Complete posting 09006291

Requisition number 09006291

IS COB & Controls Intermed Analyst-BISO

Information Security Implementation

•	Actively executes the IS program elements and other plans developed by the Business or as Applicable

•	Assists the businesses in the completion of the IS Risk Assessments and other related IS-related compliance processes, ensuring that they are understood, that appropriate controls are embedded in the day-to-day operation, and remediation of non-compliance is documented and addressed

•	Responds to security events by initiating and coordinating emergency actions to protect the Business unit and its customers from an imminent loss of information or value

•	Provides IS security advice to the business managers and staff

•	Reports IS issues to the Business as applicable with appropriate documentation

•	Coordinates the capture of IS key indicator metrics for reporting to the Business as applicable.

•	Implement security solutions according to Security Policy and Practices established by Citigroup.

•	Ensure the business complies with the applicable requirements of the Information Security policies.

•	Continuously review and modify as applicable information security practices and procedures.

•	Determine the appropriate levels of controls to safeguard sensitive data and validate those controls are being implemented.

•	Manage the Risk Assessment process to include asset inventory, system criticality, data classification, threat analysis and action plans.

•	Provide guidance preparing for audits, resolving audit findings and ensuring closure.

•	Work with the Business to develop processes and procedures to ensure information security policies and standards are integrated.

•	Perform Vendor Security Questionnaires and/or Vendor Onsite Security Reviews.

•	Guide the business in development of action plans while reporting and tracking to closure all information security issues resulting form Self Assessment, Audit, Risk Assessment, Ethical Hacks, Vendor Reviews, etc. •	Awareness & Training.

•	Facilitates awareness and training programs as specified by the Business and as applicable

•	Work with the IS peer teams to develop, coordinate and implement a robust Security Awareness & Training program.

•	Promote awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit.

•	Manage an aggressive program to promote employees' awareness and understanding of Information Security Policy, Standards & procedures.

•	Distribute information security awareness materials and publications appropriately within the business.

•	Conduct annual Security Awareness Days.

•	Tailor and deploy training materials providing training sessions as necessary.

•	Track and report status of all required training sessions and awareness initiatives.

Relationship Management

•	Build relationship with the International Business Head and Senior Management teams.

•	Frequently interact with, and educate, the Business Head and their Senior Management team on current issues and overall status of the information security program.

•	Help drive best practices between organizations and countries.

•	Identify key business contacts to ensure adequate coverage for the business' security program.

•	Maintain a relationship with internal and external auditors.

•	Meet regularly with business and technology managers.

•	Attend Business Information Security Officer (BISO) meetings.

•	6 - 9 years experience in Information Security.

•	Experience with interpretation and application of IS Policy and Standards •	Past experience with 2 or more IS program element areas, including, Risk Assessment, Training & Awareness, Third Party Assessment,  Identity & Entitlement, Secure Workspace, Incident Management, etc.

•	Strong risk analysis and problem solving skills

•	Knowledge of business, regulatory and compliance requirements

•	Project management skills

•	Understanding of the IS risks that are inherent to the Business and access to technical security resources as necessary To apply for this position: careers.citigroup.com use requisition number in the search field. Please feel free to contact Pamela Hulecki, Senior Recruiter, North America IT Citi at 605-261-5921 for additional information or questions.