Job description

The Information Security Senior Analyst is responsible for driving governance, risk, and compliance efforts within the CISO team at Citi, focusing on regulatory and security program management, penetration testing, and vulnerability management processes. The role requires a minimum of 8 years of relevant experience, preferably within the banking or financial services industry, along with certifications such as CISSP, CRISC, CISM, CISA, and a strong understanding of international security standards.

Responsibility

• Manage and validate deliverables of all Information Security programs, ensuring closure per agreed timelines and goals.
• Work closely with Global & Regional Information Security teams to improve processes and reduce risk.
• Manage internal/external resources to organize cyber attack simulations and penetration testing.
• Accountable for delivery of the associated remediation from regulatory assessments.
• Proficiency in preparing periodic updates/reports/presentation deck for both internal stakeholders and regulators.
• Provide timely updates to regional and global stakeholders; escalate issues promptly to senior management.
• Build and develop partnerships with business, IT, risk, compliance, IS, senior management staff, and stakeholders.
• Facilitate and lead cross-functional meetings, assist in developing analytics and reporting to track effectiveness of process and identify potential process improvements.
• Acts as IS/Cybersecurity SME to senior stakeholders and/or other team members.

Qualifications

• Minimum 8 years or above of relevant experience in Cyber Security Management, Cyber Security Operations, Technology Risk Management, Third-party Risk Management or IT Audit.
• Experience in assessing cyber regulatory compliance such as from RBI or SEBI.
• Relevant professional qualifications with Risk/Security management e.g., CISSP, CRISC, CISM, CISA, or equivalent.
• Strong understanding of International Standards/Frameworks such as: NIST, ISO 27001 series, COBIT, CIS, GDPR, DORA.
• Proficient in interpreting and applying policies, standards, and procedures.
• Excellent project management and organizational skills, PMP, PRINCE2 is a plus.
• Strong consultation, reporting writing, and communication skills with high proficiency in both spoken and written English.
• Bachelor’s/University degree or equivalent experience in Computer Science, Cyber Security, Computer/Information Engineering, Information Technology or a related discipline.
• One or more industry-recognized cybersecurity-related certifications such as CISSP, CISA, CISM, CRISC, ISO 27001.