CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
Job Purpose: To act as Subject Matter Expert in all Information Security activities, programs and initiatives for multiple Enterprise Operations & Technology business units (CTI/CATE/ESC/CRS/R&LS/CSS) across the ASPAC region. Manage all aspects of the regional information security team, providing direction and leadership as appropriate in delivering the information security program across the ASPAC region. Job Background / Context: Information Security is a primary area of focus for Citi. This key senior role reports directly to the Global Head of EO&T Information Security. The regional GISO is required to work with senior management across all functions both globally and within the region in creating and delivering the vision and strategy for the IS program: Establish productive and mutually beneficial relationships with stakeholders at all levels to provide IS leadership in developing a long-term IS strategy that aligns with the business strategic goals; taking a big picture view, considering how IS activities impact businesses; working with senior management to integrate IS activities into business plans. Key Responsibilities:
Representing the IS function across the business, explaining the value of IS and sharing expertise; establishing self as an advisor and key contact for IS issues
Leveraging business knowledge and IS expertise
Demonstrating in-depth knowledge of the business, including products and services, strategic priorities, metrics, operations processes and workflows, customer base, and third-party relationships; applying knowledge of business cycles and requirements to manage work efficiently
Demonstrating a detailed knowledge of the Citi IS program and its key components (ISRA, Entitlement, ETM, TPISA, SIRT, etc.), along with IS processes and tools, how they work, and what results they provide; being aware of key government regulations and local laws to ensure that actions comply with these requirements; e.g., Gramm-Leach-Bliley, Sarbanes Oxley, Support business units with their disclosure and recognition of control issues, including the review of all evidence to ensure that issues are managed to consistently high standards
Apply knowledge of standards, best practices, position papers and general process areas to coordinate the effective review of the entities operating processes and process control manuals commensurate with published risk methodologies and business strategies
Building IS talent: Evaluating the need for ISO talent in the unit and recommending appropriate coverage; providing honest and targeted feedback and helpful suggestions to ISOs, helping them to identify and prioritize development objectives; helping to identify ISO skill gaps and needs and arranging appropriate training
Understand and proactively manage risk and compliance in respective area of responsibility
Appropriately assess risk/reward relationships when making business decisions
Identify risk inherent in particular situations or transactions and its impact on other areas of Citi or on Citi as a whole
Ensure that issues are resolved with urgency and escalate them in a timely manner. Adhere to corporate and business specific policies and consider appropriate controls as part of day to day responsibilities (e.g., anti-money laundering)...Contribute to a 'no surprises' compliance culture by ensuring transparency and candor in managing control issues
Think creatively and encourage others to continuously improve. Challenge the status quo and traditional thinking. Develop innovative solutions that enhance our products, services and processes. Work effectively in the face of ambiguity; adapt to and drive positive change
Knowledge / Experience:
Knowledge and understanding of Cyber Security risks and defense in depth infrastructure
Technical knowledge across a wide range of platforms
Knowledge and understanding of emerging risk areas, e.g. mobile, remote access, wireless technologies, DLP, cloud computing, etc.
Experience of working with ITIL, ISO 27001 and/or CoBIT processes and procedures, including document control
Audit experience and exposure is essential
Strong risk management background in a multi-national financial organization
High level of proficiency with all MS Office products
Extensive strategic and analytical skills
Working knowledge of IS regulatory issues as well as company products and services
Advanced technical knowledge of IS systems and processes
Demonstrated in depth knowledge of all IS programs
Builds and maintains relationships with senior business managers
Experience working across lines of business
Excellent negotiating skills
Understanding of the threat and risk landscape across the industry