rohq - ciso - third party Information Security risk management officer - c12/avpCitigroup
Workplace: MetroManila, Quezon, Manila
Salary: Agreement
Work form: Full time
Posting Date: 15/11/2025
Deadline: 27/03/2021
Job Background:
Third Party Information Security Risk Management Officer is a regional role in Citi APAC. The mission of the team and critical success factors of the role will be meeting the following:
Identify opportunities of improvement in current processes and minimize the overlap and duplication among APAC Country BISOs workforce throughout the TPM and TPISA life cycle. Standardize the issue grouping / withdrawal process while maintain the quality control in the TPISA life cycle. Identify common IS risks and provide concrete recommendations to reduce risks, in line with Citi Standards and APAC Country Regulatory Requirements
Align the TPISA issue management process with Regional IS Hub - IS Risk Governance
Primary Responsibilities:
General Inquiries and Training
Provide SME knowledge and inputs on third party IS related risks, including navigation through Citi's TPM and TPISA processes, security best practices in Third party arrangements, etc.
Provide on-going awareness to APAC Country BISOs, TPM and TPISA Utility, regarding the Role and Responsibilities in Third Party IS Risk Management for IS
Third Party IS Risk & Control Assessment, Governance and Support
Support the Regional IS Hub Lead (Third Party Security Reviews) in identifying criteria and scope of engagement, including defining deliverables to stakeholders
Support the Regional IS Hub Lead (Third Party Security Reviews) in establishing and managing the overall governance and management update of all IS Third Party Security review matters
Support the Regional IS Hub Lead (Third Party Security Reviews) in identifying opportunities of improvement (e.g. common approach in leveraging previous assessments) in current third party IS risk management processes and execute improvement plans, in partnership with stakeholders (TPM and TPISA Utility team)
Perform Third Party IS reviews and provide recommendations to Country BISOs and BAOs to reduce IS risk exposure; coordinate among main country BISO, BAO and TPISA LISA for the control assessment
Issue Management Support
Define a consistent approach for consideration of Risk Downgrade or disposition of Risk Withdrawn for the Third Party IS review process, feeding into the APAC Issue Management process
Develop and implement the Issue Grouping process, including preparing management updates and managing the governance on a regular basis
Issue Communication to in-scope BISOs
Administration:
Participating the establishment of the Process Control Manual (PCM)
Participating the Meetings, such as Global TPISA WG and supporting APAC governance platform
Generate the MIS report
Other responsibilities:
Influence and support Third Party Information Security Assessment process and the Information Security Risk management process.
Monitor the vendor security violations and driving to resolutions.
Escalate significant risks to the Regional IS Leadership for information or action
Provide updates to business groups, partners and senior management through established communication channels
Engage with relevant stakeholders to ensure non-compliant items are addressed in timely fashion
Contribute to, interpret and disseminate relevant IS policies, standards and awareness to APAC Country ISOs.
Knowledge/Experience:
Required:
7 years above of Information Technology and/or Security experience
Preferred:
Knowledge in IS programs including, but not limited to, Third Party IS risk management including, Third Party IS regulatory landscape and requirements in APAC countries, Cloud solutions security principles, Identity Access & Management, Data Protection, Secure SDLC, Incident Management, Vulnerability Assessment, Secure Configurations, Patch Management, etc. Experience working with ISO 27001 and related processes and procedures Ability to provide effective leadership and subject matter expertise in Information Security topics to senior management, technology and business partners
Knowledge of Banking / Finance businesses and complex infrastructure is preferred; or 7 year+ working experience in multinational companies; with minimal 3 year+ experience of third party information security risk management and audit
Skills:
Required:
Team player with good conflict resolution and influencing skills. Strong analytical and problem solving skills.
Preferred:
Good understanding of security controls such as encryption, Authentication, Authorization, DLP, Anti-Malware, Identify & Access Management, Secure OS Configuration, mobile technologies, networking protocols and infrastructures design
Knowledge of Technology Infrastructure Components and MS office.
Certifications:
Required:
Bachelor's Degree, or above, in Technology or Information Security, or related major required
Preferred:
IS certifications preferred (CISSP, CISM, CISA, ISO 27001 LA or Equivalent), or willingness to earn within 12 months of joining
Capability:
Employ influencing skills to obtain buy-in and participation from various groups and stakeholders without direct control Build and maintain collaborative relationships with partners, clients and peers Ability to communicate effectively at different levels of the organization, and with various technical and business audiences Excellent problem solving abilities and analytical skills. Ability to see the big picture with high attention to critical details Results oriented, is able to achieve desired outcomes independently and at appropriate priority levels
Proven ability to work independently in a high-pressure, multi-tasking environment
Job Family Group: Technology
Job Family: Information Security
Time Type: Full time
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review .
View the " " poster. View the .
View the .
