This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Complete posting 09006291

From OWASP
Jump to: navigation, search

Requisition number 09006291

IS COB & Controls Intermed Analyst-BISO

Information Security Implementation

• Actively executes the IS program elements and other plans developed by the Business or as Applicable

• Assists the businesses in the completion of the IS Risk Assessments and other related IS-related compliance processes, ensuring that they are understood, that appropriate controls are embedded in the day-to-day operation, and remediation of non-compliance is documented and addressed

• Responds to security events by initiating and coordinating emergency actions to protect the Business unit and its customers from an imminent loss of information or value

• Provides IS security advice to the business managers and staff

• Reports IS issues to the Business as applicable with appropriate documentation

• Coordinates the capture of IS key indicator metrics for reporting to the Business as applicable.

• Implement security solutions according to Security Policy and Practices established by Citigroup.

• Ensure the business complies with the applicable requirements of the Information Security policies.

• Continuously review and modify as applicable information security practices and procedures.

• Determine the appropriate levels of controls to safeguard sensitive data and validate those controls are being implemented.

• Manage the Risk Assessment process to include asset inventory, system criticality, data classification, threat analysis and action plans.

• Provide guidance preparing for audits, resolving audit findings and ensuring closure.

• Work with the Business to develop processes and procedures to ensure information security policies and standards are integrated.

• Perform Vendor Security Questionnaires and/or Vendor Onsite Security Reviews.

• Guide the business in development of action plans while reporting and tracking to closure all information security issues resulting form Self Assessment, Audit, Risk Assessment, Ethical Hacks, Vendor Reviews, etc. • Awareness & Training.

• Facilitates awareness and training programs as specified by the Business and as applicable

• Work with the IS peer teams to develop, coordinate and implement a robust Security Awareness & Training program.

• Promote awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit.

• Manage an aggressive program to promote employees' awareness and understanding of Information Security Policy, Standards & procedures.

• Distribute information security awareness materials and publications appropriately within the business.

• Conduct annual Security Awareness Days.

• Tailor and deploy training materials providing training sessions as necessary.

• Track and report status of all required training sessions and awareness initiatives.

Relationship Management

• Build relationship with the International Business Head and Senior Management teams.

• Frequently interact with, and educate, the Business Head and their Senior Management team on current issues and overall status of the information security program.

• Help drive best practices between organizations and countries.

• Identify key business contacts to ensure adequate coverage for the business' security program.

• Maintain a relationship with internal and external auditors.

• Meet regularly with business and technology managers.

• Attend Business Information Security Officer (BISO) meetings.

• 6 - 9 years experience in Information Security.

• Experience with interpretation and application of IS Policy and Standards

• Past experience with 2 or more IS program element areas, including, Risk Assessment, Training & Awareness, Third Party Assessment, Identity & Entitlement, Secure Workspace, Incident Management, etc.

• Strong risk analysis and problem solving skills

• Knowledge of business, regulatory and compliance requirements

• Project management skills

• Understanding of the IS risks that are inherent to the Business and access to technical security resources as necessary To apply for this position: careers.citigroup.com use requisition number in the search field. Please feel free to contact Pamela Hulecki, Senior Recruiter, North America IT Citi at 605-261-5921 for additional information or questions.

Retrieved from "https://wiki.owasp.org/index.php?title=Complete_posting_09006291&oldid=63642"