Apac Chief Information Security Officer

The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients' and our proprietary data. We manage information security as one end-to end program - one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.

The APAC CISO covers all countries and organisations within the Region. The primary responsibility of this role is to oversee the CISO functions in APAC, providing services globally as part of a follow-the-sun support model. The position is also accountable for the Regional Programs and responsible for the execution of the Regional and Country IS Strategy and; reports directly to the ICG CISO (Institutional Clients Group - Chief Information Security Officer) and has a matrix reporting line to the APAC O&T Head.

**Key Responsibilities -**
- Manage regional relationships and successfully represent the global CISO interests
- Manage a large/complex matrixed team, including the people, budget, policy formation, and strategy planning, within a globally matrixed organization.
- Be fully responsible for data-driven and threat focused cyber and information security program in the region
- Lead regional cyber and information security organization, which includes hiring, staff development, performance management, diversity, equity, and inclusion.
- Manage the budget for cyber and information security in the region.
- Build internal and external networks to ensure alignment across programs, industry best practices, and to maintain current knowledge regarding cybersecurity threats and risks. Communicate with peers, regulators, law enforcement etc., when necessary.
- Communicate and drive priorities from CISO Leadership management to matrixed and non-matrixed teams within the organization through influence and strong communication skills.
- Manage deliverables pertaining to regional CISO reporting and audit/regulatory related requests
- Ensure that global CISO initiatives and processes are successfully and consistently implemented regionally with an informed view of risk and available options
- Oversee incident handling efforts in the region working with operations teams regarding incident handling playbooks, security incident response, recovery and investigations, post-mortem and root cause analyses, and collaborate with stakeholders to remediate them.
- Supervise incident response coordination for large-scale cyber incidents and crises, maintaining alignment and momentum with peer teams
- Build and maintain relationships with internal and external customers, and business partners and stakeholders
- Understand the current external threat environment and advise relevant stakeholders on the appropriate courses of action, promoting security as an enabler for business innovation and digitization, including the evaluation and recommendation of technical controls.
- Provide regular reporting on the current status of the information and cyber security program to senior management and business unit leaders.
- Provide regular updates on the state of Information and Cyber Security to the Boards of Directors for each Legal Vehicle based in the Region
- Demonstrate a comprehensive understanding of industry knowledge about how the disciplines of CISO Controls collectively integrate to contribute to achieving business goals
- Develop and support program management staff to support the APAC CISO Programs
- Provide oversight to ensure that processes and projects are completed in a timely manner
- Monitor CAPs and remediation efforts in response to security events, assessment and audit results
- Develop Global CISO talent
- Engage with Clients in partnership with business to maintain and enhance relationships leveraging cybersecurity expertise

Qualifications include:

- 15+ years of experience in Information/Cybersecurity in a highly regulated industry such as Finance, Healthcare, and/or Government within a large multi-national organization with a global scope with high influence requirements. 10+ years people management experience across a global organization, with hands-on experience building diverse teams while promoting an inclusive organization.
- A demonstrated knowledge of information security standards, rules and regulations related to information security and data confidentiality and other various security standards and policies.
- Ability to understand not only emerging industry trends as far as cyber security is concerned, but also the landscape of emerging threats, making appropriate adjustments within the ICG program.
- Ability to effectively manage the tactical cyber security mission while continuing to drive the Citi and the ICG cyber security strategy forwards, always thinking 2-3 years ahead.
- Ability to operate effectively across a highly matrix