Citi Business Information Security Officer (Singapore) in Singapore, Singapore

  • Primary Location: Singapore,Singapore,Singapore

  • Education: Bachelor's Degree

  • Job Function: Technology

  • Schedule: Full-time

  • Shift: Day Job

  • Employee Status: Regular

  • Travel Time: No

  • Job ID: 17068956

Description

Job Description

The Singapore Business Information Security Officer (BISO) is responsible for executing IS programs within the business units of Singapore and also support the APAC region when needed. The BISO will support the Country, APAC region and work closely with Business, Operations & Technology teams and the overall ISO community to oversee and monitor adherence with Citi IS Policy and Standards, manage risk and provide Business advise on Information Security.

Key Responsibilities

Focuses on Key BISO activities:

  • Ensure IS Risk assessments (ISRA) is conducted in accordance to Citi Standards by partnering with the business

  • Collaborate to create Risk Exceptions (REs) or Corrective Action Plans (CAPS) and track them to closure

  • Support business on IS matters during audit reviews and regulatory inspections

  • Report Security Incidents to management and provide relevant information to help business assess the impact

  • Oversee Electronic Transportable Media conducted by business

  • Validate third party issues and ensure management’s awareness of the risk involved

  • Support MIS reporting and presentations on IS required monthly, weekly, quarterly for various business meetings

Acts as a business partner

  • Educates and advises the business on safe IS practices and current, changing, and/or recommended IS requirements

  • Work with the regulator, Association of Banks, Compliance and other Financial Institutions as needed

  • Coordinates IS activities with business plans

  • Articulates the value of IS controls and its bottom line impact

  • Seeks opportunities to enhance the efficiency of policies and processes

  • Partners with coordinators in other disciplines (e.g., MCA, COB, Records Management, Fraud Management, Outsourcing, Compliance, etc.)

  • Support business in responding to clients’ inquiries on cyber security and other IS controls

  • Minimize risk to the business

  • Provide guidance to business on implementing necessary control to mitigate significant IS threats and vulnerabilities

  • Support business to address instances of non-compliance in business processes / procedures, applications and outsourcing

  • Integrates IS in the day-to-day operations and culture of the business

  • Exercises oversight of the IS programs within the business, including programs, policies, and related reporting.

  • Assists in aligning IS plans with business objectives.

Builds and maintains supportive networks with key stakeholders and colleagues

  • Communicates and interacts regularly with employees

  • Leverages the ISO network to pool resources, seek out best practices, and create efficiencies

  • Participates in the IS community on committees and cross-business / functional opportunities

  • Partners with application manager, GIDA or TISO as needed to address specific technical needs or requirements

  • Participate and where needed lead regional IS initiatives

  • Assist business units in preparation of Audit Risk and Reviews, by identifying deficiencies against Information Security Standards, construction of remediation plans and adherence to issue management standards by way of ensuring that Corrective Action Plans and Risk Acceptances are in place, including ad-hoc IS Risk related initiatives and projects

  • Communicate regularly with the Regional and Group Information Security Officer to implement global and regional IS initiatives within the business.

Qualifications

Qualifications:

  • Solid risk management skills and Information Security knowledge

  • Sound IT knowledge

  • Knowledge of key government regulations and local laws

  • Strong MS Office skills for creating metrics, presentations, and performing data analytics

  • Ability to articulate ideas to senior management, business staff as well as technology personnel.

  • Industry certifications: either one of CISA/CISSP/CISM preferred; the successful candidate will be expected to obtain an IS industry certification if not already held

  • Degree: at least a Bachelors’ degree in either Computer Science / Engineering/ Business / Finance; Masters’ degree a plus Desired Work experience

  • At least 5 years in a similar ISO or risk and control role, or significant relevant business experience ; total work experience of at least 8 years

Other Requirements:

  • Excellent consulting and problem-solving / analytical skills

  • Advanced presentation skills and program management

  • Good business communication skills

  • Team-player, proactive, assertive, service-oriented and has good people-skills

  • Proven ability to manage multiple tasks and priorities

  • Ability to manage tight time frames and communicate effectively with peers and management

  • Flexibility to adapt to changing demands and priorities

Education Level: Bachelor's Degree

Primary Location: APAC-Singapore

Job Category: Technology

Schedule: Fulltime

Job Grade: C12