AVP, Information Security Officer, Taiwan
Publication date:
24 November 2024Workload:
100%Contract type:
Permanent position- Place of work:Taipei
Whether you’re at the start of your career or looking to discover your next adventure, your story begins here. At Citi, you’ll have the opportunity to expand your skills and make a difference at one of the world’s most global banks. We’re fully committed to supporting your growth and development from the start with extensive on-the-job training and exposure to senior leaders, as well as more traditional learning. You’ll also have the chance to give back and make a positive impact where we live and work through volunteerism.
Shape your Career with Citi
Being part of our team means that we’ll provide you with the resources to meet your unique needs, empower you to make healthy decision and manage your financial well-being to help plan for your future.
For instance:
-
Citi provides programs and services for your physical and mental well-being including access to telehealth options, health advocates, confidential counseling and more. Coverage varies by country.
-
We believe all parents deserve time to adjust to parenthood and bond with the newest members of their families. That’s why in early 2020 we began rolling out our expanded Paid Parental Leave Policy to include Citi employees around the world.
-
We empower our employees to manage their financial well-being and help them plan for the future.
-
Citi provides access to an array of learning and development resources to help broaden and deepen your skills and knowledge as your career progresses.
-
We have a variety of programs that help employees balance their work and life, including generous paid time off packages.
-
We offer our employees resources and tools to volunteer in the communities in which they live and work. In 2019, Citi employee volunteers contributed more than 1 million volunteer hours around the world.
We’re currently looking for a high caliber professional to join our team as AVP, Information Security Officer , Taiwan - Hybrid (Internal Job Title: Business Risk Manager - C12) based in Taipei, Taiwan.
The Business Risk Manager provides full leadership and supervisory responsibility. Provides operational/service leadership and direction to team(s). Applies in-depth disciplinary knowledge through provision of value-added perspectives or advisory services. May contribute to the development of new techniques, models and plans within area of expertise. Strong communication and diplomacy skills are required. Generally has responsibility for volume, quality, timeliness of end results and shared responsibility for planning and budgets. Work affects an entire area, which eventually affects the overall performance and effectiveness of the sub-function/job family. Full supervisory responsibility, ensuring motivation and development of team through professional leadership to include duties such as performance evaluation, compensation, hiring, disciplinary and terminations as well as direction of daily tasks and responsibilities.
Responsibilities:
The main responsibility of the role will be providing information security related regulatory compliance to Citibank Taiwan and be the backup role to the Taiwan Country Cybersecurity Lead (CCL)
Other responsibilities of the role include the regular activities, such as:
-
Conduct self-assessment for Taiwan ISO
-
Be the coordinator and provisions of audit exam, survey and inquiries related to information security
-
Record management coordinator for Taiwan ISO
-
PDPA coordinator for Taiwan ISO
-
Monthly Taiwan firewall review / facilitation.
-
Country-based cyber tabletop exercises
-
Audit issue follow ups etc.
-
Support the CISO APAC Governance, Control and Policy for performing certain APAC activities.
-
This position may interface with the regulator with the instruction from the CCL and CISO APAC Governance, Control and Policy head.
General ISO responsibilities include:
-
Proactively engage the businesses to identify, document and drive remediation of excessive risks and non-compliant activities
-
Influence and support corporate IT Information Security policies
-
Create and review security metrics to measure security effectiveness
-
Monitor security violations and driving resolutions to security policy
-
Ensure that appropriate stakeholders are held accountable as to the state of their controls and that they understand their responsibilities regarding risk mitigation and remediation
-
Escalate significant risks to the IS Leadership for information or action
-
Facilitate, attend and participate in internal/external meetings and risk committees
-
Provide updates to senior management through established communication channels
-
Ensure compliance to security practices & standards.
-
Engage with adequate global CISO risk and control teams in the review and reengineering of key controls and processes to effectively and efficiently manage IS issues
-
Contribute to, interpret and disseminate IS policy, standards and awareness throughout the business units
-
Ensure timely engagement and delivery on information security, business and/or technology initiatives and projects
-
Protect the firm by following sound risk management protocols and adhering to regulatory requirements
Qualifications:
-
5-10 years of Information Technology and/or Security experience
-
Fluent Mandarina/English proficiency
-
Experience on working with ISO 27001 and related processes and procedures Knowledge of Banking / Finance businesses and complex infrastructure is preferred; or 3 year+ working experience in multinational companies.
-
Bachelor’s Degree, or above, in Technology or Information Security, or related major required
-
IS certifications preferred (CISSP, CISM, CISA, ISO 27001 LA or Equivalent)
-
Team player with good conflict resolution and influencing skills. Strong analytical and problem solving skills.
-
Good understanding of security controls such as encryption, Authentication, Authorization, DLP, Anti-Malware, Identify & Access Management, Secure OS Configuration, mobile technologies, networking protocols and infrastructures design
-
Knowledge of Technology Infrastructure Components and MS office.
-
Employ influencing skills to obtain buy-in and participation from various groups and stakeholders without direct control
-
Build and maintain collaborative relationships with partners, clients and peers
-
Ability to communicate effectively at different levels of the organization, and with various technical and business audiences
-
Excellent problem solving abilities and analytical skills. Ability to see the big picture with high attention to critical details
-
Results oriented, is able to achieve desired outcomes independently and at appropriate priority levels
-
Proven ability to work independently in a high-pressure, multi-tasking environment
This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
------------------------------------------------------
Job Family Group:
Risk Management------------------------------------------------------
Job Family:
Business Risk & Control------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .
View the " EEO is the Law " poster. View the EEO is the Law Supplement .
View the EEO Policy Statement .
View the Pay Transparency Posting