Cybersecurity Controls Lead for Asia South and Japan, Asia North

Overview

The Info Security Ops Sr Group Mgr is a senior management level position responsible for accomplishing results through the management of a team or department in an effort to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

Responsibilities

• Align business needs and goals with Information Security (IS) program requirements
• Establish and implement IS strategic plans, and oversee all IS activities, coordinating with leaders to achieve IS goals and goals
• Oversee security practices and standards compliance, and address non-compliance in teams, applications, documents, and processes
• Define the IS service engagement model and transform the IS team, by promoting partnerships with clients
• Coordinate with cross-sector leaders to solve security issues, and educate leaders and staff on IS value through cost-benefit analysis
• Determine Information Security Officer (ISO) training needs and requirements and resolve identified training gaps
• Monitor Corrective Action Plans and remediation efforts, and conduct periodic quality assurance reviews to identify areas of improvement
• Manage the budget, resource planning, and delivery of end results through executing the functional strategy
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.

Qualifications

• 15+ years of experience in a related role Advanced Microsoft Office skills preferred
• Demonstrated ability to collaborate with a variety of analytical groups and service delivery organizations In-depth database knowledge preferred
• Advanced analytical and problem solving skills
• Consistently demonstrates clear and concise written and verbal communication
• Proficient in interpreting and applying policies, standards and procedures
• Demonstrated ability to remain unbiased in a diverse working environment

Education

• Bachelor's degree/University degree or equivalent experience
• Master's degree preferred

Role Details

As the Cybersecurity Controls Lead for Asia South and Japan, Asia North & Australia (JANA), you will serve as a key leader responsible for fortifying Citi's cyber security across all countries and organizations within this critical region. This multifaceted role encompasses the core objectives of a Cyber Security Lead (CCL), including strategic cyber governance, acting as the In-Country CISO Representative, ensuring adherence to In-Country Regulatory Controls, managing Regulatory and Audit Engagements, and expertly handling Security Incidents. You will also hold direct accountability for the region's overall Cyber Controls, offering a broad and impactful scope that extends beyond a single specialized area.

People & Culture

• Shape the development and execution of robust control programs, fostering an environment of innovation within diverse teams.
• Manage and influence direct and indirect teams, driving Citi's Cybersecurity mission and fostering an innovative environment.
• Build a robust network across CISO and various business lines to facilitate collaboration and achieve global IS program goals.
• Champion a strong cybersecurity culture and contribute to the development of the next generation of cyber leadership.

Cyber Controls, Risk Management, and Regulatory Engagement

• Become a subject matter expert in the intricate regulatory requirements across Asia South and JANA, translating them into actionable security controls.
• Coordinate and participate in country-specific audits and regulatory inspections covering Cyber & IS Risks, including internal audits and local regulatory interactions.
• Act as a subject matter expert on Citi policies, legal, and regulatory requirements impacting Cybersecurity Governance and Controls in the region.
• Ensure a thorough understanding of the IS Policy across supported regions, identifying and consulting on internal, regulatory, reputational, and compliance gaps.
• Coordinate and implement controls, processes, and actions to meet local cyber and information security regulatory requirements that may exceed global Citi standards.
• Collaborate with in-country teams to document country position papers, outlining tasks, responsibilities, and specific regulatory mandates.
• Manage and govern Corrective Action Plans (CAPs) and remediation efforts stemming from security events, assessments, and audit findings.
• Evaluate the effectiveness of existing controls, identifying areas for improvement, and leading the implementation of necessary changes to enhance efficiency and reduce risk.
• Oversee the execution of the Enterprise Risk Management Framework, ensuring adherence to Risk Management and Compliance Policies.
• Facilitate comprehensive issue management and coordination with key stakeholders to drive timely resolution.
• Proactively assess and manage risk in business decisions, safeguarding Citi's reputation, clients, and assets by ensuring compliance with laws, rules, and regulations, and escalating control issues transparently.

Strategic Leadership & Governance

• Regularly interface with Boards of Directors, Senior Management, and Regulators, providing critical insights into the state of information security.
• Help drive the implementation of Citi's global cybersecurity mission across a dynamic and critical region
• Represent Citi's global CISO teams locally, ensuring successful delivery of cybersecurity services and initiatives throughout the region.
• Develop and lead the implementation of standardized regional cyber reporting frameworks, providing reliable and consistent information to senior management, Boards, and Regulators for informed decision-making.
• Maintain an up-to-date understanding of all Information Security programs and initiatives within the Asia South and JANA regions.

Incident Management & Crisis Response

• Participate actively in cyber incident handling, collaborating with the Citi Cybersecurity Fusion Center as required.
• Manage and govern cyber reporting obligations in partnership with enterprise cybersecurity teams.
• Engage in crisis management calls and participate in cyber and crisis management exercises to ensure preparedness.

Equality and opportunity: Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity, please review accessibility at Citi. View Citi's EEO Policy Statement and the Know Your Rights poster.

Time Type: Full time

---