Vulnerability Analyst

Information Security Analyst (Sales Enablement Focus): Fully Remote | Full-Time
Schedule: Monday - Friday, 11:00 AM - 7:00 PM EST

About the Role: We're looking for an Information Security Analyst with a Sales Enablement focus to drive our customer trust efforts by owning security questionnaires, RFPs, and related documentation. This role connects Information Security with Sales, Legal, and Product teams to ensure timely, accurate, and compelling responses that reflect our security posture.

• Own and complete customer security questionnaires, including SIG, CAIQ, VSA, and custom formats.
• Respond to security-related RFPs and RFIs, ensuring submissions are accurate, timely, and aligned with company policies.
• Collaborate cross-functionally with Sales, Legal, Product, and Engineering to gather and validate responses.
• Maintain and proactively update a repository of security documentation and standard answers.
• Develop scalable processes, templates, and documentation to streamline future submissions.
• Liaise with prospective customers and InfoSec during security assessments and reviews.
• Identify trends in customer inquiries to inform internal roadmaps and improve external communications.

• Experience in Information Security, Risk, Compliance, or a related role preferably in SaaS or B2B tech.
• Hands-on experience completing security questionnaires or contributing to RFP/RFI processes.
• Strong understanding of security controls, compliance frameworks, and risk management.
• Excellent written and verbal communication skills, with the ability to explain complex topics clearly.
• Detail-oriented with strong organizational and project management skills.
• Familiarity with tools like OneTrust, Whistic, or Vanta is a plus.

Information Security Tpisa Analyst: The Info Sec Prof Senior Analyst is an intermediate level position responsible for leading efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

• Identify potential information security (IS) risks and make recommendations for enhancement
• Collect and analyze security risk evidence and coordinate with internal and external compliance and auditing agencies / officials
• Execute meetings and communicate complex security topics and safe IS practices with all levels of the organization
• Ensure that controls are utilized daily and that non-compliance remediation is addressed
• Provide IS consulting services, including interpreting and/or clarifying information security policy, procedures, standards or concepts
• Assist with defining and implementing IS standards to align procedures and practices in compliance with Citi standards
• Educate and advise on safe information security practices and current, changing, and/or recommended information security requirements
• Validate compliance with IS policies, practices, and procedures, and resolve a variety of IS related issues in coordination with the business
• Assume informal/formal mentorship role within teams and assist with the coaching and training of new team members
• Has the ability to operate with a limited level of direct supervision. Can exercise independence of judgement and autonomy. Acts as SME to senior stakeholders and/or other team members.

• 5-8 years of relevant experience
• Applicable Certifications or willingness to earn within 12 months of joining
• Consistently demonstrates clear and concise written and verbal communication
• Proven influencing and relationship management skills
• Proven analytical skills

• Bachelor’s degree/University degree or equivalent experience

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

Activities description

• Responsible for Third-Party Information Security Assessments (TPISA) process, covering the Latin American region including Mexico, reporting to the LATAM TPISA Utility.
• Contribute to the information security risk management keeping the teams’ activities compliant to Citi’s global institutional policies and regional or local regulations
• Serve as specialists for Latin America, providing support to business areas and BISOs in the region in matters pertaining to the Third-Party Information Security Assessments (TPISA) program

• Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers.
• Perform assessments on-site at supplier locations, including travel to other countries in the region, or remotely via conference calls.
• Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls.
• Analyze the information to identify information security weaknesses or non-compliance with Citi standards.
• Produce detailed documentation of assessments and perform threat analyses of gaps identified.
• Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.

• 5 years of experience in a similar IT Audit, Assessor, or Information Security Officer role
• In-depth knowledge of information security concepts, best practices and controls
• Strong technical or IT audit background across server infrastructure, operating systems, networks, and related technologies
• Self-starter with time management, prioritization, and accountability
• Team player with demonstrated influencing skills and ability to motivate others to meet deadlines
• Strong written and verbal communication in English; Spanish is preferred; ability to work in a dynamic environment
• Strong risk analysis and problem solving skills