Chief Information Security Officer

The Chief Information Security Officer (CISO) is a senior executive responsible for establishing and maintaining the bank's information security strategy and ensuring that all information assets and technologies are adequately protected. The CISO plays a critical role in safeguarding the bank's data, ensuring compliance with local regulations, and mitigating risks associated with cybersecurity threats. This position requires a deep understanding of the regulatory environment in Mexico, including compliance with the National Banking and Securities Commission (CNBV) regulations and other relevant financial regulations, as well as Information Security International Standards.

Position is responsible for defining the Security Suite system strategy and evolution while also ensuring stability, resilience, and soundness of these platforms that serve the entire bank’s platform.

• Strategic Leadership: Develop, implement, and manage the bank's information security strategy, policies, and procedures to protect the organization's digital assets in line with international standards and local regulatory requirements.
• Regulatory Compliance: Ensure compliance with all applicable information security regulations and standards set forth by Mexican authorities, including Banxico and CNBV guidelines, LFPDPPP, and other relevant legislation. Collaborate with legal and compliance teams to stay updated on regulatory changes.
• Risk Management: Identify, assess, and mitigate risks related to cybersecurity threats. Develop and manage a comprehensive risk management program that includes regular risk assessments, audits, and vulnerability testing.
• Incident Response: Establish and maintain a robust incident response capability with a clear response protocol. Lead the response to security breaches or incidents, including investigation, remediation, and reporting.
• Security Awareness: Promote a culture of security awareness within the bank. Develop and oversee training programs for employees at all levels.
• Security Architecture & Innovation: Evaluate, design, govern, and implement advanced security systems, technologies, and practices to protect the bank's assets and infrastructure, including authentication systems, data security, endpoint security, cloud security, etc. Stay current with the latest developments in cybersecurity.
• Vendor Management: Assess and manage the security posture of third‑party vendors and partners to ensure compliance with the bank's security standards and regulatory requirements.
• Team Leadership: Lead and mentor the information security team, fostering a collaborative and innovative environment.

Enable security operations through outsourced managed services covering cyber intelligence, security monitoring, detection and response, digital forensics, and threat and vulnerability management capabilities.

Technology

Technology Management

Full time

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity, review Accessibility at Citi.

View Citi's EEO Policy Statement and the Know Your Rights poster.