Business Information Security Officer
职位描述
JOB DESCRIPTION
Integrates Country BISO priorities into day-to-day business.
Communicates with the country BISO and business managers; escalates as appropriate.
Provides general IS consulting services including interpretation and/or clarification.
Supports the business by reviewing Third Party contract language as it relates to IS.
Exercises oversight to the IS program within the business, including programs, policies, and related reporting.
Helps security incident response teams resolve and close the investigation of incidents with proactive suggestions.
Assists in the definition and implementation of IS standards at the business level to ensure that procedures and practices comply with Citi standards.
Participates in the IS community on committees and cross-business / functional opportunities.
Enforces compliance; demonstrates extensive understanding of IS standards and best practices across multiple disciplines.
Reviews status of business IS program and oversees corrective action when necessary.
Develops corrective action language for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets Citi requirements or industry best practices.
Collaborates to create Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools (iCAPs, CIRAS, etc.).
Ensures that approvals and reviews are executed when needed.
Performs IS awareness and training activities, including IS education of new employees. Ensures IS awareness materials are distributed per CISS requirements. Monitors / tracks IS training per CISS requirements.
Assists with Third Party IS Assessment (TPISA) follow-up.
Ensures IS Risk Assessment is performed according to Citi standards by partnering with the businesses throughout the ISRA process and determines the impact of control deficiencies.
Ensures Information Owners periodically review CSI IS-related information and it is accurate.
Engages a TISO, SME or another senior ISO where additional technical knowledge is required.
Educates and advises the business on safe IS practices and current, changing, and/or recommended IS requirements.
Provides periodic IS risk management reports highlighting key issues and corrective action plans.
Coordinates IS activities with business plans.
Articulates the value of IS controls and its bottom line impact.
Seeks opportunities to enhance the efficiency of policies and procedures.
Partners with business coordinators in other disciplines; e.g., MCA, CoB, Records Management, Fraud Management, etc.
Reviews IS action plans with management and monitors implementation of approved plans.
Leverages the ISO network to pool resources, seek out best practices, and create efficiencies.
Monitors vulnerability assessments and ethical hacks, ensuring that issues are addressed for all applications that are not managed by Citi technology groups. For example, vendor-managed / hosted.
Manages risk by analyzing the root cause of issues, impact to business, and required corrective actions by leveraging analytical skills.
Guides the business to ensure that IS risks, controls, and tests are embedded in the IS component of MCA.
REQUIREMENTS
Bachelor's degree in Computer Engineering, Computer Science, or related discipline
Minimum 3 years of working experience in IS and at least 2 IS programs including, but not limited to, Audit Reviews, Risk Assessment, Awareness & Training, Identity Access & Management, Data Protection, Incident Management, Vulnerability Assessment. Knowledge of key government regulations and local laws
Solid business experience, preferably in risk management activities
Well understand the IS risks that are inherent to a business
Strong communication skill both for oral and writing in Chinese and English
Responsible and Reliable
Minimum one held or working toward (CISSP, CISM, CISA)
51金融圈为求职招聘者提供花旗银行集团Business Information Security Officer职位,薪资:300k以上,地点:上海市,更有Business Information Security Officer的职位描述、相似职位等等介绍信息。