Information Security Professional Lead Analyst Job at Citi (City of Taguig)

Security Incident Management Analyst

The Security Incident Management Analyst is an intermediate level position respo...

Location

Singapore , Singapore

Salary:

Not provided

Citi

Expiration Date

Until further notice

Requirements

Relevant professional certifications issued by GIAC, AWS, etc., preferably GCCC, GCIH, CEH, ECSA
General Industry knowledge of reporting obligations pertaining to local and national laws and regulatory bodies such as OCC, SEC, ECB, MAS
Working knowledge of common security models (Defense-in-Depth) and frameworks (MITRE Attack, Cyber Kill Chain, STIX)
Working knowledge of VERIS taxonomy
Working knowledge of OSI model
Working knowledge of security and/or incident response in cloud environments
Working knowledge of software development best practices, including agile methods
Familiar with Atlassian tools
Previous experience working in highly regulated environment
Previous experience in a fusion center and/or exposure to large scale incident response

Job Responsibility

Work as part of a best in class ‘follow the sun’ security incident response team
Lead and manage incident response activities to ensure that requisite triage, containment, and eradication are completed within targeted timeframes
Ensure that the security incident record is complete, accurate and fit for purpose
Collect and analyze evidence including investigative findings and prepare to coordinate with internal and external compliance and audit personnel
Execute incident response meetings and communicate complex security topics
exhibit good judgment and discretion when initiating escalations to all levels of the organization
Ensure that controls are utilized daily and that non-compliance remediation is addressed by appropriate selection
Provide IS consulting services, including interpreting and/or clarifying information security policy, procedures, standards or concepts
Assist with defining and implementing information security standards to align procedures and practices in pursuit of compliance with Citigroup standards
Validate compliance with information security policies, practices, and procedures, and resolve a variety of information security related issues in coordination with the relevant business(es)

Fulltime

Cybersecurity GRC Tool Analyst

Cybersecurity GRC Tool Analyst to analyse the technology requirements of the var...

Location

Canada

Salary:

97600.00 - 181000.00 CAD / Year

Hewlett Packard Enterprise

Expiration Date

Until further notice

Requirements

Bachelor's degree in Information Security, Information Technology, Risk Management or a related field, or equivalent experience
CISSP, ISO 27001 Lead Implementer, or similar certification
GRC platform certifications (e.g., Archer Certified Professional, ServiceNow GRC, Drata Admin, OneTrust Certified)
ITIL Foundation (a plus)
5-7 years of experience in Information Security, IT Governance, or Risk Management
5+ years of experience working with GRC platforms (e.g., Archer, ServiceNow GRC, AuditBoard, Drata, OneTrust, or similar)
Expert at working with Governance Risk & Compliance platforms
Strong understanding of cybersecurity and compliance frameworks (e.g., NIST CSF, ISO 27001)
Experience with basic integrations and workflow configurations
Strong organizational skills and attention to detail

Job Responsibility

Administer and maintain the GRC platform, including configurations, workflows, and reporting dashboards
Support the integration of the GRC tool with key enterprise systems (e.g., asset inventory, ticketing systems, vulnerability management tools)
Collaborate with cybersecurity, policy, risk, compliance, and IT teams to capture business requirements and translate them into functional tool capabilities
Assist in onboarding and managing control frameworks (e.g., ISO 27001, SOC 2, NIST CSF, FedRAMP) within the platform
Monitor data quality, ensure accurate reporting, and maintain platform integrity
Support control owners and stakeholders in using the GRC platform for assessments, evidence collection, and tracking remediation activities
Maintain user roles and permissions, ensuring proper access management
Document processes, workflows, and platform configurations
Provide training and guidance to end users on tool functionality and best practices
Coordinate with tool vendors for issue resolution, upgrades, and enhancements

What we offer

Health & Wellbeing benefits
Personal & Professional Development programs
Unconditional Inclusion environment
Comprehensive benefits suite supporting physical, financial and emotional wellbeing

Fulltime

Senior Detection Engineer

This is a detection engineering role that leverages knowledge of monitoring, ana...

