Chief Information Security Officer

The Chief Information Security Officer (CISO) is a senior executive responsible for establishing and maintaining the bank’s information security strategy and ensuring that all information assets and technologies are adequately protected. The CISO plays a critical role in safeguarding the bank's data, ensuring compliance with local regulations, and mitigating risks associated with cybersecurity threats. This position requires a deep understanding of the regulatory environment in Mexico, including compliance with the National Banking and Securities Commission (CNBV) regulations and other relevant financial regulations, as well as Information Security Internacional Standards.

Position is responsible for defining the Security Suite system strategy and evolution while also ensuring stability, resilience and soundness of these platforms which are serving the entire system´s platform of the bank.

**Key Responsibilities:**

- **Strategic Leadership:** Develop, implement, and manage the bank’s information security strategy, policies, and procedures to protect the organization’s digital assets, in line with both international standards and local regulatory requirements.

- **Regulatory Compliance:** Ensure that the bank complies with all applicable information security regulations and standards set forth by Mexican authorities, including Banxico and CNBV guidelines, LFPDPPP, and other relevant legislation. Collaborate with legal and compliance teams to stay updated on regulatory changes and implement necessary adjustments.

- **Risk Management:** Identify, assess, and mitigate risks related to cybersecurity threats. Develop and manage a comprehensive risk management program that includes regular risk assessments, audits, and vulnerability testing. Ensure that the bank is prepared to respond to potential security incidents and breaches.

- **Incident Response:** Establish and maintain a robust incident response capability with a clear response protocol. Lead the response to security breaches or incidents, including the investigation, remediation, and reporting of such events. Coordinate with internal and external stakeholders, including regulatory bodies, as required.

- **Security Awareness:** Promote a culture of security awareness within the bank. Develop and oversee training programs for employees at all levels, ensuring they understand their roles and responsibilities in maintaining the bank’s information security posture.

- **Security Architecture & Innovation:** Evaluate, design, govern and implement advanced security systems, technologies and practices to protect the bank’s assets and infrastructure, including Authentication systems, Data Security, End point security, cloud security, etc . Stay current with the latest developments in cybersecurity and adapt tooling and strategies to address emerging threats.

- **Vendor Management:** Assess and manage the security posture of third-party vendors and partners. Ensure that all third parties comply with the bank’s security standards and regulatory requirements.

- **Team Leadership:** Lead and mentor the information security team. Foster a collaborative and innovative environment, providing guidance and support to ensure the team’s success.

** Security Operations ** enable through outsourced managed services the Cyber intelligence, Security Monitoring, Detection and Response, Digital Forensics and Threat and vulneravility management capabilities

------------------------------------------------------

Job Family Group:

The Chief Information Security Officer (CISO) is a senior executive responsible for establishing and maintaining the bank’s information security strategy and ensuring that all information assets and technologies are adequately protected. The CISO plays a critical role in safeguarding the bank's data, ensuring compliance with local regulations, and mitigating risks associated with cybersecurity threats. This position requires a deep understanding of the regulatory environment in Mexico, including compliance with the National Banking and Securities Commission (CNBV) regulations and other relevant financial regulations, as well as Information Security Internacional Standards.

Position is responsible for defining the Security Suite system strategy and evolution while also ensuring stability, resilience and soundness of these platforms which are serving the entire system´s platform of the bank.

**Key Responsibilities:**

- **Strategic Leadership:** Develop, implement, and manage the bank’s information security strategy, policies, and procedures to protect the organization’s digital assets, in line with both international standards and local regulatory requirements.

- **Regulatory Compliance:** Ensure that the bank complies with all applicable information security regulations and standards set forth by Mexican authorities, including Banxico and CNBV guidelines, LFPDPPP, and other relevant legislation. Collaborate with legal and compliance teams to stay updated on regulatory changes and implement necessary adjustments.

- **Risk Management:** Identify, assess, and mitigate risks related to cybersecurity threats. Develop and manage a comprehensive risk management program that includes regular risk assessments, audits, and vulnerability testing. Ensure that the bank is prepared to respond to potential security incidents and breaches.

- **Incident Response:** Establish and maintain a robust incident response capability with a clear response protocol. Lead the response to security breaches or incidents, including the investigation, remediation, and reporting of such events. Coordinate with internal and external stakeholders, including regulatory bodies, as required.

- **Security Awareness:** Promote a culture of security awareness within the bank. Develop and oversee training programs for employees at all levels, ensuring they understand their roles and responsibilities in maintaining the bank’s information security posture.

- **Security Architecture & Innovation:** Evaluate, design, govern and implement advanced security systems, technologies and practices to protect the bank’s assets and infrastructure, including Authentication systems, Data Security, End point security, cloud security, etc . Stay current with the latest developments in cybersecurity and adapt tooling and strategies to address emerging threats.

- **Vendor Management:** Assess and manage the security posture of third-party vendors and partners. Ensure that all third parties comply with the bank’s security standards and regulatory requirements.

- **Team Leadership:** Lead and mentor the information security team. Foster a collaborative and innovative environment, providing guidance and support to ensure the team’s success.

** Security Operations ** enable through outsourced managed services the Cyber intelligence, Security Monitoring, Detection and Response, Digital Forensics and Threat and vulneravility management capabilities

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting