About Citi

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.

Citi’s Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients’ and the public’s trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.

Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop are widely available to all.

Description:

Overview

The Operational Risk Management (ORM) Group at Citi is the firms reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational risks while promoting the implementation of actions to address root causes, which may lead to unintended operational losses. The ORM TCRO (Tech and Cyber Risk Office) team provides the specialist subject matter experts to challenge the enterprise infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscious of the bank. In line with the ORM framework, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated and aligned with our risk appetite.

Responsibilities:

The Enterprise Tech/Cyber Architecture and Engineering Risk group within TCRO is responsible to influence, challenge, and provide oversight to Enterprise Tech and Cyber Architecture and Engineering/

The Operational Risk – Cyber Risk SVP is part of the Second Line function providing oversight including influencing and challenging the First Line and the businesses on risks with Cyber Risk including Secure SDLC, API Security, IAM, DevSecOps, Data Security, Security Architecture, Perminter Security, Endpoint Security and cyber risk assessments. Oversight areas includes, but is not limited to, governance, identification of risks, developing remediation strategies, and influencing the strategy and execution of the program. This position will be actively working with the ORM Business and Regional teams to provide subject matter expertise and align the oversight and challenge activities with the components of the operational risk management framework.

Primary Objective

The objective of the Operational Risk – Cyber Risk SVP is to reduce operational losses while enabling the objectives of the program at Citi, through challenge, influence, and advisory on initiatives in firm regarding cyber security.

The role will be responsible for building engagement with key stakeholders, anticipating, challenging, and mitigating risks that could affect business objectives.

• 
  Review of cyber programs and solutions for the associated risks and controls to challenge their appropriateness and effectiveness.
• Review, influence, and challenge endpoint and perimeter security standards, principles, execution, and metrics.
• Provide technical advisory and oversight with respect to the development and execution of the First Line endpoint and perimeter security capabilities.
• Review the broader Information Security standards and procedures to provide oversight, influence, and challenge on their effectiveness, alignment to industry standards.
• Influence and challenge existing and evolving/emerging enterprise cyber risks
• Conduct risk reviews to identify cyber risks including but not limited to endpoint and perimeter security; determine effectiveness of enterprise cyber standards, measured view of risks and controls.
• Engagement across broader cyber functions to oversee alignment of roadmaps and plans.
• Provide thought leadership on cyber engineering and architecture, and best practices
• Maintain and apply a broad and current industry perspective on cyber trends/opportunities, leading practices, and our position/capability/performance relative to direct competitors and parallel industries/organizations.

Qualifications:

The candidate will have over 10 years of experience in technology/cyber risk, risk assessments, metrics, enterprise cyber services, risks and controls within globally complex, dispersed and diverse organizations.

More specific experience, knowledge and skills are outlined below:

• Extensive experience in conducting cyber risk reviews
• Strong knowledge/experience in endpoint and perimeter security
• Evaluating endpoint and perimeter capabilities to embed security
• Assessing or implementing endpoint and perimeter security capabilities
• Understanding of industry standards including NIST, CRI, COBIT etc.
• Understanding of endpoint security capabilities e.g. anti-malware, EPP, EDR, XDR
• Experience with endpoint security products e.g. CrowdStrike, Trend Micro, Microsoft Defender, SentinelOne
• Understanding of perimeter security concepts e.g. firewalls, IDS/IPS, proxy, WAF, zero trust
• Experience with perimiter security products e.g. Palo Alto, CheckPoint, Cisco, Symantec/Blue Coat
• Strong experience leading operational risk reviews including identification of potential issues, and coordination with various teams including leadership

Competencies:

• Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership.
• Strong presentation skills: able to use data to tell a clear, compelling story
• Strong analytical and problem-solving skills.
• Comfortable interacting directly with technology executive leadership, including in a high stress environment.
• Builds partnerships across functions and regions; collaborates well with others.

-

Job Family Group:

-

Job Family:

-

Time Type:

-

Primary Location:

-

Primary Location Salary Range:

-

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting

-

Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.