Location

Singapore , Singapore

Salary:

Not provided

Marriott Bonvoy

Expiration Date

Until further notice

Requirements

Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
3+ years of collective experience in Splunk SIEM (Splunk Enterprise Security) threat detection use case development or UEBA (Exabeam) use case development for insider threat use case development
5+ years of experience in security functions such as SOC, CIRT, security engineering, risk management, vulnerability management or technical infrastructure operations, administration, or systems engineering
scripting or programming language, including Python
Current information security certification such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) preferred
offensive and defensive security certifications such as CEH, IGAC Cyber Defense, OSCP or other related certifications preferred
Splunk Certification, including Splunk Enterprise Security Certified Admin preferred
use case development experience on the Exabeam platform preferred
working knowledge of the NIST Cyber Security Framework and ISO/IEC 27001:2022 preferred
working knowledge of the MITRE ATT&CK Framework preferred

Job Responsibility

Lead collaboration sessions within the cyber security tower and other business units to devise security monitoring use cases
engage and collaborate with other security engineers and architects as needed to keep pace with the evolution of corporate infrastructure and applications and share that knowledge with peers as appropriate
document prospective security monitoring use cases with MITRE ATT&ACK mappings using standard templates and methodologies
inform and consult other cyber ops teams of required data onboarding and integrations for use case development
develop analytics, correlation searches, dashboards, reports and alerts within the SIEM and UEBA platforms
solicit feedback for pre-production security monitoring content through peer review process and user acceptance testing for tuning
document developed security monitoring content in a documentation registry using department standard templates and methodologies
manage field mapping and transmission of security monitoring alerts to the security incident response platform for SOC analyst consumption as outlined in process documentation
provide governance support for the content development function entailing content development standards compliance, change management approvals for SIEM or UEBA content, and lifecycle management of developed security monitoring content
service operational requests in queue such as analytics content performance tuning, filtering, search refinement, parsing issues

Fulltime

Information Security Specialist/Analyst III

The Information Security Specialist/Analyst III reports to the Manager, Security...

Location

United States

Salary:

Not provided

MUSC Health

Expiration Date

Until further notice

Requirements

Bachelor's degree in information security, information assurance, computer science, or a related field with 5 years of IT security experience
or 10 years of hands-on experience in information security or related IT experience required, at least 6 of which must be directly related IT security experience
or a Master's degree in information security, information assurance, computer science, or a related field, and 3 years of IT security experience required
Advanced knowledge of information security principles, risk management, and regulatory compliance (HIPAA, FERPA, NIST, etc.)
Strong analytical and problem-solving skills with the ability to make decisions under pressure
Hands-on experience with Crowdstrike EDR, SIEM, IDS/IPS, vulnerability management, and threat intelligence tools
Familiarity with cloud security (Azure, AWS) and identity management solutions
Advanced Understanding on the administration and securing of various operating systems and enterprise applications with advanced security best practices
Excellent written and verbal communication skills, with the ability to translate technical findings into business-relevant language
Mentor junior analysts and contribute to the development of security standards, procedures, and playbooks

Job Responsibility

Serve as a lead escalation point for security incidents, overseeing detection, investigation, containment, and remediation within a CrowdStrike EDR environment across a healthcare infrastructure
Analyze findings from security monitoring systems, including Intrusion Detection/Prevention Systems (ID/PS) and Security Information Event Management (SIEM) consoles, to identify and respond to potential security incidents and data breaches
Perform cyber security incident handling, tracking and reporting
Utilize professional judgment and institutional knowledge to assess risk levels, conduct forensic investigations, isolate malware, identify attack vectors, provide guidance on remediation planning, and prioritize remediation efforts
Respond to relevant service requests received from end users (e.g. for investigation of security events)
Collaborate with internal Security Operations Center (SOC) teams and external Managed Security Service Providers (MSSPs) to contain and remediate security incidents
Configure, manage, and optimize SIEM platforms (Crowdstrike and/or Microsoft Sentinel) to enhance threat detection and response capabilities
Lead and manage large scale security-related projects, including tool implementations, upgrades, and process improvements
Conduct vulnerability assessments to identify security risks and report findings to system owners
Manage workflows to ensure that protected assets are properly assessed in a timely manner

Fulltime

Acquisition Analyst

The candidate will be required to create and maintain a single Program Integrate...

