Information Security Program Analyst | SwiconJobs

Your dream job is just a click away

Information Security Program Analyst

2023.03.09. | Budapest | Tech
Our partner is a global leader in the banking sector which serves more than 200 million domestic, corporate, state and organizational clients worldwide. It was one of the first international shared service centers in Hungary, opening its doors in 2005, presently facilitating services for 95 countries on an international level.

• Governance of Application System Testing standards and policies - review the standards and make enhancements based on application assets

• Identify compliance objectives and map program deliverables to the requirements

• Document scope of assets to be included in the system security testing standard for vulnerability assessments

• Collaborate with business and enterprise architecture team to implement changes required to identify assets for vulnerability assessments scoping

• Document business requirements related to system enhancements and submit for reviews and approvals

• Map out process flows for controls in systems and review for improvements to make controls more effective

• Monitor vulnerability assessment exemption and exception requests and process based on documented system testing standards and policies

• Collect information for generating and communicating responses for internal audit questions and deliverables promptly

• Design and implement a solution for performance measurements on effectiveness of controls and overall vulnerability assessment program

• Analyze trends on assets security health posture and report using visualization tools for program review with management and stakeholders

• Provide timely, accurate, and actionable reporting on application vulnerability activity, trends, service levels, and areas of concern to senior management

• Document and standardize business rules for accurate compliance measurements and tracking metrics based on application security testing standard

• Work with the Metrics reporting team to enhance and refine the metrics and key performance indicators reported to senior management and external regulatory agencies

• Develop User acceptance test plans for testing changes to system enhancements that impact governance and compliance

• Serve as a Program SME and drive open issues to a closure with appropriate resolution

• Update power point presentations monthly and quarterly for application security program reviews

• Train and mentor team members as needed

• Weekly and Monthly Status reporting for the program


3 years of experience in information security or related technology experience 

• Experience working in an information security team defining, revising and implementing corporate information security policies

• Experience analyzing security assessments and creating metrics visualizations for analytics

• Experience reviewing application security testing results from various testing tools

• Project Management experience a plus

• Experience with governance and implementation of security policies, standards, procedures, programs, plans and processes

• Experience coordinating initiatives related to process control design and testing

• Professional Certifications in Information Security domain a plus

• Demonstrate an aptitude to develop and implement application security strategies and plans based on Citi standards

• Familiarity with security standards such as OWASP, NIST, PCI DSS, etc.

• Consistently demonstrates clear and concise written and verbal communication

• Proven analytical, influencing and relationship management skills

• Bachelor’s degree or equivalent experience 

Employer's offer
  • Freedom to succeed in a dynamic environment: creative and innovative ideas are encouraged and recognized
  • A positive and inclusive work environment in which diversity and cross-regional work-streams are key components
  • An environment conducive to developing supervisory/leadership/presentation skills and build a professional network across the organization globally
  • Hybrid (office / home office) presence