Business Information Security Officer (Singapore) Business Information Security Officer (Singapore) …

Citi
à Singapour, Singapore, Singapour
CDI, Plein-temps
Dernière candidature, 06 juil. 20
Competitive
Citi
à Singapour, Singapore, Singapour
CDI, Plein-temps
Dernière candidature, 06 juil. 20
Competitive
Citi
Business Information Security Officer (Singapore)
The Singapore Business Information Security Officer (BISO) is accountable for all IS activities including but not limited to oversight the IS Risk Management to the Franchise and its processes and also support the APAC region when needed. The BISO will support the Country, APAC region and work closely with Business,  Operations & Technology teams and the overall ISO community to oversee and monitor adherence with Citi IS Policy and Standards, manage risk and provide Business advise on Information Security.
Reports to APAC Head of Information Security Services.
Key Responsibilities:
Focuses on Key BISO activities:
  • Ensure IS Risk assessments (ISRA) is conducted for Projects, Applications, and Third Party Outsourcing arrangements in accordance to Citi Standards by partnering with Technology and the Business and determines the impact of control deficiencies
  • Participate in industry forums and stay close to evolving regulations (MAS, CSA, etc.) to provide subject matter expert feedback. Ensure new and updated information and cyber security regulations are assessed for impact in a timely manner by partnering within ISO community, Technology and Business
  • Assists in the definition and implementation of IS standards at the business level to ensure that procedures and practices comply with Citi standards.
  • Develops corrective action language for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets Citi requirements or industry best practices
  • Collaborates to create Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools
  • Support business on IS matters during audit reviews and regulatory inspections
  • Helps security incident response teams resolve and close the investigation of incidents with proactive suggestions
  • Validate third party issues and ensure management's awareness of the risk involved
  • Provide information and cyber security awareness training
  • Provides periodic IS risk management reports in business language and to business, highlighting key issues and corrective action plans
  • Lead the country Cyber exercise engagement along with the Cyber Exercise team and country business Subject Matter Experts (SME)
  • Ensures oversight and compliance  to the IS program within the business, including programs, policies, and related reporting
Acts as a business partner
  • Communicates and interacts regularly with employees and business management on IS related programs, policies, and standards
  • Communicates with the Business GISOs and business managers; escalates as appropriate
  • Actively support and manage any regulatory engagement and advocacy for the country along with the Country Officer (CCO) and other seniors, working in conjunction and advise of the global and regional teams
  • Provides general IS consulting services including interpretation and/or clarification
  • Participates in the IS community on committees and cross-business / functional opportunities
  • Enforces compliance; demonstrates extensive understanding of IS standards and best practices across multiple disciplines
  • Engages a Technical Information Security Officer (TISO), SME or another senior ISO where additional technical and/or Subject Matter knowledge is required
  • Educates and advises the business on safe IS practices and current, changing, and/or recommended IS requirements
  • Plans and executes the IS strategy
  • Articulates the value of IS controls and its bottom line impact
  • Partners with business coordinators in other disciplines; e.g., Business Continuity Management (BCM), Records Management, Fraud Management, etc.
  • Leverages the ISO network to pool resources, seek out best practices, and create efficiencies
  • Work with the regulator, Association of Banks, Compliance and other Financial Institutions as needed
  • Support business to address instances of non-compliance in business processes/procedures, applications and outsourcing
  • Integrates IS in the day-to-day operations and culture of the business
  • Exercises oversight of the IS programs within the business, including programs, policies, and related reporting.
Builds and maintains supportive networks with key stakeholders and colleagues
  • Communicates and interacts regularly with employees
  • Leverages the ISO network to pool resources, seek out best practices, and create efficiencies
  • Participates in the IS community on committees and cross-business/functional opportunities
  • Partners with application manager, GIDA or TISO as needed to address specific technical needs or requirements
  • Participate and where needed lead regional IS initiatives
  • Assist business units in preparation of Audit Risk and Reviews, by identifying deficiencies against Information Security Standards, construction of remediation plans and adherence to issue management standards by way of ensuring that Corrective Action Plans and Risk Acceptances are in place, including ad-hoc IS Risk related initiatives and projects.
  • Communicate regularly with the Regional and Group Information Security Officer to implement global and regional IS initiatives within the business.
Qualifications:
  • Solid risk management skills and Information Security knowledge
  • Knowledge of key government regulations and local laws
  • Excellent consulting and problem solving skills
  • Able to convey ideas, advice and resolution options to enable business to senior management and staff
  • IT technical knowledge with a business acumen to be able to engage both business and technology teams.
  • In depth knowledge of IS programs and ability to influence stakeholders to execute on time
  • Able to work with senior business management to implement IS strategy.
  • Industry certifications: either one of CISA/CISSP/CISM preferred; the successful candidate will be expected to obtain an IS industry certification if not already held
  • Degree: at least a Bachelors' degree in either Computer Science/Engineering/Business/Finance; Masters' degree a plus Desired Work experience
  • At least 10 years in a similar ISO or risk and control role, or significant relevant business experience; total work experience of at least 15 years
Other Requirements
  • Excellent consulting and problem-solving/analytical skills.
  • Advanced presentation skills and program management
  • Good business communication skills
  • Team-player, proactive, assertive, service-oriented and has good people-skills.
  • Proven ability to manage multiple tasks and priorities.
  • Ability to manage tight time frames and communicate effectively with peers and management.
  • Flexibility to adapt to changing demands and priorities.
Education Level:  Bachelor's Degree
-------------------------------------------------
Grade :All Job Level - All Job FunctionsAll Job Level - All Job Functions - SG ------------------------------------------------------
Time Type :Full time ------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity CLICK HERE .
To view the "EEO is the Law" poster CLICK HERE . To view the EEO is the Law Supplement CLICK HERE .
To view the EEO Policy Statement CLICK HERE .
To view the Pay Transparency Posting CLICK HERE .
Close
Loading...