Location

United States , Redstone Arsenal, AL

Salary:

Not provided

QED Analytics Inc

Expiration Date

Until further notice

Requirements

Degree Required
Must have 5-10 years' experience
Experience using MS Project Professional
Capable of leading and executing tasks associated with Integrated Master Schedule (IMS) planning, development, execution, and analysis for complex weapon systems
Proficiency in Milestones Professional and working knowledge of @Risk for MS project is highly desired
Demonstrated experience supporting and interacting on a daily basis with high level DOD Officials (06 and above, GS equivalent), sitting on-site with the DOD Program
Demonstrated MS Office skills, particularly Excel and PowerPoint and relational database tools for data management (and reporting) are required
SECRET or greater Security Clearance

Job Responsibility

Create and maintain a single Program Integrated Master Schedule (IMS) using Microsoft Project and/or Primavera P6
Incorporate updating status information into the Government IMS from the prime contractor IMS and Govt organizations
Provide critical path impact analysis and recommend conflict resolution actions as required to the Government Program Manager
Provide additional program top level reports of the Program IMS using Milestones Professional
Manipulate and update schedules during meetings and respond to questions from customers regarding milestones and changes
Aid with developing technology-based solutions to provide useful data in an easy-to-understand format using Contracts Manpower Dashboards, DAO Portal Management, Helpdesk Management, and Qlik dashboard development
Supports Defense Acquisition, Earned Value and Contracts on all strategic workforce development issues including manpower, retention, staffing, and other functional operations within the Missile Defense Agency
Administration of in-house database PRIDE (Personnel Resource Internet Database Environment) maintaining accuracy of records through weekly updates, managing move logistics/space assignments
Trusted agent duties for MDA incentive awards, provide weekly reports of incentive awards totals and percentage obligated from Acquisition, Contracts, and Earned Value programs

Manager – Security Architecture and Strategy

The Manager, Security Architecture and Strategy, is a key role in continent secu...

Location

Singapore , Singapore

Salary:

Not provided

Marriott Bonvoy

Expiration Date

Until further notice

Requirements

Bachelor’s degree in Computer Science, Information Technology, Information Security, Cybersecurity or related field
3+ years IT/ information security work experience, preferably in a large organization
Experience in reviewing Security Architectures and explaining security risks/gaps as well as mitigation strategies is highly desirable
Professional certifications related to security assessment, such as CISA, CRISC, PCI ISA, ISO/IEC 27001 Lead Auditor, etc.
The coordinator must have strong interpersonal communication skills, as well as organizational skills. Project management experience is also desirable.
Fluent in English, both spoken and written.
Strong working knowledge of IT service management (e.g., ITIL-related disciplines)
Ability to communicate Security Requirements for areas including but not limited to: Cloud Computing, Application Development, IAM, Cryptography, and Infrastructure design and standards to a diverse audience.
Ability to present the process to all levels of audience, be comfortable answering questions around the process, gather and document feedback from these presentations and bring that back to the Security Architect for future enhancements.
Experience in creating presentations in PowerPoint, and comfort in presenting to C level executives.

Job Responsibility

Contributes to, evaluates, and supports the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization’s information assurance, security, and privacy requirements.
Consults with customers to gather and evaluate functional requirements and provides these to the Security Architect team.
Provides sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain
Works with the Security Architect Analysts to monitor ongoing project activities, intake of new projects and monitoring of the Security Engagement Process to meet team objectives for performance.
Develops specific goals and plans to prioritize, organize, and accomplish work.
Champions leaders’ vision for product and service delivery.
Makes and executes the necessary decisions to keep moving forward toward achievement of goals.
Provides direction and assistance to other teams regarding projects.
Determines priorities, schedules, plans and necessary resources to promote completion of any projects on schedule.
Analyzes information and evaluates results to choose the best solution and solve problems.

Fulltime

SecOps Engineer

The SecOps Engineer manages and leads the resolution of high or critical severit...

Location

United States , Milwaukee; Boston; Paramus

Salary:

135000.00 - 150000.00 USD / Year

Veolia

Expiration Date

Until further notice

Requirements

Bachelor’s or Master’s Degree in Computer Science, Engineering, Information Security or extensive professional experience considered in place of a Bachelor’s degree
Min of 5 years of professional experience in SOC operations and/or incident response
Understanding of technologies and solutions utilized in cybersecurity and networks (SIEM, SOAR, Firewalls, IAM, IDS/IPS, End Point Protection, Threat Management/Intelligence)
Expertise in Cloud security such as AWS, GuardDuty, CloudTrail, Lambda, GCP, GCP Cloud Audit, Cloud Security Command Center, Log Explorer, GKE Logs, Kubernetes
Understanding of API security: REST, SOAP, OAuth, API Keys/Tokens, API Gateway
SaaS: SSPM, CASB
Familiarity with security frameworks, standards, and guidelines
Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques
Ability to work with complex problems where analysis of situations or data requires an in-depth evaluation of variable factors
Excellent troubleshooting and problem-solving skills

