Third Party Information Security Assessor

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do. We keep the bank safe and provide the technical tools our workers need to be successful. We design our digital architecture and ensure our platforms provide a first-class customer experience. Our operations teams manage risk, resources, and program management. We focus on enterprise resiliency and business continuity. We develop, coordinate, and execute strategic operational plans. Essentially, Enterprise Operations & Technology re-engineers client and partner processes to deliver excellence through secure, reliable, and controlled services.

Trust is part of our DNA at Citi. As such, we take safeguarding our customer data very seriously. The Chief Information Security Office (CISO) is made up of deeply dedicated and talented colleagues who work together to ensure the safety of Citi’s and our clients’ assets and information. We manage information security as an end-to-end program - one with a clear mandate and accountability. Our mission is to continually execute and enhance a global security program that is fully anchored to modern control and security frameworks, fully aligned with the technology of the firm, threat-focused and data-driven, and deeply integrated across all Citi businesses globally.

Being talent-driven, we are focused on attracting, developing, and retaining diverse and inclusive talent with a high technical skill level. As a member of our team we will provide you with career development opportunities at all stages of your career. Our employees model a passion for protecting Citi and our clients and believe in treating others with dignity and respect.

Third Party Information Security Assessor

**Description**:
The Third Party Information Security Assessor performs detailed examinations of Citi’s North America suppliers’ information security practices and controls. IS Assessor responsibility is to confirm supplier adherence to the same high information security standards to which Citi holds itself accountable and to identify & communicate information security risks related to our customer and business sensitive information. In accordance with Citi’s established Third Party Information Security Assessment (TPISA) process and framework, the essential duties are as follows.
- Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers.
- Perform assessments remotely via conference calls or, in very limited cases, on-site at supplier locations.
- Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls. Analyze the information to identify information security weaknesses or non-compliance with Citi standards.
- Produce detailed documentation of assessments and perform threat analyses of gaps identified.
- Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.

**Qualifications**:

- Industry certification such as CISSP, CISA or CISM required.
- 6+ years experience in a similar IT Audit, Assessor, or Information Security Officer role.
- Excellent technical and/or IT audit background in/practical knowledge of a wide variety of technologies. Technologies include server infrastructure & operating systems, network & web infrastructures, database architecture and intrusion detection/prevention systems.
- Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques.
- Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines.
- Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately.
- Exemplary ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person.
- Excellent risk analysis and problem solving skills.
- Must be flexible to ensure assessments are performed by the mandated compliance date and be able to manage multiple assessments simultaneously.

**Critical competencies**:

- Must be able to communicate fluently in English

**Education**
- Bachelor’s University Degree (in Technology, Information Security or related major)

C13
- **Job Family Group**:
Technology
- **Job Family**:
Information Security
- **Time Type**