You may also like

AVP-level - Information Security Specialist - Banking

  • Find out more about the job
  • Find out more about the job

Information Security Officer

Hong Kong Baptist University
  • Technical Support

Security Engineer or Assistant Security Engineer

Automated Systems
  • Microsoft Access
  • Network Security
  • +3 skills
  • +4 skills

Senior Information Security Specialist (Assistant Director) - Chinese Speaking Required

Ernst & Young (EY)
  • .NET
  • Audit
  • +14 skills
  • +15 skills

CIB F&BM - Asia Banking Asia Planning & Analysis – Vice President

JPMorgan Chase Bank
  • Balance Sheets
  • Data Analysis
  • +9 skills
  • +10 skills

Asia TTS Business Information Security Officer

Intermediate (3-6 years)


Technical Skills

  • Business Plans
  • Compliance
  • ISO
  • Microsoft Excel
  • Microsoft Powerpoint
  • Microsoft Word
  • Risk Assessment
  • Risk Management
  • SAP Fraud Management
  • Training

Job Description

Asia TTS Business Information Security Officer

Location: APAC-HKG-Hong Kong-Hong Kong

Asia TTS Business Information Security Officer - Vice President


  • Communicates and interacts regularly with employees and business management on IS related programs, policies, and standards Integrates Business and Regional GISO priorities into day-to-day business
  • Communicates with the Business and Regional GISOs and business managers; escalates as appropriate
  • Provides general IS consulting services including interpretation and/or clarification
  • Supports the business by reviewing Third Party contract language as it relates to ISExercises oversight to the IS program within the business, including programs, policies, and related reporting
  • Helps security incident response teams resolve and close the investigation of incidents with proactive suggestions
  • Assists in the definition and implementation of IS standards at the business level to ensure that procedures and practices comply with Citi standards
  • Participates in the IS community on committees and cross-business/functional opportunities
  • Enforces compliance; demonstrates extensive understanding of IS standards and best practices across multiple disciplines
  • Reviews status of business IS program and oversees corrective action when necessary
  • Develops corrective action language for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets Citi requirements or industry best practices
  • Collaborates to create Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools (iCAPs, CIRAS, etc.)
  • Ensures that approvals and reviews are executed when needed
  • Performs IS awareness and training activities, including IS education of new employees.
  • Ensures IS awareness materials are distributed per CISS requirementsMonitors/tracks IS training per CISS requirements
  • Assists with Third Party IS Assessment (TPISA) follow-up
  • Ensures IS Risk Assessment is performed according to Citi standards by partnering with the businesses throughout the ISRA process and determines the impact of control deficiencies
  • Ensures Information Owners periodically review CSI IS-related information and it is accurate
  • Engages a TISO, SME or another senior ISO where additional technical knowledge is required
  • Educates and advises the business on safe IS practices and current, changing, and/or recommended IS requirements
  • Plans and executes the IS strategy Provides periodic IS risk management reports highlighting key issues and corrective action plans
  • Coordinates IS activities with business plans
  • Articulates the value of IS controls and its bottom line impact
  • Seeks opportunities to enhance the efficiency of policies and procedures
  • Partners with business coordinators in other disciplines; e.g., MCA, CoB, Records Management, Fraud Management, etc.
  • Reviews IS action plans with management and monitors implementation of approved plans
  • Leverages the ISO network to pool resources, seek out best practices, and create efficiencies
  • Monitors vulnerability assessments and ethical hacks, ensuring that issues are addressed for all applications that are not managed by Citi technology groups; for example, vendor-managed/hosted
  • Manages risk by analyzing the root cause of issues, impact to business, and required corrective actions by leveraging analytical skills
  • Guides the business to ensure that IS risks, controls, and tests are embedded in the IS component of MCA
  • Enhance IS posture of the business through reports, presentations, awareness and ad-hoc trainings



  • Soft skills (team player, able to communicate fluently in English – written/spoken – across multiple levels – staff all the way to senior management)
  • Strong MS office skills (especially with Word/Excel/PowerPoint) are critical
  • Industry certifications: either one of CISA/CISSP/CISM preferred; the successful candidate will be expected to obtain an IS industry certification if not already held
  • Degree: at least a Bachelors’ degree in either Computer Science/Engineering/Business/Finance; Masters’ degree a plus Desired Work experience
  • At least 3 years in a similar ISO or risk and control role, or significant relevant business experience ; total work experience of at least 8 years

Employment TypeFull-time
Career LevelIntermediate (3-6 years)
Education LevelBachelor
QualificationCertified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Information Systems Security Professional (CISSP)
CitibankFinancial Services, Retail and Commercial Banking

50/F, Champion Tower 3 Garden Road Central, Hong Kong

directions_walk12 mins walk from Admiralty Station