Citigroup Inc
Operational Risk, Cyber and Technology Senior Vice President
Citigroup Inc, Jacksonville, Florida, United States, 32290
Overview
The Technology and Cyber Compliance and Operational Risk Office (TCCORO) at Citi is the firms reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational and compliance risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses or regulatory breaches. TCCORO provides the specialist subject matter experts to challenge Enterprise, Infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscience of the bank. In line with the Operational Risk Management (ORM) and Independent Compliance Risk Management (ICRM) frameworks, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated, and aligned with our risk appetite. Responsibilities Manages internal projects on threat issues that support a variety of participants and stakeholders measuring the effectiveness and comprehensiveness of Citis first line defenses. Establishes and oversees the application of compliance and technology and/or cyber policies and procedures, technology and tools, and governance processes to provide credible challenge for minimizing losses from technology and/or cyber risks. Independently assesses technology and/or cyber risks and drives actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices. Leads independent assurance activities to assess areas of concern including substantive and controls testing. Monitors, evaluates, and challenges Key Risks and associated Key Risk Indicators triggers and thresholds. Also leads discussions with Key Indicator owners on breaches and action steps to correct breaches. Identifies potential risks associated with program/project delivery on a technical and detailed level. Leads various second line of defense technology and/or cyber assessments including risk assessments, control assessments, maturity assessments etc. Assesses technology and/or cyber risks associated with new initiatives and programs being proposed for implementation. Challenges the design, adequacy and strength of the control environment associated to technology and cyber and recommends actions to ensure the operational risk profile is in line with the technology and/or cyber risk appetite. Executes ad-hoc activities for the TCCORO organization, including but not limited to: researching and producing materials for presentations of deep dives into selected topics, coordinating deliverables related to audits and examinations, and maintaining associated data for executive reporting. Adequately assesses risk when business decisions are made, demonstrating knowledge for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules, and regulations, adhering to Policy, and applying sound ethical judgment.
Qualifications
10+ years relevant experience Deep knowledge of products within the coverage area, including a technical understanding of current and emerging trends as well as the ability to apply in-depth understanding of the business impacts of technical contributions. Experience in technology and/or cyber risk assessments, metrics, enterprise technology services, risks, and controls within globally complex, dispersed, and diverse organizations. In-depth knowledge of technology and/or cyber risks and controls across various information system architecture and engineering domains including: data protection, identity and access management, vulnerability management, network security, endpoint security, logging and monitoring, incident management, and third-party management Subject matter expert in one or more industry standard risk management frameworks (including ISO27001, COBIT, TOGAF and CRI for example), and an in-depth understanding of technology and/or cyber risk mitigation strategies. Outstanding communication and influencing skills through all levels of the organization and with external partners and vendors. Exceptional relationship management skills; must be able to address and resolve conflict while maintaining relationships. Ability to effectively communicate complex topics to a broad audience. Strong analytical skills, including the ability to filter, prioritize and validate potentially complex material from multiple sources.
Education
Bachelors/University degree, Masters degree preferred Relevant certifications (in CISM, CRISC, CISSP, CISA, or PMP) a plus
Most Relevant Skills: Analytical Thinking, Control Monitoring, Credible Challenge, Governance, Issue Management, Operational Risk, Policy and Procedure, Policy and Regulation, Risk Controls and Monitors, Risk Identification and Assessment. Other Relevant Skills: For complementary skills, please see above and/or contact the recruiter. Anticipated Posting Close Date: Sep 02, 2025 Note: Citi is an equal opportunity employer. Qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi. View Citis EEO Policy Statement and the Know Your Rights poster. #J-18808-Ljbffr
The Technology and Cyber Compliance and Operational Risk Office (TCCORO) at Citi is the firms reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational and compliance risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses or regulatory breaches. TCCORO provides the specialist subject matter experts to challenge Enterprise, Infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscience of the bank. In line with the Operational Risk Management (ORM) and Independent Compliance Risk Management (ICRM) frameworks, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated, and aligned with our risk appetite. Responsibilities Manages internal projects on threat issues that support a variety of participants and stakeholders measuring the effectiveness and comprehensiveness of Citis first line defenses. Establishes and oversees the application of compliance and technology and/or cyber policies and procedures, technology and tools, and governance processes to provide credible challenge for minimizing losses from technology and/or cyber risks. Independently assesses technology and/or cyber risks and drives actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices. Leads independent assurance activities to assess areas of concern including substantive and controls testing. Monitors, evaluates, and challenges Key Risks and associated Key Risk Indicators triggers and thresholds. Also leads discussions with Key Indicator owners on breaches and action steps to correct breaches. Identifies potential risks associated with program/project delivery on a technical and detailed level. Leads various second line of defense technology and/or cyber assessments including risk assessments, control assessments, maturity assessments etc. Assesses technology and/or cyber risks associated with new initiatives and programs being proposed for implementation. Challenges the design, adequacy and strength of the control environment associated to technology and cyber and recommends actions to ensure the operational risk profile is in line with the technology and/or cyber risk appetite. Executes ad-hoc activities for the TCCORO organization, including but not limited to: researching and producing materials for presentations of deep dives into selected topics, coordinating deliverables related to audits and examinations, and maintaining associated data for executive reporting. Adequately assesses risk when business decisions are made, demonstrating knowledge for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules, and regulations, adhering to Policy, and applying sound ethical judgment.
Qualifications
10+ years relevant experience Deep knowledge of products within the coverage area, including a technical understanding of current and emerging trends as well as the ability to apply in-depth understanding of the business impacts of technical contributions. Experience in technology and/or cyber risk assessments, metrics, enterprise technology services, risks, and controls within globally complex, dispersed, and diverse organizations. In-depth knowledge of technology and/or cyber risks and controls across various information system architecture and engineering domains including: data protection, identity and access management, vulnerability management, network security, endpoint security, logging and monitoring, incident management, and third-party management Subject matter expert in one or more industry standard risk management frameworks (including ISO27001, COBIT, TOGAF and CRI for example), and an in-depth understanding of technology and/or cyber risk mitigation strategies. Outstanding communication and influencing skills through all levels of the organization and with external partners and vendors. Exceptional relationship management skills; must be able to address and resolve conflict while maintaining relationships. Ability to effectively communicate complex topics to a broad audience. Strong analytical skills, including the ability to filter, prioritize and validate potentially complex material from multiple sources.
Education
Bachelors/University degree, Masters degree preferred Relevant certifications (in CISM, CRISC, CISSP, CISA, or PMP) a plus
Most Relevant Skills: Analytical Thinking, Control Monitoring, Credible Challenge, Governance, Issue Management, Operational Risk, Policy and Procedure, Policy and Regulation, Risk Controls and Monitors, Risk Identification and Assessment. Other Relevant Skills: For complementary skills, please see above and/or contact the recruiter. Anticipated Posting Close Date: Sep 02, 2025 Note: Citi is an equal opportunity employer. Qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi. View Citis EEO Policy Statement and the Know Your Rights poster. #J-18808-Ljbffr