Cybersecurity Policy Lead Analyst VP

Heredia
Permanente
Tiempo completo

Hace 20 días

The Cyber Policy Governance & Consequence Management Team is a centralized team responsible for overseeing the cybersecurity policy process that provide management and operational controls to reduce risk and achieve regulatory compliance. The team helps cybersecurity program owners to align policy requirements with industry frameworks and regulatory expectations and manages the cybersecurity policy document workflow through iterative drafts, working group reviews, and governing body approvals. Additionally, consequence management plays a critical role in the risk reduction of potential CIA principles compromise by collaborating with investigative functions, HR, & legal in supporting the enterprise disciplinary framework.
Responsibilities:

Supports the strategy for anchoring our standards in a modern control framework, aligning requirements to Citi’s cybersecurity risk tolerance, and establishing compliance monitoring as well as consequences for noncompliance.
Oversees the cybersecurity policy process and ensures policy owners adheres to the enterprise policies.
Closes gaps in control coverage, defines clear, measurable, and prescriptive requirements, and aligning with Citi’s global technology and risk management policy and standard requirements, as well as Citi’s global policy governance processes.
Establishes and maintains strong connections across the Cybersecurity organization and makes recommendations to senior leadership regarding policy and control enhancements
Assesses information security investigation reports for accuracy, completeness, and fairness of an investigation prior to issuing disciplinary actions.
Identifies gaps and challenges any statements or conclusions that lack clear evidentiary backing for violations against information security policies.
Articulates the rationale and supporting evidence for disciplinary actions to senior management

Qualifications:

6-10 years of relevant experience in the Information Security field
Policy writing expertise, with the ability to present information clearly and concisely to a wide breadth of stakeholders / senior management
Risk management experience, including regulatory assessments, audit interaction, and enterprise control frameworks
Knowledge of industry control frameworks (e.g., CRI Profile, FFIEC CAT, NIST)
Understanding of how investigations are conducted, including evidence collection, interview techniques, chain of custody, and forensic analysis - preferred
Understanding of organizational risks and how investigations contribute to mitigating them.
Ability to meticulously examine documents, data, and statements for subtle discrepancies, omissions, or inconsistencies.
Excellent written and verbal communication skills
Highly organized and capable of overseeing numerous endeavors
Excels at orchestrating complex, multi-faceted projects
Ability to motivate and manage by influence
Self-starter who requires minimal supervision
Results-oriented, high-energy, self-motivated
Technical skills (e.g., system and network security, application security) preferred

Education:

BA/BS degree or equivalent experience
Master’s degree preferred
Relevant certification (e.g., CISA, CISSP, CISM) preferred
English proficiency required

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.Job Family Group: TechnologyJob Family: Information SecurityTime Type: Full timeMost Relevant Skills Please see the requirements listed above.Other Relevant Skills For complementary skills, please see above and/or contact the recruiter.Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review .View Citi’s and the poster.

Citigroup

Postularse