View the
Citigroup
Third Party Information Security Risk Management Officer is a regional role in Citi APAC. The mission of the team and critical success factors of the role will be meeting the following:
Identify opportunities of improvement in current processes and minimize the overlap and duplication among APAC Country BISOs workforce throughout the TPM and TPISA life cycle. Standardize the issue grouping / withdrawal process while maintain the quality control in the TPISA life cycle. Identify common IS risks and provide concrete recommendations to reduce risks, in line with Citi Standards and APAC Country Regulatory Requirements
Align the TPISA issue management process with Regional IS Hub - IS Risk Governance
Primary Responsibilities:
General Inquiries and Training
Provide SME knowledge and inputs on third party IS related risks, including navigation through Citi's TPM and TPISA processes, security best practices in Third party arrangements, etc.
Provide on-going awareness to APAC Country BISOs, TPM and TPISA Utility, regarding the Role and Responsibilities in Third Party IS Risk Management for IS
Third Party IS Risk & Control Assessment, Governance and Support
Support the Regional IS Hub Lead (Third Party Security Reviews) in identifying criteria and scope of engagement, including defining deliverables to stakeholders
Support the Regional IS Hub Lead (Third Party Security Reviews) in establishing and managing the overall governance and management update of all IS Third Party Security review matters
Support the Regional IS Hub Lead (Third Party Security Reviews) in identifying opportunities of improvement (e.g. common approach in leveraging previous assessments) in current third party IS risk management processes and execute improvement plans, in partnership with stakeholders (TPM and TPISA Utility team)
Perform Third Party IS reviews and provide recommendations to Country BISOs and BAOs to reduce IS risk exposure; coordinate among main country BISO, BAO and TPISA LISA for the control assessment
Issue Management Support
Define a consistent approach for consideration of Risk Downgrade or disposition of Risk Withdrawn for the Third Party IS review process, feeding into the APAC Issue Management process
Develop and implement the Issue Grouping process, including preparing management updates and managing the governance on a regular basis
Issue Communication to in-scope BISOs
Administration:
Participating the establishment of the Process Control Manual (PCM)
Participating the Meetings, such as Global TPISA WG and supporting APAC governance platform
Generate the MIS report
Other responsibilities:
Influence and support Third Party Information Security Assessment process and the Information Security Risk management process.
Monitor the vendor security violations and driving to resolutions.
Escalate significant risks to the Regional IS Leadership for information or action
Provide updates to business groups, partners and senior management through established communication channels
Engage with relevant stakeholders to ensure non-compliant items are addressed in timely fashion
Contribute to, interpret and disseminate relevant IS policies, standards and awareness to APAC Country ISOs.
Knowledge/Experience:
Required:
7 years above of Information Technology and/or Security experience
Preferred:
Knowledge in IS programs including, but not limited to, Third Party IS risk management including, Third Party IS regulatory landscape and requirements in APAC countries, Cloud solutions security principles, Identity Access & Management, Data Protection, Secure SDLC, Incident Management, Vulnerability Assessment, Secure Configurations, Patch Management, etc. Experience working with ISO 27001 and related processes and procedures Ability to provide effective leadership and subject matter expertise in Information Security topics to senior management, technology and business partners
Knowledge of Banking / Finance businesses and complex infrastructure is preferred; or 7 year+ working experience in multinational companies; with minimal 3 year+ experience of third party information security risk management and audit
Skills:
Required:
Team player with good conflict resolution and influencing skills. Strong analytical and problem solving skills.
Preferred:
Good understanding of security controls such as encryption, Authentication, Authorization, DLP, Anti-Malware, Identify & Access Management, Secure OS Configuration, mobile technologies, networking protocols and infrastructures design
Knowledge of Technology Infrastructure Components and MS office.
Certifications:
Required:
Bachelor's Degree, or above, in Technology or Information Security, or related major required
Preferred:
IS certifications preferred (CISSP, CISM, CISA, ISO 27001 LA or Equivalent), or willingness to earn within 12 months of joining
Capability:
Employ influencing skills to obtain buy-in and participation from various groups and stakeholders without direct control Build and maintain collaborative relationships with partners, clients and peers Ability to communicate effectively at different levels of the organization, and with various technical and business audiences Excellent problem solving abilities and analytical skills. Ability to see the big picture with high attention to critical details Results oriented, is able to achieve desired outcomes independently and at appropriate priority levels
Proven ability to work independently in a high-pressure, multi-tasking environment
Job Family Group: Technology
Job Family: Information Security
Time Type: Full time
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review .
View the " " poster. View the .
View the .
View the
Citigroup
Other Info
Bagumbayan, Sultan Kudarat Quezon City, Metro Manila
Permanent
Full-time
Permanent
Full-time
Submit profile
Citigroup
About the company
Citigroup jobs
Taguig, Metro Manila
Position rohq - ciso - third party Information Security risk management officer - c12/avp recruited by the company Citigroup at MetroManila, Quezon, Quezon, Manila, Joboko automatically collects the salary of , finds more jobs on ROHQ - CISO - Third Party Information Security Risk Management Officer - C12/AVP or Citigroup company in the links above