LOG IN
SIGN UP
Canary Wharfian - Online Investment Banking & Finance Community.
Sign In
or continue with e-mail and password
Forgot password?
Don't have an account?
Create an account
or continue with e-mail and password
By signing up, you agree to our Terms & Conditions and Privacy Policy.

Third-Party Information Security Assessor (TPISA)

ExperiencedNo visa sponsorship
Citi logo

at Citi

Bulge Bracket Investment Banks

Posted 3 days ago

No clicks

**Third-Party Information Security Assessor (TPISA)** Conducts assessments of supplier information security controls to mitigate risks. Lead and coordinate TPISA stakeholder engagement, on-site or remote assessments, and documentation of results. Key responsibilities include initiating assessments, validating control implementation, identifying gaps, and communicating issues. Requires 5+ years in IT Audit/Assessor role, broad information security knowledge, and strong technical, communication, and problem-solving skills. Bachelors' degree required. English proficiency desirable. Industry certifications like CISSP, CISA, or CISM preferred.

Compensation
Not specified

Currency: Not specified

City
Not specified
Country
Not specified

Full Job Description

Third-Party Information Security Assessor (TPISA)

Apply (opens in new window)
Save

Job Req Id:

26968587

Location(s):

Heredia, Provincia de Heredia, Costa Rica

Job Type:

Hybrid

Posted:

Jul. 03, 2026

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, youll have the opportunity to grow your career, give back to your community and make a real impact.

Job Overview

The Info Sec Prof Lead Analyst is an intermediate level position responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

Responsibilities:

  • Develop corrective action language for Information Security (IS) gaps and ensure risk closure meets Citi requirements or industry best practices
  • Facilitate the implementation of approved IS tools and identify/recommend new or improved security solutions or emerging technologies
  • Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions
  • Ensure IS compliance and seek opportunities to enhance the efficiency of IS policies and procedures
  • Identify significant IS threats and vulnerabilities, and define appropriate controls for discovered threats, documenting the business response
  • Disseminate changes to IS regulations and standards to Business and Program owners
  • Provide Information Security advice and counsel as needed
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.


Qualifications:

  • 6-10 years of relevant experience
  • Additional technical certifications are preferred
  • Demonstrated ability to research and apply current information regarding the IS field
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills


Education:

  • Bachelors degree/University degree or equivalent experience
  • Masters degree preferred


This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

  • Activities description

  • Responsible for Third-Party Information Security Assessments (TPISA) process, being part of the Americas TPISA Utility.
  • Contribute to the information security risk management, keeping the teams activities compliant to Citis global institutional policies and regional or local regulations.
  • Serve as specialist, providing support to business areas and ISOs in matters pertaining to the Third-Party Information Security Assessments (TPISA) program.

  • Responsibilities:

Accordance with Citis established Third Party Information Security Assessment (TPISA) process and framework, the essential duties are as follows:

  • Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers.
  • Perform assessments on-site at supplier locations, including availability for travel to other countries in the region, or remotely via conference calls.
  • Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls.
  • Analyze the responses and documentations to identify information security weaknesses or non-compliance with Citi standards.
  • Produce detailed documentation of assessments and perform threat analyses of gaps identified.
  • Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.

Qualifications:

The successful candidate will have the following proven skills and experience:

  • 5 years of experience in a similar IT Audit, Assessor, or Information Security Officer role
  • Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains including:
    • Governance and risk management, access control, encryption, physical security, architecture and safety design, business continuity planning/ disaster recovery, network security, applications and operations security and incident management/compliance, as well as applicable laws and regulations.
  • Excellent technical or IT audit background of a wide variety of technologies, including server infrastructure and operating systems, network and internet/telecommunications, database architecture and intrusion detection/prevention systems.
  • Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques.
  • Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines.
  • Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately.
  • Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person, mainly in Spanish but English is also desirable.
  • Strong risk analysis and problem-solving skills.
  • Must be flexible to ensure assessments are performed by the mandated compliance date and be able to manage multiple assessments simultaneously.
  • Industry certifications such as CISSP, CISA or CISM are preferred, or capability to be certified in 12 months from the hiring date.

Education:

  • Advanced English proficiency level is desirable.
  • Bachelors degree/University degree or equivalent experience.

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi( opens in new window).

View Citis EEO Policy Statement( opens in new window) and the Know Your Rights( opens in new window) poster.

