Regional IS Hub – IS Regulatory Risk and Governance

Regional IS Hub – IS Regulatory Risk and Governance

Regional IS Hub – IS Regulatory Risk and Governance

Regional IS Hub – IS Regulatory Risk and Governance

url to apply-



10-13 Years

 Not Specified

Job Description

Job Description :
Regional IS Hub – IS Regulatory Risk and Governance is a regional role in Citi APAC Information Security Services. This position will play a key role in APAC IS Regulatory Risk and Governance team by partnering with regional and global stakeholders in the franchise and by leveraging industry best practices to keep up with changing cyber and information security regulatory landscape.
Reports to Regional IS Hub Lead - IS Regulatory Risk and Governance
IS Regulatory Risk and Governance team mission:
Through partnering with APAC Country ISOs, identify and complete gap analysis and impact assessment of applicable Information Security (IS) and Cybersecurity regulatory requirements for all countries in scope in APAC Maintain knowledgebase of IS and Cyber regulations and corresponding mapping to Citi’s internal policies, standards and processes Conduct thematic analysis of IS and Cyber regulatory requirements, and where material gaps are identified, to propose regulatory risk reduction measures by partnering with control owners or solution providers, within O&T and ICRM Identify opportunities to enhance existing IS controls and influence IS programs, Citi internal policies/standards/guidelines to meet regulatory needs
Critical success factors for this position:

  • Possess advance understanding of IS and Cybersecurity controls and suggest concrete approach to enhance existing controls and procedures
  • Perform thorough Information Security (IS) assessment to identify IS, Cybersecurity and/or Technology risk and regulatory requirements
  • Derive themes from identified gaps and recommend appropriate remediation measures to mitigate risk associated with gaps
  • Identify improvement opportunities to enhance existing controls and overall IS progra

Primary Responsibilities:
Understanding of IS and Cybersecurity controls

  • Well versed with and possess practical knowledge of information security controls related (and not limited) to data protection, identity and access management, emerging technologies, cloud computing, incident reporting, system security, vulnerability and threat assessment
  • Ability to work independently on gap identification, interpretation and summarization
  • Understand organization’s internal policies/standards/guidelines effortlessly

Interpretation of regulations

  • Ability to interpret local regulations related to Information Security, Cyber Security and Technology Risk Management etc.
  • Ability to link local regulations to internal policies/standards/guidelines to determine regulatory compliance

Risk based IS assessment

  • Implement risk-based approach to determine material impact of identified gap and formulate strategy for gap remediation

Gap Analysis / Thematic Review

  • Summarize and interpret data collected and analyze the gaps between organization’s internal process and local regulatory requirement
  • Upkeep artifacts related to findings/reviews

IS program enhancement

  • Leverage experience and current findings to assess opportunities for improvement
  • Engage with relevant stakeholders to ensure proposed enhancements are communicated, interpreted and incorporated as feasible
  • Provide updates to business groups, partners (Country stakeholders, ICRM) and senior management through established communication channels


  • Knowledge/Experience:
  • 10+ years of Information Technology and/or Security experience

  • Master’s Degree or above in Technology or Information Security or related major required
  • Practitioner knowledge of key IS and Cyber regulations in APAC countries and how organizations achieve compliance
  • Knowledge of IS principles, including but not limited to, Audit Reviews, Risk Assessment, Identity Access & Management, Data Protection, Secure SDLC, Incident Management, Vulnerability Assessment, Secure Configurations, Patch Management, etc.
  • Knowledge of Cybersecurity controls and Cybersecurity best practices in industry
  • Understanding of emerging technologies like IoT, ML, NLP, AI, Cloud Computing etc. and industry view of regulations related to them
  • Capability:
  • Employ influencing skills to obtain buy-in and participation from various groups and stakeholders without direct control
  • Build and maintain collaborative relationships with partners and peers
  • Ability to communicate effectively at different levels of the organization and with various technical and business audiences
  • Excellent problem solving abilities and analytical skills. Ability to see the big picture with high attention to critical details
  • Results oriented, can achieve desired outcomes independently and at appropriate priority levels
  • Proven ability to work independently in a high-pressure, multi-tasking environment


  • IS certifications preferred (CISSP, CISM, CISA, ISO 27001 LA or Equivalent), or willingness to earn within 12 months of joining
  • Experience in risk and compliance, internal audit
  • Knowledge of Citigroup's businesses and complex infrastructure is preferred; or 7 year+ working experience in multinational companies
  • Work experience in the field of Technology, IT, Compliance
  • Global exposure, work experience related to IS


  • Excellent communication and interpersonal skills
  • Right attitude to work in fast paced environment
  • Team player with good influencing skills
  • Strong analytical and problem solving skills
  • Ability to prioritize and multitask is a must
  • Culture sensitive, ability to work well with cross-functional teams across different geographies


  • Good understanding of security controls such as encryption, Authentication, Authorization, DLP, Anti-Malware, Identify & Access Management, Secure OS Configuration, mobile technologies, networking protocols and infrastructures design
  • Knowledge of Technology Infrastructure Components and MS office.

Job Family Group: Technology
Job Family:Information Security
Time Type:Full time
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review .
View the "" poster. View the .