Vacancy expired!
- Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers
- Perform assessments on-site at supplier locations or remotely via conference calls
- Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls. Analyze the information to identify information security weaknesses or non-compliance with Citi standards
- Produce detailed documentation of assessments and perform threat analyses of gaps identified
- Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks
- Industry certification such as CISSP, CISA or CISM required
- 6+ years experience in a similar IT Audit, Assessor, or Information Security Officer role
- Demonstrated in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains. These information security areas include governance & risk management, access control, cryptography, physical security, security architecture and design, business continuity/disaster recovery planning, network security, application & operations security and compliance/incident management
- Strong technical and/or IT audit background in/practical knowledge of a wide variety of technologies Technologies include server infrastructure & operating systems, network & web infrastructures, database architecture and intrusion detection/prevention systems
- Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques
- Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines
- Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately
- Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person
- Strong risk analysis and problem solving skills
- Must be flexible to ensure assessments are performed by the mandated compliance date and be able to manage multiple assessments simultaneously
- Bachelor's Degree (in Technology, Information Security or related major), or equivalent work experience
Vacancy expired!