Citi Business Information Security Officer (BISO) – Global ID Administration in Budapest, Hungary
Primary Location: Hungary,Budapest,Budapest
Education: Bachelor's Degree
Job Function: Technology
Shift: Day Job
Employee Status: Regular
Travel Time: Yes, 10 % of the Time
Job ID: 17016645
The BISO works to ensure Citi's information is protected by effectively applying the Confidentiality, Integrity and Availability framework as required by Citi IS policy and standards as well as by local regulation. The BISO will partner directly with the business and technology to ensure information security risks are identified, assessed, mitigated and controlled through the deployment of a sustainable information security risk management program. The BISO is accountable for all IS activities that are relevant and applicable to Global ID Administration Group.
This individual will support the complete spectrum of business level IS programs including, but not limited to; security incident management, Information Security Risk Assessment (ISRA), risk exception and corrective action management, identity and access management (IAM), training and awareness, third party IS assessment (TPISA). The BISO is a true risk manager and is expected to proactively prioritize their own work using a risk based approach. This requires flexibility and adaptability to changing priorities.
• Communicates and interacts regularly with employees and business management on IS related programs, policies, and standards.
• Assists in the definition and implementation of IS standards at the business level to ensure that procedures and practices comply with Citi standards.
• Exercise oversight to the IS program within the business, including programs, policies, and related reporting
• Enforces compliance; demonstrates extensive understanding of IS standards and best practices across multiple disciplines.
• Provide general IS consulting services including interpretation and/or clarification.
• Ensures IS Risk Assessment is performed according to Citi standards by partnering with the businesses throughout the ISRA process and determines the impact of control deficiencies.
• Collaborates to create Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools
• Assists with Third Party IS Assessment (TPISA) follow-up.
• Helps security incident response teams resolve and close the investigation of incidents with proactive suggestions.
• Performs IS awareness and training activities, including IS education of new employees. Ensures IS awareness materials are distributed per CISS requirements. Monitors / tracks IS training per CISS requirements.
• Monitors vulnerability assessments and ethical hacks, ensuring that issues are addressed as required by local regulation and Citi policy
• Maintains Information Security oversight and provides support to the global operations center for Global ID Administration Group
• Exposure to senior management to demonstrate / highlight key skills and contributions
Knowledge and Experience:
• 5+ years’ experience in IS and at least 2 IS programs including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment.
• Technology background or interaction
• Knowledge of key government regulations and local laws.
• Other Risk Management activities should be as Sector or business IS SME or some risk management role.
• Project management experience.
• Consultative / advisory skills.
• Organizational skills.
• Some problem solving skills.
• Some influence / conflict resolution skills.
• Some project management and program management skills.
• Verbal and written communication skills.
• Working knowledge of the technology aspects of security.
• Leadership skills.
• Program management skills.
• Strong customer service and problem solving skills.
• Strong risk analysis and problem solving skills.
IS Certification: Required (CISSP, CISM, or CISA) – Technology certifications may also equate to the same standards
• Able to interpret and apply policies, standards and procedures.
• Understanding of the IS risks that are inherent to a business.
Intermediate level of English is needed for the job.