You may also like

Business Analyst– Information Technology

Bank Consortium Trust (BCT)
  • .NET
  • Business Analytics
  • +7 skills
  • +8 skills

Senior Business Analyst - Information Technology

Bank Consortium Trust (BCT)
  • .NET
  • Business Analytics
  • +8 skills
  • +9 skills

Information Technology Manager - Business Analyst (Ref: JB8007-BA-CT)

Nanyang Commercial Bank
  • Business Analytics
  • Credit Risk
  • +2 skills
  • +3 skills

Manager, Digital Innovation Development, Digitalization & Information Services Asia Pacific

  • Agile
  • Corporate Strategy
  • +8 skills
  • +9 skills

Senior Analyst/ Analyst, Information Security

Guotai Junan
  • Audit
  • Information Security
  • +3 skills
  • +4 skills

Asia TTS Business Information Security Officer

Intermediate (3-6 years)


Technical Skills

  • Business Plans
  • Compliance
  • ISO
  • Microsoft Excel
  • Microsoft Powerpoint
  • Microsoft Word
  • Risk Assessment
  • Risk Management
  • SAP Fraud Management
  • Training

Job Description

Asia TTS Business Information Security Officer

Location: APAC-HKG-Hong Kong-Hong Kong

Asia TTS Business Information Security Officer - Vice President


  • Communicates and interacts regularly with employees and business management on IS related programs, policies, and standards Integrates Business and Regional GISO priorities into day-to-day business
  • Communicates with the Business and Regional GISOs and business managers; escalates as appropriate
  • Provides general IS consulting services including interpretation and/or clarification
  • Supports the business by reviewing Third Party contract language as it relates to ISExercises oversight to the IS program within the business, including programs, policies, and related reporting
  • Helps security incident response teams resolve and close the investigation of incidents with proactive suggestions
  • Assists in the definition and implementation of IS standards at the business level to ensure that procedures and practices comply with Citi standards
  • Participates in the IS community on committees and cross-business/functional opportunities
  • Enforces compliance; demonstrates extensive understanding of IS standards and best practices across multiple disciplines
  • Reviews status of business IS program and oversees corrective action when necessary
  • Develops corrective action language for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets Citi requirements or industry best practices
  • Collaborates to create Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools (iCAPs, CIRAS, etc.)
  • Ensures that approvals and reviews are executed when needed
  • Performs IS awareness and training activities, including IS education of new employees.
  • Ensures IS awareness materials are distributed per CISS requirementsMonitors/tracks IS training per CISS requirements
  • Assists with Third Party IS Assessment (TPISA) follow-up
  • Ensures IS Risk Assessment is performed according to Citi standards by partnering with the businesses throughout the ISRA process and determines the impact of control deficiencies
  • Ensures Information Owners periodically review CSI IS-related information and it is accurate
  • Engages a TISO, SME or another senior ISO where additional technical knowledge is required
  • Educates and advises the business on safe IS practices and current, changing, and/or recommended IS requirements
  • Plans and executes the IS strategy Provides periodic IS risk management reports highlighting key issues and corrective action plans
  • Coordinates IS activities with business plans
  • Articulates the value of IS controls and its bottom line impact
  • Seeks opportunities to enhance the efficiency of policies and procedures
  • Partners with business coordinators in other disciplines; e.g., MCA, CoB, Records Management, Fraud Management, etc.
  • Reviews IS action plans with management and monitors implementation of approved plans
  • Leverages the ISO network to pool resources, seek out best practices, and create efficiencies
  • Monitors vulnerability assessments and ethical hacks, ensuring that issues are addressed for all applications that are not managed by Citi technology groups; for example, vendor-managed/hosted
  • Manages risk by analyzing the root cause of issues, impact to business, and required corrective actions by leveraging analytical skills
  • Guides the business to ensure that IS risks, controls, and tests are embedded in the IS component of MCA
  • Enhance IS posture of the business through reports, presentations, awareness and ad-hoc trainings



  • Soft skills (team player, able to communicate fluently in English – written/spoken – across multiple levels – staff all the way to senior management)
  • Strong MS office skills (especially with Word/Excel/PowerPoint) are critical
  • Industry certifications: either one of CISA/CISSP/CISM preferred; the successful candidate will be expected to obtain an IS industry certification if not already held
  • Degree: at least a Bachelors’ degree in either Computer Science/Engineering/Business/Finance; Masters’ degree a plus Desired Work experience
  • At least 3 years in a similar ISO or risk and control role, or significant relevant business experience ; total work experience of at least 8 years

Employment TypeFull-time
Career LevelIntermediate (3-6 years)
Education LevelBachelor
QualificationCertified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Information Systems Security Professional (CISSP)
CitibankFinancial Services, Retail and Commercial Banking

50/F, Champion Tower 3 Garden Road Central, Hong Kong

directions_walk12 mins walk from Admiralty Station