Information Security Tpisa Analyst

The Info Sec Prof Senior Analyst is an intermediate level position responsible for leading efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.**Responsibilities**:- Identify potential information security (IS) risks and make recommendations for enhancement- Collect and analyze security risk evidence and coordinate with internal and external compliance and auditing agencies / officials- Execute meetings and communicate complex security topics and safe IS practices with all levels of the organization- Ensure that controls are utilized daily and that non-compliance remediation is addressed- Provide IS consulting services, including interpreting and/or clarifying information security policy, procedures, standards or concepts- Assist with defining and implementing IS standards to align procedures and practices in compliance with Citi standards- Educate and advise on safe information security practices and current, changing, and/or recommended information security requirements- Validate compliance with IS policies, practices, and procedures, and resolve a variety of IS related issues in coordination with the business- Assume informal/formal mentorship role within teams and assist with the coaching and training of new team members- Has the ability to operate with a limited level of direct supervision.- Can exercise independence of judgement and autonomy.- Acts as SME to senior stakeholders and /or other team members.**Qualifications**:- 5-8 years of relevant experience- Applicable Certifications or willingness to earn within 12 months of joining- Consistently demonstrates clear and concise written and verbal communication- Proven influencing and relationship management skills- Proven analytical skills**Education**:- Bachelor’s degree/University degree or equivalent experienceThis job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.- ** Activities description**- Responsible for Third-Party Information Security Assessments (TPISA) process, covering the Latin American region including Mexico, reporting to the LATAM TPISA Utility.- Contribute to the information security risk management keeping the teams’ activities compliant to Citi’s global institutional policies and regional or local regulations- Serve as specialists for Latin America, providing support to business areas and BISOs in the region in matters pertaining to the Third-Party Information Security Assessments (TPISA) program**Responsibilities**:Accordance with Citi’s established Third Party Information Security Assessment (TPISA) process and framework, the essential duties are as follows:- Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers.- Perform assessments on-site at supplier locations, including availability for travel to other countries in the region, or remotely via conference calls.- Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls.- Analyze the information to identify information security weaknesses or non-compliance with Citi standards.- Produce detailed documentation of assessments and perform threat analyses of gaps identified.- Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.**Qualifications**:- 5 years of experience in a similar IT Audit, Assessor, or Information Security Officer role- Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains including:- Excellent technical or IT audit background of a wide variety of technologies, including server infrastructure and operating systems, network and internet/telecommunications, database architecture and intrusion detection/prevention systems.- Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques;- Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines;- Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately- Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person, mainly in Spanish but English is also desirable- Strong risk analysis and problem solving skills- Must be flexible to ensure assessments are