Job Description

Description:

Citi Information Security Office (CISO) Information Security Risk & Compliance Manager (Information Security) candidate will work with their staff to support the APAC Citi Information Security Office (CISO) group, helping the team the associated risks for the CISO processes, domains, and product. While the support will be focused on the APAC group, this position will help influence global CISO Risk and Compliance processes. This will be done through designing, implementing, and monitoring of risk and control framework. Person will be required to work with SMEs on Internal and external Audits; drive compliance of processes, Infrastructure, and applications with Citi Policies; ensure the teams follow the issue management standards and contribute to an Effective Management Control Assessment.

Responsibilities:

Be responsible for managing and supporting multiple risk and control programs for the organization including working with the global CISO Risk team to define the strategy, approach, processes, quality, tools and reporting that provide APAC risk management consistency and excellence within CISO.

• Strong understanding of APAC Regulatory requirements e.g. MAS Regulatory requirements for Financial Institutes like MAS644, MAS655 etc, RBI, SEBI, APRA, HKMA, Bank Negara etc.
• Ensure that emerging risks identified are socialized with key stakeholders and mitigation

strategies are in place.

• Identify areas of engagement based on level of investment, inherent risk, complexity of

change and other risk factors

• Execute Risk Control coverage strategy, ensure appropriate risk mitigation actions are in

place and escalate to senior management as appropriate

• Provide supervision of Risk Control team\'s efforts and assist with prioritizing and addressing

roadblocks encountered

• Identify and assign key metrics (e.g. KRI/KPIs) to support effective monitoring and

management of operational risk including controls assurance and ensure issues identified and

corrective actions are raised to address gaps.

• Provide strong oversight of CAP (Corrective Action Plan) remediation activities both for audit

and control issues including quality completion of Risk Exception documentation and annual

renewals. Support the assigned technology platform re ensuring the remediation of corrective

actions relating to both self-identified and audit issues are completed on time and with the

appropriate level of quality and adherence to IBAM.

• Support assigned technology platform during internal and external audits. Assist in all

interactions with audit including deliverables management, audit fieldwork, business monitoring and meetings.

• Leverage reporting to identify trends, themes and areas requiring improved controls

Drive Manager\'s Control Assessment monitoring, quarterly approvals and improvements

required

• Appropriately assess risk when business decisions are made, demonstrating particular

consideration for the firm\'s reputation and safeguarding Citigroup, its clients and assets, by

driving compliance with applicable laws, rules and regulations, adhering to Policy, applying

sound ethical judgment regarding personal behavior, conduct and business practices, and

escalating, managing and reporting control issues with transparency, as well as effectively

supervise the activity of others and create accountability with those who fail to maintain these

standards.

• Complete all tasks in connection with the organization\'s activity but not detailed in the current

job description, assigned by the direct manager, supervisor, or the functional head.

Ideal Background

• 6-10+ years\' experience in Risk and compliance experience

Demonstrable Information Security Risk knowledge based on working in real-world environments & situations.

Strong understanding of APAC Regulatory requirements e.g. MAS Regulatory requirements for Financial Institutes like MAS644, MAS655 etc, RBI, SEBI, APRA, HKMA, Bank Negara etc.

• Excellent communication skills required in order to negotiate internally, often at a senior level. Some external communication may be necessary.
• Full management responsibility of a team or multiple teams.

Education:

• Bachelor\'s/University degree or equivalent experience, potentially Master\'s degree
• Relevant professional qualifications with Risk / Security management e.g. CISM, CISA, CISSP or equivalent

Job Family Group:
Risk Management


Job Family:
Business Risk & Control


Time Type:
Full time


Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .

View the " EEO is the Law " poster. View the EEO is the Law Supplement .

View the EEO Policy Statement .

View the Pay Transparency Posting

eFinancialCareers