Senior Auditor - Cyber & Information Security (CIS)

    Citigroup Inc.
    Tampa, FL 33601
    Full-time, Part-time
    Similar jobs pay $9.02 - $13.27
    Refer friends, get paid!

    Job Description

    Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.

    Citi's Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients' and the public's trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities

    Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop are widely available to all.

    Function background/context:

    Internal Audit (IA) is a global organization of over 1,000 professionals covering Citi's global businesses and service to clients and customers in over 180 countries. Citi's Internal Audit division provides independent assessments of the company's governance, risk management and internal control environment for key stakeholders including the Board of Directors, senior management and Citi's numerous regulators globally. Internal Audit is a change agent within Citi aimed to enhance the control culture of Citigroup worldwide and thereby support senior management decision making around the globe.

    Job Purpose:

    This role contributes to the timely delivery of high quality; value added assurance and audit reports for a portfolio of business activities, which meet the requirements of the Boards of Citigroup and Citibank, their affiliates, and of Citi's respective regulators, globally.

    This role is responsible for documenting and evaluating processes, risks, and controls covering the full spectrum of Cyber & Information Security (CIS), including enterprise governance, systems administration, network defense infrastructure, data protection, authentication services, vulnerability threat management, risk management and cyber incident response and recovery. This encompasses providing objective risk based independent assurance with respect to the design and operating effectiveness of controls associated with IS that support critical business systems and processes across the group.

    Key Responsibilities:
    • Works under the direction Senior Audit Managers and Managers for CIS to deliver high quality audit results on Citi's global Cyber and Information Security (CIS) internal auditing program.
    • Possesses a knowledge and experience in auditing general IT and application controls across a variety of technologies, infrastructure and platforms using IS industry best practices and standards, including the NIST Cybersecurity and Risk Management Frameworks. Applies an understanding of high risk IS/cyber areas including identity and access management, data protection, encryption, firewall security, intrusion detection and prevention systems, incident management, security operations, vulnerability patching, cyber intelligence gathering and insider threat.
    • Uses strong communication skills both oral and written to interact with audit stakeholders. Asks insightful questions and uses strong listening skills to document responses and formulate relevant follow-up questions.
    • Ability to learn and apply IA methodology and quality assurance guidelines to all aspects of the audit work and work with in-house audit applications to document key aspects of audit work flow.
    • Supports the timely delivery of comprehensive regulatory and internal audit issue validation, and where determined appropriate, issue validation on other remediation actions, including issues arising from the external auditors, consultants and other parties.
    • Contributes towards the delivery of high impact reports of IA's contributions to executive management, regulators, and Citigroup and Citibank boards' sub-committees.
    • Works closely and collegially within IA and with line management and control functions to ensure efficient and effective provision of independent audit assurance.
    • Possesses strong work ethic and interpersonal skills, makes sound decisions while communicating rationale to team members, exhibits initiative and intuitive thinking, political astuteness, and sensitivity to cultural diversity.
    • Collaborates across businesses and functions to improve the identification, quantification, measurement, management, reporting and controls in governance, risk management and internal control environments.
    Qualifications and Competencies
    • BA/BS or equivalent. Related certifications (CISSP, CISA, CISM, or similar) are desired.
    • Demonstrated experience in performing information security audits that are complete, insightful, timely, concise, cost effective, and are in accordance with IA standards, laws, and local regulations.
    • Experienced in the use of flowcharting tools (i.e. Visio, Powerpoint)
    • Advance skill or experience in data analytics is desired
    • Experience in auditing CIS controls across a variety of technologies and platforms and understanding of the FFIEC Cyber Assessment Tool (CAT) and the NIST Cybersecurity and Risk Management Frameworks.
    • Experience in contributing to CIS risk assessments that align to organization strategies and business objectives.
    • Articulate and effective communicator, both orally and in writing, with an energetic, charismatic and approachable style, well-developed listening skills. Ability to articulate both verbally and in writing audit work and findings to a broad audience.

    Job Family Group:

    Internal Audit


    Job Family:



    Time Type:

    Full time


    Citi is an equal opportunity and affirmative action employer.

    Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

    Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

    View the "EEO is the Law" poster. View the EEO is the Law Supplement.

    View the EEO Policy Statement.

    View the Pay Transparency Posting

    Posting ID: 593065346Posted: 2021-02-09Job Title: Senior Auditor