Overview of the Role
The Cyber Risk Analyst is responsible for supporting the identification, assessment, and remediation of cyber risks globally for the organization they support within the Business, Functions, and Technology Information Security Organization (BFT-ISO) in Citi. This position requires experience in cyber risk and the ability to lead initiatives, create executive and action-oriented presentations, and drive stakeholder remediation using a risk-based approach.
Key Responsibilities
- Build Relationships
- Act as a Trusted Security Advisor to business and technology teams, guiding them on understanding and addressing cyber risk.
- Develop relationships with the business, technology, second line, third line, and other CISO teams.
- Articulate risk and impact to stakeholders in a clear and succinct manner.
- Guide the organization:
- Evaluate CISO programs escalations, security incidents, key metrics, and other sources to prepare guidance for stakeholders on risk remediation and reduction prioritization.
- Review results of cyber security risk appetite non-compliance, understand the gaps identified, their root causes, impacts and provide guidance to responsible stakeholders, as well as insights on key themes and remediation plans to CISO and related governance organizations.
- Partner with BFT-ISO leadership to identify and dimension cyber risk, presenting status and actions.
- Partner with BFT-ISO leaders, as well as second line of defense to drive security compliance and awareness.
- Identify Cyber Risk and impacts
- Build a working knowledge of Citi’s cyber security standards and partner with business/technology teams to help them understand the “so what” and prioritize risk reduction efforts.
- Understand the alignment between program-level reporting and cybersecurity risk appetite non-compliance.
- Issue Management
- Ability to review issues identified and understand the “so what” of how the issue impacts the business.
- Articulate how risk scoring is determined and be able to articulate why a risk is high, medium, or low
- Determine if compensating/mitigating controls are sufficient to reduce risk score
- Determine if severity should be increased when risks are aggregated
- Challenge issue owners and the organization on predicted to achieve appropriate risk reduction
- Reporting
- Present risk-based reporting to senior leaders, stakeholders, including business, technology, second line of defense, and other BFT-ISO teams.
- Client / Vendor Support
- Partner with Enterprise CISO Programs to ensure third party risks are holistically addressed across the organization in alignment with Citi requirements
- Audit / Regulatory Support
- Understand regulatory and country-specific requirements for cyber security impacting the business and support audit requests working in partnership with CISO Governance, Controls and Policy.
Qualifications:
- 6-10 years of relevant experience
- Understanding of security frameworks, specifically the Cyber Risk Institute (CRI) Profile
- Proficient in interpreting and applying policies, standards, and procedures
- Extensive knowledge of information security specifically in application SDLC as well as risk assessment methodologies, tools, and industry standards.
- Strong leadership, analytical, and problem-solving skills
- Excellent communication and interpersonal skills
- CRISC, CISA, CISM, CISSP preferred
- At least intermediate-level proficiency in Microsoft Office tools
Critical Competencies:
- Ability to work at both a strategic and tactical level, focusing on the broader picture while driving execution.
- Ability to manage multiple initiatives simultaneously, determine prioritization, and work under minimal supervision.
- Awareness of latest Information Security risks.
- Comfort working in a highly global, diverse, and hybrid (office and virtual) work environment.
- Project management skills, ability to organize and prioritize activities, and report on those activities at an executive level.
- Strong risk analysis and problem-solving skills.
- Knowledge of business, regulatory, and compliance requirements in the financial services industry
Education:
- Bachelor’s degree/University degree or equivalent experience
- Master’s degree preferred
Information SecurityFull timeIrving Texas United States$125,760.00 - $188,640.00
Anticipated Posting Close Date:
Aug 09, 2024View the " " poster. View the .
View the .
View the