Apply (opens in new window)
Save

Third-Party Information Security Assessor (TPISA)

Compensation

Not specified

City: Not specified

Country: Not specified

Citi logo
Bulge Bracket Investment Banks

3 days ago

No clicks

at Citi

ExperiencedNo visa sponsorship

**Third-Party Information Security Assessor (TPISA)** Conducts assessments of supplier information security controls to mitigate risks. Lead and coordinate TPISA stakeholder engagement, on-site or remote assessments, and documentation of results. Key responsibilities include initiating assessments, validating control implementation, identifying gaps, and communicating issues. Requires 5+ years in IT Audit/Assessor role, broad information security knowledge, and strong technical, communication, and problem-solving skills. Bachelors' degree required. English proficiency desirable. Industry certifications like CISSP, CISA, or CISM preferred.

Full Job Description

Third-Party Information Security Assessor (TPISA)

Apply (opens in new window)
Save

Job Req Id:

26968587

Location(s):

Heredia, Provincia de Heredia, Costa Rica

Job Type:

Hybrid

Posted:

Jul. 03, 2026

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, youll have the opportunity to grow your career, give back to your community and make a real impact.

Job Overview

The Info Sec Prof Lead Analyst is an intermediate level position responsible for driving efforts to prevent, monitor and respond to information/data breaches and cyber-attacks. The overall objective of this role is to ensure the execution of Information Security directives and activities in alignment with Citi's data security policy.

Responsibilities:

  • Develop corrective action language for Information Security (IS) gaps and ensure risk closure meets Citi requirements or industry best practices
  • Facilitate the implementation of approved IS tools and identify/recommend new or improved security solutions or emerging technologies
  • Mitigate risk by analyzing the root cause of issues, impacts to business, and required corrective actions and develop security solutions
  • Ensure IS compliance and seek opportunities to enhance the efficiency of IS policies and procedures
  • Identify significant IS threats and vulnerabilities, and define appropriate controls for discovered threats, documenting the business response
  • Disseminate changes to IS regulations and standards to Business and Program owners
  • Provide Information Security advice and counsel as needed
  • Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.


Qualifications:

  • 6-10 years of relevant experience
  • Additional technical certifications are preferred
  • Demonstrated ability to research and apply current information regarding the IS field
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills


Education:

  • Bachelors degree/University degree or equivalent experience
  • Masters degree preferred


This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

  • Activities description

  • Responsible for Third-Party Information Security Assessments (TPISA) process, being part of the Americas TPISA Utility.
  • Contribute to the information security risk management, keeping the teams activities compliant to Citis global institutional policies and regional or local regulations.
  • Serve as specialist, providing support to business areas and ISOs in matters pertaining to the Third-Party Information Security Assessments (TPISA) program.

  • Responsibilities:

Accordance with Citis established Third Party Information Security Assessment (TPISA) process and framework, the essential duties are as follows:

  • Coordinate with TPISA stakeholders to initiate, scope and plan controls assessments of new and existing suppliers.
  • Perform assessments on-site at supplier locations, including availability for travel to other countries in the region, or remotely via conference calls.
  • Obtain and review supplier responses and supporting documentation to validate supplier appropriate implementation of information security controls.
  • Analyze the responses and documentations to identify information security weaknesses or non-compliance with Citi standards.
  • Produce detailed documentation of assessments and perform threat analyses of gaps identified.
  • Communicate supplier information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.

Qualifications:

The successful candidate will have the following proven skills and experience:

  • 5 years of experience in a similar IT Audit, Assessor, or Information Security Officer role
  • Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains including:
    • Governance and risk management, access control, encryption, physical security, architecture and safety design, business continuity planning/ disaster recovery, network security, applications and operations security and incident management/compliance, as well as applicable laws and regulations.
  • Excellent technical or IT audit background of a wide variety of technologies, including server infrastructure and operating systems, network and internet/telecommunications, database architecture and intrusion detection/prevention systems.
  • Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques.
  • Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines.
  • Self-driven performer with established skills in tracking self and project performance, anticipating and recognizing problems and escalating issues appropriately.
  • Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person, mainly in Spanish but English is also desirable.
  • Strong risk analysis and problem-solving skills.
  • Must be flexible to ensure assessments are performed by the mandated compliance date and be able to manage multiple assessments simultaneously.
  • Industry certifications such as CISSP, CISA or CISM are preferred, or capability to be certified in 12 months from the hiring date.

Education:

  • Advanced English proficiency level is desirable.
  • Bachelors degree/University degree or equivalent experience.

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi( opens in new window).

View Citis EEO Policy Statement( opens in new window) and the Know Your Rights( opens in new window) poster.

Apply (opens in new window)
Save