Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

Citi Group Info Sec Prof Senior Analyst Cyber Security 
Singapore, Singapore 
325096434

03.09.2024

The Info Sec Prof Senior Analyst is an intermediate level position responsible for leading efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy. The Suspicious Activity Management (SAM) is a regulatory Governance program which Identifies Critical Internet Facing Applications within CITI and make sure they are compliant within the Citi’s requirements and regulatory standards for monitoring and detecting suspicious activities. The SAM Analyst will rely on knowledge of Citi's SAM (Suspicious Activity Management) program to manage the assessment process and implementation of security Solutions for in-scope applications that require detective (category 1) and preventative (category 2) monitoring of online customer sessions at the application layer.Responsibilities:

  • Identify potential information security (IS) risks and make recommendations for enhancement

  • Collect and analyze security risk evidence and coordinate with internal and external compliance and auditing agencies / officials

  • Execute meetings and communicate complex security topics and safe IS practices with all levels of the organization

  • Ensure that controls are utilized daily and that non-compliance remediation is addressed

  • Provide IS consulting services, including interpreting and/or clarifying information security policy, procedures, standards or concepts

  • Assist with defining and implementing IS standards to align procedures and practices in compliance with Citi standards

  • Educate and advise on safe information security practices and current, changing, and/or recommended information security requirements

  • Validate compliance with IS policies, practices, and procedures, and resolve a variety of IS related issues in coordination with the business

  • Assume informal/formal mentorship role within teams and assist with the coaching and training of new team members

  • Has the ability to operate with a limited level of direct supervision.

  • Can exercise independence of judgement and autonomy.

  • Acts as SME to senior stakeholders and /or other team members.

  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

  • Drive application security assessments by analyzing the current application architecture to determine the nature of risk and requirements (exhaustive list of events and data elements) for onboarding on to SAM monitoring tools

  • Based on the SAM assessment advise the application team on the controls necessary to achieve SAM compliance and help build a plan for the same;


Qualifications:

  • 3-5 years of relevant experience

  • Applicable Certifications(Security+, CISM, CRISC, CISSP)or willingness to earn within 12 months of joining

  • Consistently demonstrates clear and concise written and verbal communication

  • Proven influencing and relationship management skills

  • Proven analytical skills


Education:

  • Bachelor’s degree/University degree or equivalent experience


This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

The Suspicious Activity Management (SAM) is a regulatory Governance program which Identifies Critical Internet Facing Applications within CITI and make sure they are compliant within the Citi’s requirements and regulatory standards for monitoring and detecting suspicious activities. The SAM Analyst will rely on knowledge of Citi's SAM (Suspicious Activity Management) program to manage the assessment process and implementation of security Solutions for in-scope applications that require detective (category 1) and preventative (category 2) monitoring of online customer sessions at the application layer.

As a SAM Analyst you will

  • Based upon FFIEC (Federal financial Institutions Examination Council) guidelines, develop and manage detective and preventative monitoring solution for online customer sessions, at the application layer, where there is either exposure of Confidential PII online and/or the existence of Payments and Transfer to non-linked accounts

  • Drive application security assessments by analyzing the current application architecture to determine the nature of risk and requirements (exhaustive list of events and data elements) for onboarding on to SAM monitoring tools

  • Based on the SAM assessment advise the application team on the controls necessary to achieve SAM compliance and help build a plan for the same;

  • As SME provide inputs for resolution of pending technical issues during SAM assessment and onboarding of in-scope applications on to monitoring tools for both Category 1 and 2;

  • Coordinate with Splunk onboarding team or CSAP (Citi Secure Authentication Platform) Operations team where data or applications need to be clarified or reviewed for additional clarification or updated status;

  • Extensive use of the SAM Tracker in Archer to archive status of compliance, actions, deliverables and to manage the queue for follow-up tasks;

  • Prepare slides for the weekly SAM(Suspicious Activity Management) Committee reviews as well as for other management, audit or regulatory reviews;

  • Prepare metrics and GISMR report to the senior management;

  • Provide businesses with full description of the SAM Program in as much detail as is necessary, when needed.

Ideal background

  • Bachelor’s or Master’s degree in Computer Science/Technology or related field, or

  • 3-5 years of experience in IT Risk Management/Information Security specifically performing IT Risk Assessment for web applications/infrastructure;

  • 3-5 years of experience in IT program management;

  • Thorough understanding of web application design and architecture as well as application and network level nomenclature and models, including Mobile technology channels, API’s, SDK’s, middleware, authentication protocols and more;

  • Thorough understanding of Software Development Lifecycle (SDLC) including Agile Methodology and Cloud sourcing;

  • Strong MS Excel and PowerPoint skills;

  • Experience in the use and knowledge of Archer is a bonus;

  • Financial services experience is strongly preferred; including familiarity with FFIEC guidelines (Authentication in an Internet Banking Environment);

  • A confident, dynamic individual capable of defining, building and matrix managing a global program across technology and business organizations in a constantly evolving global enterprise.

Information Security


Time Type:

Full time

View the " " poster. View the .

View the .

View the