Citi Group SVP Senior Information Security Officer 

China, Hong Kong 

93160637

Responsibilities:

• Manage a large/complex team or multiple teams, overseeing resources, budget, policy formation and short to medium term planning
• Manage and validate deliverables of all Information Security (IS) programs, ensuring closure per agreed timelines and goals
• Identify and assign key metrics (e.g. KRI/KPIs) to support effective monitoring and management of operational risk including controls assurance and ensure issues identified and corrective actions are raised to address gaps.
• Provide strong oversight of CAP (Corrective Action Plan) remediation activities both for audit and control issues including quality completion of Risk Exception documentation and annual

renewals. Support the assigned technology platform re ensuring the remediation of corrective actions relating to both self-identified and audit issues are completed on time and with the

appropriate level of quality and adherence to IBAM.

• Conduct cost-benefit analysis to justify IS investment, and build the IS team by promoting partnerships, and marketing IS developments
• Partner with Global Information Security Officers and Global Information Security Program Managers to improve processes and reduce risk
• Ensure risks are identified, assessed, mitigated and controlled, and assist Security Incident Response Teams as the Business IS Consultant
• Ensure Control Preparedness and control effectiveness, as part of the Audit preparedness exercise, ensuring IS programs are audit ready
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.

Qualifications:

• 10+ years of relevant experience
• Strong understanding of APAC Regulatory requirements
• Proven experience with scripting and programming languages preferred
• Advanced Microsoft Office skills preferred
• Demonstrated ability to collaborate with a variety of analytical groups and service delivery organizations
• Advanced analytical and problem solving skills
• Consistently demonstrates clear and concise written and verbal communication
• Proficient in interpreting and applying policies, standards and procedures
• Demonstrated ability to remain unbiased in a diverse working environment

Education:

• Bachelor’s degree/University degree or equivalent experience
• Master’s degree preferred
• Relevant professional qualifications with Risk / Security management e.g. CISM, CISA, CISSP or equivalent
• Local language proficiency.

Time Type:

View the " " poster. View the .

View the .

View the