Jobs
City logoCity

Head of Enterprise Technology Risk - Hybrid

The Operational Risk Management (ORM) Group at Citi is the firm's reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses. The Technology & Cyber Compliance and Risk Office (TCCRO) provides specialized subject matter experts to challenge Enterprise, Infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscious of the bank. In line with the ORM and ICRM frameworks, we aim to ensure that internal controls are designed to mitigate technology and cyber risks, are managed, mitigated and aligned with our risk appetite and in conformance to regulatory obligations.

Responsibilities

Reporting into the Global Head of TCCRO, the Enterprise Technology & Operations Risk Lead will have oversight responsibility for a significant portfolio of the Enterprise Operations & Technology (EO&T) organization. The coverage area responsibilities for this Managing Director position entail the following:

  • Leading a large second line function that is responsible for executing a holistic, integrated operating model inclusive of performance of technology capability risk assessments, conducting credible challenge activities and ongoing monitoring against industry frameworks (i.e. COBIT, NIST CSF/CRI, etc.) and in compliance with the OCC's Heightened Standards.
  • Oversight of the establishment and implementation of technology standards, procedures, and frameworks for the coverage domains.
  • Perform independent review and credible challenge of the performance of universal key indicators and other metrics in support of the Technology and Cyber Risk Appetite Statements.
  • Represent TCCRO/Second line of defense in various forums including Risk Forums, Safety & Soundness, Risk committees, Regulatory Updates, Internal and External Auditors, etc.
  • Influence, and challenge as the organization implements the Transformation program for Technology Risk.
  • Oversight of the delivery and performance of technology solutions that are distributed globally to ensure appropriate controls are in place prior to deployment with minimal post implementation disruption.
  • Clearly communicate to technology and business managers the impact of control weakness and design control deficiencies on service delivery capabilities

Building upon Citi’s Operational Risk Management Framework, this Managing Director position will have responsibility to perform independent assessment of the technology capabilities in accordance with risk assessment and risk appetite performance to identify the inherent risks in Citi’s infrastructure and security programs and services and reviewing the acceptability of residual risk. The ability to forge strong relationships across a variety of disciplines is vital to the success of this function. Further, staying abreast of key Tech and Cyber trends, actively engaging the industry on latest and emerging operational Risks and authoring white papers will solidify credibility and contribute to best in class second line coverage.

Qualifications:

This candidate will be an acknowledged thought leader in technology and cyber risk management with over 20 years of technology experience in complex IT management, tech/cyber risk, and controls with globally complex, dispersed, and diverse organizations.

The ideal Managing Director will have in-depth, detailed knowledge of technology risks and controls, infrastructure, cloud, and emerging Technology Management, Operations, and Information Security practices in the financial industry especially as it relates to enterprise functions and business sectors. This individual should have the following experience and skills:

  • Knowledge of full system, software, and security development lifecycle.
  • Extensive risk knowledge including ability develop metrics and risk appetite thresholds.
  • Experience with the management and oversight of technology infrastructure components such as Network, servers, databases, and data center design and operations.
  • Knowledge of Information Security and Cyber security controls, technologies, operations, and operational response processes.
  • Knowledge of Cloud security and controls, including secure design patterns and governance
  • Experience with reviewing and evaluating Enterprise technology architecture design and solutions to include reviewing the people, process, and technology components.
  • Knowledge of the risks and underlying controls that support the integration, testing and support to business application and services, to include ATMs, Payment Systems, Mobile Applications, and Banking applications.
  • Knowledge of working with internal business functions such as Finance, HR, Software development, Shared services
  • Working familiarity with data warehousing and big data environments.
  • Working familiarity with automated monitoring tools and incident tracking tools to effectively communicate and manage incidents, defects, and data quality issues.
  • Strong analytical and problem-solving skills
  • Experience presenting to Executive Committees and other senior forums.
  • Strong leadership, communication, and presentation skills

Additionally, having in-depth, working knowledge of banking technologies, fraud, cybercrime detection and countermeasures, encryption, data retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management. Prior experience in previous roles should include companies with global technology infrastructure in global financial services firms.

Technology Skill set requirements will include capability to manage all aspects of these standards:

  • Technology Architecture components common across the Financial Industry
  • Information Systems Audit and Control Association’s (ISACA) COBIT* Standard
  • Information Technology Infrastructure Library (ITIL)
  • ISACA’s Certified in Risk and Information Systems Control (CRISC) Job Practice Domains
  • Masters in a technology related field preferred.
  • Project management experiences is a plus.

Strong Leadership Skills:

  • Provides leadership in risk identification, key risk indicator identification, and risk mitigation strategies in the domain of technology management.
  • Engages business and technology managers to identify key control indicators and maintain effective and efficient continuous control monitoring processes.
  • Strong analytical and problem-solving skills.
  • Strong planning, organization and time management experience that is strategically oriented, an innovative thinker, and a demonstrated and decisive decision maker.
  • Collaboratively manage initiatives that span multiple geographic locations and time zones.
  • Navigates organizational complexity; demonstrates organizational acumen.
  • Builds partnerships across functions and regions; collaborates well with others.
  • Networks regularly and builds relationships across Risk disciplines and with businesses, operations and technology.

Excellent Communication & Presentation Skills:

  • Advanced proficiency in creating written executive materials and mastery in verbal presentation to Executive audiences.
  • Ability to interact with and influence people/groups of widely varying disciplines and backgrounds.
  • Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership.
  • Experienced in using active listening techniques on a consistent basis.
  • Comfortable with public speaking across various forums and be able to effectively and logically communicate when ideas are being challenged in an open forum.
  • Comfortable interacting directly with technology executive leadership, including in a high stress environment.
  • Understands the perspective of regulators and has the ability to shape messages and content to respond to a changing variety of regulatory standards.

Logistics:

  • The role is global, and the incumbent must be proactive and capable of leading solutions to global issues with stakeholders and colleagues in different regions and time zones.
  • The successful candidate will need to be a hands-on, self-starter, and able to manage tasks/timelines for self and others.

-------------------------------------------------

Job Family Group:

Risk Management

-------------------------------------------------

Job Family:

Operational Risk

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Primary Location:

New York New York United States

------------------------------------------------------

Primary Location Salary Range:

$275,000.00 - $500,000.00

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting

Cyber Security Jobs by Category

Full Time jobsAudit jobs

Cyber Security Salaries

Full Time SalaryAudit Salary