rohq - ciso - regional is hub - project Information Security risk review officer - c12/avpCitigroup
Workplace: MetroManila, Manila, Taguig
Salary: Agreement
Work form: Full time
Posting Date: 12/11/2025
Deadline: 27/02/2021
Job Description
The Regional IS Hub - Project Information Security Risk Review Officer is accountable to provide advisory, knowledge sharing, best practices and perform review of prevalent or emerging process and technology risks arising from new business initiatives/projects implementation that will run across multiple Citi business franchises in APAC countries. The Project Information Security Risk Review Officer will perform extensive Information Security (IS) assessment to identify any IS, Cyber and/or Technology risk and recommend appropriate remediation measures to mitigate the risks in order to facilitate proper business management decision making before the business initiatives/projects go live.
Reports to Regional IS Hub Lead - Project Information Security Risk Review
Key Responsibilities
Perform IS reviews on complex new projects/ initiatives (business, product, infrastructure, etc), and provide recommendations to manage information security risk, issue and opportunity (RIO) management
Take a holistic cross project/initiative review for any information security risk and identify adverse impact on the People, Process and Technology.
Oversee the project/initiative's Information Security compliance with Citi's policies, standards, regulatory requirements and the changing threat environment, as part of SDLC process.
Perform research on new security trends, tools, and techniques to improve existing project review framework, methodology and processes.
Serve as a trusted internal Information Security Advisor to the project sponsor, business owner, product manager, project manager and project management office.
Key Activities
Establish a practice guide for performing Information security risk reviews for projects / initiatives across APAC countries, by leveraging existing processes and guides.
Extend practice guide to cover new technologies/innovations involving AI/ML, API, Block Chain, Big Data, cloud computing, etc. and how it will impact on the Confidentiality, Integrity and Availability of Citi's data.
Assess Information Security risk including assessment on the IT Infrastructure and Technology to identify any risk and vulnerability; determine the impact on the organisation, quantify the risk and provide recommendations to address the issues.
Interact with Infrastructure, DevOps, and application owners to ensure alignment with Citi's policies, standards, regulatory requirements and the changing threat environment
Support the Regional Lead to develop, publish and present reports of new project/business initiative risk oversight activities to key stakeholders and relevant risk committees.
Qualifications
At least 8 years' of professional information security and/or technology risk management experience.
Possesses at minimum a Bachelors' degree in either Computer Science / Information Security / Engineering/ Business/ Finance.
Relevant Industry certifications e.g. CISA/CISM/CRISC/CGEIT/CISSP/CCSP/CSSLP would be desired. The successful candidate will be expected to obtain an IS industry certification within 1 year of joined date, if not already holding one.
Possesses strong IT technical knowledge with a business acumen to be able to engage both business and technology teams.
Possesses strong knowledge and technical understanding of security technologies and current Security industry trends.
Knowledge in regulatory compliances and frameworks such as ISO, SOX, PCI DSS will be and added advantage.
Other Requirements
Self-motivated and excellent self-leadership skills
Excellent interpersonal skills (communication, motivation, persuasion)
Drive, enthusiasm, initiative and a willingness to develop
Knowledge of risk assessment and control
Methodical and organised
Analytical mind with problem-solving aptitude
Good facilitator/mediator able to resolve conflict
Commercially aware and able to take corporate or 'global' view
Strong communication, analytical skills and cross-functional collaboration skills. Able to present ideas in business-friendly and user-friendly language
Able to prioritize, track and manage a large number of concurrent and divergent tasks and action items
Job Family Group: Technology
Job Family: Information Security
Time Type:
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review .
View the " " poster. View the .
View the .
View the
Citigroup
The Regional IS Hub - Project Information Security Risk Review Officer is accountable to provide advisory, knowledge sharing, best practices and perform review of prevalent or emerging process and technology risks arising from new business initiatives/projects implementation that will run across multiple Citi business franchises in APAC countries. The Project Information Security Risk Review Officer will perform extensive Information Security (IS) assessment to identify any IS, Cyber and/or Technology risk and recommend appropriate remediation measures to mitigate the risks in order to facilitate proper business management decision making before the business initiatives/projects go live.
Reports to Regional IS Hub Lead - Project Information Security Risk Review
Key Responsibilities
Perform IS reviews on complex new projects/ initiatives (business, product, infrastructure, etc), and provide recommendations to manage information security risk, issue and opportunity (RIO) management
Take a holistic cross project/initiative review for any information security risk and identify adverse impact on the People, Process and Technology.
Oversee the project/initiative's Information Security compliance with Citi's policies, standards, regulatory requirements and the changing threat environment, as part of SDLC process.
Perform research on new security trends, tools, and techniques to improve existing project review framework, methodology and processes.
Serve as a trusted internal Information Security Advisor to the project sponsor, business owner, product manager, project manager and project management office.
Key Activities
Establish a practice guide for performing Information security risk reviews for projects / initiatives across APAC countries, by leveraging existing processes and guides.
Extend practice guide to cover new technologies/innovations involving AI/ML, API, Block Chain, Big Data, cloud computing, etc. and how it will impact on the Confidentiality, Integrity and Availability of Citi's data.
Assess Information Security risk including assessment on the IT Infrastructure and Technology to identify any risk and vulnerability; determine the impact on the organisation, quantify the risk and provide recommendations to address the issues.
Interact with Infrastructure, DevOps, and application owners to ensure alignment with Citi's policies, standards, regulatory requirements and the changing threat environment
Support the Regional Lead to develop, publish and present reports of new project/business initiative risk oversight activities to key stakeholders and relevant risk committees.
Qualifications
At least 8 years' of professional information security and/or technology risk management experience.
Possesses at minimum a Bachelors' degree in either Computer Science / Information Security / Engineering/ Business/ Finance.
Relevant Industry certifications e.g. CISA/CISM/CRISC/CGEIT/CISSP/CCSP/CSSLP would be desired. The successful candidate will be expected to obtain an IS industry certification within 1 year of joined date, if not already holding one.
Possesses strong IT technical knowledge with a business acumen to be able to engage both business and technology teams.
Possesses strong knowledge and technical understanding of security technologies and current Security industry trends.
Knowledge in regulatory compliances and frameworks such as ISO, SOX, PCI DSS will be and added advantage.
Other Requirements
Self-motivated and excellent self-leadership skills
Excellent interpersonal skills (communication, motivation, persuasion)
Drive, enthusiasm, initiative and a willingness to develop
Knowledge of risk assessment and control
Methodical and organised
Analytical mind with problem-solving aptitude
Good facilitator/mediator able to resolve conflict
Commercially aware and able to take corporate or 'global' view
Strong communication, analytical skills and cross-functional collaboration skills. Able to present ideas in business-friendly and user-friendly language
Able to prioritize, track and manage a large number of concurrent and divergent tasks and action items
Job Family Group: Technology
Job Family: Information Security
Time Type:
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review .
View the " " poster. View the .
View the .
View the
Citigroup
Other Info
Taguig City, Metro Manila
Permanent
Full-time
Permanent
Full-time
Submit profile
Citigroup
About the company
Citigroup jobs
Taguig, Metro Manila
Position rohq - ciso - regional is hub - project Information Security risk review officer - c12/avp recruited by the company Citigroup at MetroManila, Manila, Taguig, Joboko automatically collects the salary of , finds more jobs on ROHQ - CISO - Regional IS Hub - Project Information Security Risk Review Officer - C12/AVP or Citigroup company in the links above