• Competitive
  • New York, NY, USA
  • Permanent, Full time
  • Citi-US
  • 2019-05-21

Business Information Security Officer (BISO) - NYC (VP)

Business Information Security Officer (BISO) - NYC (VP)

  • Primary Location: United States,New York,New York
  • Education: Bachelor's Degree
  • Job Function: Security
  • Schedule: Full-time
  • Shift: Day Job
  • Employee Status: Regular
  • Travel Time: No
  • Job ID: 19008696


The Corporate Center Information Security program supports the implementation of the Citi's IS program initiatives and ensures there is an appropriate IS coverage for the businesses within its span of control. The Corporate program is seeking to hire a proficient and astute information security professional (ISP) with an excellent communication skill. The incumbent will possess business smarts, acuity and gravitas and must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision.
The individual fulfilling this role will work with Corporate Center GISOs, Senior Business Leaders, and applicable stakeholders to lead the coordination of relevant and consistent reporting that represents the risk posture for the component businesses to facilitate garnering support for IS initiatives within the sector.
The individual will work to ensure IS risks are proactively managed and effectively controlled, mitigated and/or remediated with Senior Business Heads' support and buy-in. The ISP will work to ensure Citi's information is protected by effectively applying the Confidentiality, Integrity and Availability framework as required by Citi IS policy and standards.
The ISP will partner with the business to ensure information risks are identified, assessed, mitigated and controlled through the deployment of a sustainable information security risk management program. The incumbent will also work with the business and ISOs to recommend changes, enhancements or additions to the security controls of business applications that will enhance the Information Security profile of the organization's processes. As needed, the ISP will work with application development organizations to assist in the development of strategies and plans for improving both Architecture and application security. In this role it is necessary to insure the technology is in compliance with Information Security standards and meets the specific business goals.
Primary responsibility for end to end information security work for assigned businesses.
- Prepares periodic IS reports for senior management summarizing the risk posture for the business
- Interprets and translates the information security requirements of the business IS program into technical requirements
- Monitors changes in the risk profile of the highly critical systems
- Provides ad-hoc security advice
- Supports risk assessments whenever technical expertise is required
- Assists the system development and/or the Security Incident Response Teams in the investigation of incidents, and infrastructure units in identifying IS risks and the appropriate controls for development, day-to-day operation, and remediation of non-compliance
- Responds to security events by initiating and coordinating emergency actions to protect the business unit from an imminent loss of information or value
- Provides guidance preparing for audits, resolving audit findings and ensuring closure
- Reports IS non-compliance issues to the Business as applicable with appropriate documentation
- Recommends and facilitates implementation of security solutions according to Citi's Information Security Policy and Standards
- Continuously reviews and becomes familiar with applicable all sections of Citi's IS Standards
- Helps to determine the appropriate levels of controls to safeguard sensitive data and validate those controls are being implemented
About Citi :
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.
Citi's Mission and Value Proposition  explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients' and the public's trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.
Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop to are widely available to all.


- Bachelor's Degree in Information Security/Computer Science/Electrical, Mechanical Engineering/Information Technology or equivalent work experience (Master's Degree a plus).
- 5+ years of hands-on experience in Information Security, with demonstrable accomplishments in the Information Security area.
- Excellent communication skills at all levels, and within the user community as well as with technology staff; specifically, the ability to translate "technical jargon" into common business language is a must, so must have proven experience communicating with, and influencing senior business and technology leaders
- At least one Industry related certification such as Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Certified Ethical Hacker (CEH), or Certified Information Systems Security Professional (CISSP) is highly desired