Citi Regional Group Information Security Officer in Singapore, Singapore

  • Primary Location: Singapore,Singapore,Singapore

  • Education: Bachelor's Degree

  • Job Function: Risk Management

  • Schedule: Full-time

  • Shift: Day Job

  • Employee Status: Regular

  • Travel Time: Yes, 10 % of the Time

  • Job ID: 17083857


Job Purpose:

To act as Subject Matter Expert in all Information Security activities, programs and initiatives for multiple Enterprise Operations & Technology business units (CTI/CATE/ESC/CRS/R&LS/CSS) across the ASPAC region. Manage all aspects of the regional information security team, providing direction and leadership as appropriate in delivering the information security program across the ASPAC region.

Job Background / Context:

Information Security is a primary area of focus for Citi. This key senior role reports directly to the Global Head of EO&T Information Security.

The regional GISO is required to work with senior management across all functions both globally and within the region in creating and delivering the vision and strategy for the IS program: Establish productive and mutually beneficial relationships with stakeholders at all levels to provide IS leadership in developing a long-term IS strategy that aligns with the business strategic goals; taking a big picture view, considering how IS activities impact businesses; working with senior management to integrate IS activities into business plans.

Key Responsibilities:

  • Representing the IS function across the business, explaining the value of IS and sharing expertise; establishing self as an advisor and key contact for IS issues

  • Leveraging business knowledge and IS expertise

  • Demonstrating in-depth knowledge of the business, including products and services, strategic priorities, metrics, operations processes and workflows, customer base, and third-party relationships; applying knowledge of business cycles and requirements to manage work efficiently

  • Demonstrating a detailed knowledge of the Citi IS program and its key components (ISRA, Entitlement, ETM, TPISA, SIRT, etc.), along with IS processes and tools, how they work, and what results they provide; being aware of key government regulations and local laws to ensure that actions comply with these requirements; e.g., Gramm-Leach-Bliley, Sarbanes Oxley, Support business units with their disclosure and recognition of control issues, including the review of all evidence to ensure that issues are managed to consistently high standards

  • Apply knowledge of standards, best practices, position papers and general process areas to coordinate the effective review of the entities operating processes and process control manuals commensurate with published risk methodologies and business strategies

  • Building IS talent: Evaluating the need for ISO talent in the unit and recommending appropriate coverage; providing honest and targeted feedback and helpful suggestions to ISOs, helping them to identify and prioritize development objectives; helping to identify ISO skill gaps and needs and arranging appropriate training

  • Understand and proactively manage risk and compliance in respective area of responsibility

  • Appropriately assess risk/reward relationships when making business decisions

  • Identify risk inherent in particular situations or transactions and its impact on other areas of Citi or on Citi as a whole

  • Ensure that issues are resolved with urgency and escalate them in a timely manner. Adhere to corporate and business specific policies and consider appropriate controls as part of day to day responsibilities (e.g., anti-money laundering)...Contribute to a ‘no surprises’ compliance culture by ensuring transparency and candor in managing control issues

  • Think creatively and encourage others to continuously improve. Challenge the status quo and traditional thinking. Develop innovative solutions that enhance our products, services and processes. Work effectively in the face of ambiguity; adapt to and drive positive change


Knowledge / Experience:

  • Knowledge and understanding of Cyber Security risks and defense in depth infrastructure

  • Technical knowledge across a wide range of platforms

  • Knowledge and understanding of emerging risk areas, e.g. mobile, remote access, wireless technologies, DLP, cloud computing, etc.

  • Experience of working with ITIL, ISO 27001 and/or CoBIT processes and procedures, including document control

  • Audit experience and exposure is essential

  • Strong risk management background in a multi-national financial organization


  • High level of proficiency with all MS Office products

  • Extensive strategic and analytical skills

  • Working knowledge of IS regulatory issues as well as company products and services

  • Advanced technical knowledge of IS systems and processes

  • Demonstrated in depth knowledge of all IS programs

  • Builds and maintains relationships with senior business managers

  • Experience working across lines of business

  • Excellent negotiating skills

  • Understanding of the threat and risk landscape across the industry