Job Responsibility

Work closely with and advise on security best practices for Cloud, Infrastructure, Developers and Data Analysts to ensure security is implemented by design
Design and implement technical security controls
Conduct security review/audit of Cloud, SaaS, Network, AI environments to identify and mitigate potential security risks
Develop and implement security automation workflows using scripting languages and/or automation tooling such as Torq, Tines, etc
Provide seniority and oversight for a SOC shift as needed
Conduct complex investigations and providing advice to other Security Analysts
Manage and lead High or Critical severity incident resolution
Develop customized scripts or procedures to automate the repetitive tasks and improve the efficiency of incident response activities
Provide expert advice on remediation and recovery efforts and develop threat remediation strategies
Perform proactive analysis of the attack surface and advising on potential threats and attack vectors

What we offer

Paid time off policies
health, dental, vision, life insurance
savings accounts
tuition reimbursement
paid volunteering
employer sponsored 401(k) plan
Sick leave – 56 hours
Observed Holidays – 11 days
Vacation – Flexible Time Off
Eligible for up to 10% Annual Performance Bonus

Fulltime

Vice President, ISO Lead Analyst, Technology

The Information Security Operations (ISO) Lead Analyst is a senior level profess...

Location

Japan , Chiyoda, Tokyo

Salary:

Not provided

Citi

Expiration Date

Until further notice

Requirements

6-10 years of relevant experience
Proficient in interpreting and applying policies, standards and procedures
Consistently demonstrates clear and concise written and verbal communication both in English and Japanese
Proven influencing and relationship management skills
Proven analytical skills
Bachelor’s degree/University degree or equivalent experience
Professional certifications such as CISSP, CISM, CCSP, CISA, etc. preferred
Business-level English proficiency for communicating with global peers
Communicate proficiently in Japanese with regulatory and law enforcement authorities, local businesses, and vendors

Job Responsibility

Support the implementation of the IS Training Plan, by verifying training participants completed the training and understand IS requirements
Coordinate with cross-functional Operations and Technology (O&T) counterparts and teams to improve O&T risk oversight
Provide recommendations on IS aspects of projects and assess/report Corrective Action Plans to improve IS programs and initiatives
Escalate significant risks to the Regional/Sector IS Leadership for information or required actions
Attend and participate in internal/external IS forums and risk committees when necessary
Improve processes, by removing deficiencies and enhancing current tools that reduce an overall risk profile
Ensure security practices/standards compliance and reduce security risks through enhancing controls and minimizing weaknesses in Citi’s applications portfolio
Ensure audits are passed with a satisfactory audit rating for all IS topics
Ensure non-compliant items are resolved through coordination with Business Manager and business staff
Support the Global Information Security (GIS) policies, standards, and initiatives development and implementation

Fulltime

Information Security Professional Lead Analyst

Citi

Location:
Philippines , City of Taguig

Category:
IT - Software Development

Contract Type:
Not provided

Salary:

Job Description:

Job Responsibility:

Requirements:

Nice to have:

Additional Information:

Job Posted:
April 30, 2025

Looking for more opportunities? Search for other job offers that match your skills and interests.

Similar Jobs for Information Security Professional Lead Analyst

Security Incident Management Analyst

Cybersecurity GRC Tool Analyst

Senior Detection Engineer

Information Security Specialist/Analyst III

Acquisition Analyst

Manager – Security Architecture and Strategy

SecOps Engineer

Vice President, ISO Lead Analyst, Technology

Information Security Professional Lead Analyst

Citi

Location:Philippines , City of Taguig

Category:IT - Software Development

Contract Type:Not provided

Salary:

Job Description:

Job Responsibility:

Requirements:

Nice to have:

Additional Information:

Job Posted:April 30, 2025

Looking for more opportunities? Search for other job offers that match your skills and interests.

Similar Jobs for Information Security Professional Lead Analyst

Security Incident Management Analyst

Cybersecurity GRC Tool Analyst

Senior Detection Engineer

Information Security Specialist/Analyst III

Acquisition Analyst

Manager – Security Architecture and Strategy

SecOps Engineer

Vice President, ISO Lead Analyst, Technology

Location:
Philippines , City of Taguig

Category:
IT - Software Development

Contract Type:
Not provided

Job Posted:
April 30, 2025