Cybersecurity Controls Lead

Roles & Responsibilities

As the Cybersecurity Controls Lead for Asia South and Japan, Asia North & Australia (JANA), you will serve as a key leader responsible for fortifying Citi's cyber security across all countries and organizations within this critical region. This multifaceted role encompasses the core objectives of a Cyber Security Lead (CCL), including strategic cyber governance, acting as the In-Country CISO Representative, ensuring adherence to In-Country Regulatory Controls, managing Regulatory and Audit Engagements, and expertly handling Security Incidents. You will also hold direct accountability for the region's overall Cyber Controls, offering a broad and impactful scope that extends beyond a single specialized area.

People & Culture

• Shape the development and execution of robust control programs, fostering an environment of innovation within diverse teams.
• Manage and influence direct and indirect teams, driving Citi's Cybersecurity mission and fostering an innovative environment.
• Build a robust network across CISO and various business lines to facilitate collaboration and achieve global IS program goals.
• Champion a strong cybersecurity culture and contribute to the development of the next generation of cyber leadership.

Cyber Controls, Risk Management, and Regulatory Engagement

• Become a subject matter expert in the intricate regulatory requirements across Asia South and JANA, translating them into actionable security controls.
• Coordinate and participate in country-specific audits and regulatory inspections covering Cyber & IS Risks, including internal audits and local regulatory interactions.
• Act as a subject matter expert on Citi policies, legal, and regulatory requirements impacting Cybersecurity Governance and Controls in the region.
• Ensure a thorough understanding of the IS Policy across supported regions, identifying and consulting on internal, regulatory, reputational, and compliance gaps.
• Coordinate and implement controls, processes, and actions to meet local cyber and information security regulatory requirements that may exceed global Citi standards.
• Collaborate with in-country teams to document country position papers, outlining tasks, responsibilities, and specific regulatory mandates.
• Manage and govern Corrective Action Plans (CAPs) and remediation efforts stemming from security events, assessments, and audit findings.
• Evaluate the effectiveness of existing controls, identifying areas for improvement, and leading the implementation of necessary changes to enhance efficiency and reduce risk.
• Oversee the execution of the Enterprise Risk Management Framework, ensuring adherence to Risk Management and Compliance Policies.
• Facilitate comprehensive issue management and coordination with key stakeholders to drive timely resolution.
• Proactively assess and manage risk in business decisions, safeguarding Citi's reputation, clients, and assets by ensuring compliance with laws, rules, and regulations, and escalating control issues transparently.

Strategic Leadership & Governance

• Regularly interface with Boards of Directors, Senior Management, and Regulators, providing critical insights into the state of information security.
• Help drive the implementation of Citi's global cybersecurity mission across a dynamic and critical region
• Represent Citi's global CISO teams locally, ensuring successful delivery of cybersecurity services and initiatives throughout the region.
• Develop and lead the implementation of standardized regional cyber reporting frameworks, providing reliable and consistent information to senior management, Boards, and Regulators for informed decision-making.
• Maintain an up-to-date understanding of all Information Security programs and initiatives within the Asia South and JANA regions.

Incident Management & Crisis Response:

• Participate actively in cyber incident handling, collaborating with the Citi Cybersecurity Fusion Center as required.
• Manage and govern cyber reporting obligations in partnership with enterprise cybersecurity teams.
• Engage in crisis management calls and participate in cyber and crisis management exercises to ensure preparedness.

Tell employers what skills you have
Information Security
Leadership
Remediation
Enterprise Risk Management
Cyber Security
Translating
Risk Management
Compliance
Preparedness
Audits
Accountability
Consulting
Crisis Management
Regulatory Requirements
Audit
Incident Management

---