Country Information Security Officer

**Country Information Security Officer (Singapore)**

The Singapore Information Security Officer (ISO) is accountable for all IS activities including but not limited to oversight the IS Risk Management to the Franchise and its processes and also support the APAC region when needed. The ISO will support the Country, APAC region and work closely with Business, Operations & Technology teams and the overall ISO community to oversee and monitor adherence with Citi IS Policy and Standards, manage risk and provide Business advise on Information Security.

Reports to Singapore Chief Information Security Officer (CISO).

**Key Responsibilities**

**Focuses on Key ISO activities**:

- Ensure IS Risk assessments (ISRA) is conducted for Projects, Applications, and Third Party Outsourcing arrangements in accordance to Citi Standards by partnering with Technology and the Business and determines the impact of control deficiencies
- Assists in the definition and implementation of IS standards at the business level to ensure that procedures and practices comply with Citi standards.
- Develops corrective action language for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets Citi requirements or industry best practices
- Collaborates to create Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools
- Reviews security incidents with proactive suggestions and recommendations
- Validate third party issues and ensure management’s awareness of the risk involved
- Provide information and cyber security awareness training
- Provides periodic IS risk management reports in business language and to business, highlighting key issues and corrective action plans
- Participates in the country Cyber exercise engagement and perform the role of an Country Information Security SME, along with the Cyber Exercise team and country business Subject Matter Experts (SME)
- Ensures oversight and compliance to the IS program within the business, including policies and standards, and related reporting

**Partner to key stakeholders and colleagues**
- Communicates and interacts regularly with employees and business management on IS related programs, policies, and standards
- Communicates and partners with the Sector ISOs / Senior ISOs, business and technology stakeholders to manage Information Security risks; escalates as appropriate
- Actively support IS related regulatory engagements and provide impact assessment of new / updated regulations for communications with impacted control owners and partner within CISO team to ensure actions are in place to address compliance
- Provides general IS consulting services including interpretation and/or clarification
- Participates in the IS community on committees and cross-business / functional opportunities
- Enforces compliance; demonstrates extensive understanding of IS standards and best practices across multiple disciplines
- Educates and advises the business on safe IS practices and current, changing, and/or recommended IS requirements
- Plans and executes the IS strategy
- Articulates the value of IS controls and its bottom line impact and integrate IS in the day-to-day operations and culture of the business
- Partners with business coordinators in other disciplines; e.g., Business Continuity Management (BCM), Records Management, Fraud Management, etc.
- Leverages the ISO network to pool resources, seek out best practices, and create efficiencies
- Work with the regulator, Association of Banks, Compliance and other Financial Institutions as needed
- Exercises oversight of the IS programs within the business, including programs, policies, and related reporting.

**Qualifications**:

- Solid risk management skills and Information Security knowledge
- Knowledge of key government regulations and local laws
- Excellent consulting and problem solving skills
- Able to convey ideas, advice and resolution options to enable business to senior management and staff
- IT technical knowledge with a business acumen to be able to engage both business and technology teams.
- In depth knowledge of IS programs and ability to influence stakeholders to execute on time
- Able to work with senior business management to implement IS strategy.
- Degree: at least a Bachelors’ degree in either Computer Science/Engineering/Business/Finance; Masters’ degree a plus Desired Work experience
- At least 7 years in a similar ISO or risk and control role, or significant relevant business experience; total work experience of 15 years

**Other Requirements**
- Excellent consulting and problem-solving/analytical skills.
- Advanced presentation skills and program management
- Good business communication skills
- Team-player, proactive, assertive, service-oriented and has good people-skills.
- Proven ability to manage multiple tasks and priorities.
- Ability to manage tight time frames and communicate effectively with peers and management.
- Fl