Chief Information Security Officer

The Chief Information Security Officer (CISO) is a senior executive responsible for establishing and maintaining the bank’s information security strategy and ensuring that all information assets and technologies are adequately protected. The CISO plays a critical role in safeguarding the bank's data, ensuring compliance with local regulations, and mitigating risks associated with cybersecurity threats. This position requires a deep understanding of the regulatory environment in Mexico, including compliance with the National Banking and Securities Commission (CNBV) regulations and other relevant financial regulations, as well as Information Security Internacional Standards.

Position is responsible for defining the Security Suite system strategy and evolution while also ensuring stability, resilience and soundness of these platforms which are serving the entire system´s platform of the bank.

**Key Responsibilities**:

- **Strategic Leadership**: Develop, implement, and manage the bank’s information security strategy, policies, and procedures to protect the organization’s digital assets, in line with both international standards and local regulatory requirements.
- **Regulatory Compliance**: Ensure that the bank complies with all applicable information security regulations and standards set forth by Mexican authorities, including Banxico and CNBV guidelines, LFPDPPP, and other relevant legislation. Collaborate with legal and compliance teams to stay updated on regulatory changes and implement necessary adjustments.
- **Risk Management**: Identify, assess, and mitigate risks related to cybersecurity threats. Develop and manage a comprehensive risk management program that includes regular risk assessments, audits, and vulnerability testing. Ensure that the bank is prepared to respond to potential security incidents and breaches.
- **Incident Response**: Establish and maintain a robust incident response capability with a clear response protocol. Lead the response to security breaches or incidents, including the investigation, remediation, and reporting of such events. Coordinate with internal and external stakeholders, including regulatory bodies, as required.
- **Security Awareness**: Promote a culture of security awareness within the bank. Develop and oversee training programs for employees at all levels, ensuring they understand their roles and responsibilities in maintaining the bank’s information security posture.
- **Security Architecture & Innovation**: Evaluate, design, govern and implement advanced security systems, technologies and practices to protect the bank’s assets and infrastructure, including Authentication systems, Data Security, End point security, cloud security, etc. Stay current with the latest developments in cybersecurity and adapt tooling and strategies to address emerging threats.
- **Vendor Management**: Assess and manage the security posture of third-party vendors and partners. Ensure that all third parties comply with the bank’s security standards and regulatory requirements.
- **Team Leadership**: Lead and mentor the information security team. Foster a collaborative and innovative environment, providing guidance and support to ensure the team’s success.

**Security Operations ** enable through outsourced managed services the Cyber intelligence, Security Monitoring, Detection and Response, Digital Forensics and Threat and vulneravility management capabilities**Job Family Group**:
Technology
- **Job Family**:
Technology Management
- **Time Type**:
Full time-
- View Citi’s _EEO Policy Statement_ and the _Know Your Rights_ poster._