape of emerging threats, making appropriate adjustments within the ICG program.
• Ability to effectively manage the tactical cyber security mission while continuing to drive the Citi and the ICG cyber security strategy forwards, always thinking 2-3 years ahead.
• Ability to operate effectively across a highly matrixed, global business environment.
• Strong focus and record of execution
• Strong leadership, strategic thinking, and large-scale planning abilities.
• Strong interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex IS topics for understanding and critical decision making by ICG and Citi Senior Management.
• Excellent problems solving abilities and analytical skills; proven ability to effectively drive global teams to meet challenging deadlines solving complex problems.
• Ability to apply a broad and comprehensive understanding across multiple functional areas.
• Strong work ethic, and an excellent use of discretion and judgment.
• Ability to organize, prioritize, and lead multiple deliverables simultaneously across a large, global corporate environment.
• Strong business and regulator acumen.

- Job Family Group: Technology - Job Family: Technology Management - Time Type: - Citi is an equal opportunity and affirmative action employer. Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Citigroup Inc. and its subsidiaries ("Citi\xe2\x80\x9d) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi. View the "EEO is the Law" poster. View the EEO is the Law Supplement. View the EEO Policy Statement. View the Pay Transparency Posting