Citi
Operational Risk, Cyber and Technology Senior Vice President
Citi, Jacksonville, Florida, United States, 32290
Overview
Operational Risk, Cyber and Technology Senior Vice President role at Citi within the Technology and Cyber Compliance and Operational Risk Office (TCCORO). TCCORO provides the firm’s second line of defense to identify, measure, monitor, report and manage operational and compliance risks while promoting actions to address root causes. The role supports second-line operational and compliance risk oversight of technology and cyber risks in US Personal Banking technology, leveraging subject matter expertise, data analysis, current events and industry trends to inform risk prioritization and challenge/influence activities. A successful candidate will have expertise in cyber risk in global financial services, a strong track record in technology and/or cyber risk management, excellent analytical and communication skills, and a demonstrated interest in risk management. Responsibilities
Manages internal projects on threat issues that support a variety of participants and stakeholders measuring the effectiveness and comprehensiveness of Citi’s first line defenses. Establishes and oversees the application of compliance and technology and/or cyber policies and procedures, technology and tools, and governance processes to provide credible challenge for minimizing losses from technology and/or cyber risks. Independently assesses technology and/or cyber risks and drives actions to address root causes that persistently lead to operational risk losses by challenging both historical and proposed practices. Leads independent assurance activities to assess areas of concern including substantive and controls testing. Monitors, evaluates, and challenges Key Risks and associated Key Risk Indicators triggers and thresholds; leads discussions with Key Indicator owners on breaches and corrective actions. Identifies potential risks associated with program/project delivery on a technical and detailed level. Leads various second line of defense technology and/or cyber assessments including risk assessments, control assessments and maturity assessments. Assesses technology and/or cyber risks associated with new initiatives and programs proposed for implementation. Challenges the design, adequacy and strength of the control environment related to technology and cyber and recommends actions to align the operational risk profile with risk appetite. Executes ad-hoc activities for the TCCORO organization, including research and materials for deep-dive presentations, coordinating deliverables related to audits and examinations, and maintaining data for executive reporting. Appropriately assesses risk when business decisions are made, ensuring compliance with laws, rules, and regulations, policy adherence, and ethical judgment. Qualifications
10+ years relevant experience Deep knowledge of products within the coverage area and the ability to apply in-depth understanding of business impacts of technical contributions Experience in technology and/or cyber risk assessments, metrics, enterprise technology services risks and controls in globally complex organizations In-depth knowledge of technology and/or cyber risks and controls across information system architecture including data protection, identity and access management, vulnerability management, network security, endpoint security, logging and monitoring, incident management, and third-party management Subject matter expert in one or more risk management frameworks (ISO27001, COBIT, TOGAF, CRI) and risk mitigation strategies Outstanding communication and influencing skills at all organizational levels and with external partners and vendors; strong relationship management and conflict resolution Ability to communicate complex topics to a broad audience Strong analytical skills with the ability to prioritize and validate complex material Education
Bachelor’s degree; Master’s degree preferred Relevant certifications (CISM, CRISC, CISSP, CISA, or PMP) a plus Equal Employment Opportunity
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity, please view Accessibility at Citi and Citi’s EEO Policy Statement.
#J-18808-Ljbffr
Operational Risk, Cyber and Technology Senior Vice President role at Citi within the Technology and Cyber Compliance and Operational Risk Office (TCCORO). TCCORO provides the firm’s second line of defense to identify, measure, monitor, report and manage operational and compliance risks while promoting actions to address root causes. The role supports second-line operational and compliance risk oversight of technology and cyber risks in US Personal Banking technology, leveraging subject matter expertise, data analysis, current events and industry trends to inform risk prioritization and challenge/influence activities. A successful candidate will have expertise in cyber risk in global financial services, a strong track record in technology and/or cyber risk management, excellent analytical and communication skills, and a demonstrated interest in risk management. Responsibilities
Manages internal projects on threat issues that support a variety of participants and stakeholders measuring the effectiveness and comprehensiveness of Citi’s first line defenses. Establishes and oversees the application of compliance and technology and/or cyber policies and procedures, technology and tools, and governance processes to provide credible challenge for minimizing losses from technology and/or cyber risks. Independently assesses technology and/or cyber risks and drives actions to address root causes that persistently lead to operational risk losses by challenging both historical and proposed practices. Leads independent assurance activities to assess areas of concern including substantive and controls testing. Monitors, evaluates, and challenges Key Risks and associated Key Risk Indicators triggers and thresholds; leads discussions with Key Indicator owners on breaches and corrective actions. Identifies potential risks associated with program/project delivery on a technical and detailed level. Leads various second line of defense technology and/or cyber assessments including risk assessments, control assessments and maturity assessments. Assesses technology and/or cyber risks associated with new initiatives and programs proposed for implementation. Challenges the design, adequacy and strength of the control environment related to technology and cyber and recommends actions to align the operational risk profile with risk appetite. Executes ad-hoc activities for the TCCORO organization, including research and materials for deep-dive presentations, coordinating deliverables related to audits and examinations, and maintaining data for executive reporting. Appropriately assesses risk when business decisions are made, ensuring compliance with laws, rules, and regulations, policy adherence, and ethical judgment. Qualifications
10+ years relevant experience Deep knowledge of products within the coverage area and the ability to apply in-depth understanding of business impacts of technical contributions Experience in technology and/or cyber risk assessments, metrics, enterprise technology services risks and controls in globally complex organizations In-depth knowledge of technology and/or cyber risks and controls across information system architecture including data protection, identity and access management, vulnerability management, network security, endpoint security, logging and monitoring, incident management, and third-party management Subject matter expert in one or more risk management frameworks (ISO27001, COBIT, TOGAF, CRI) and risk mitigation strategies Outstanding communication and influencing skills at all organizational levels and with external partners and vendors; strong relationship management and conflict resolution Ability to communicate complex topics to a broad audience Strong analytical skills with the ability to prioritize and validate complex material Education
Bachelor’s degree; Master’s degree preferred Relevant certifications (CISM, CRISC, CISSP, CISA, or PMP) a plus Equal Employment Opportunity
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity, please view Accessibility at Citi and Citi’s EEO Policy Statement.
#J-18808-Ljbffr