Head of Reporting, Analytics & Monitoring for Tech/Cyber Risk- Hybrid
The Operational Risk Management (ORM) Group at Citi is the firm's reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses. The Technology & Cyber Compliance and Risk Office (TCCRO) provides specialized subject matter experts to challenge Enterprise, Infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscious of the bank. In line with the ORM and ICRM frameworks, we aim to ensure that internal controls are designed to mitigate technology and cyber risks, are managed, mitigated and aligned with our risk appetite and in conformance to regulatory obligations.
Responsibilities
Reporting into the Global Head of TCCRO, the Head of Reporting, Analytics, and Monitoring for Tech and Cyber Risk will have direct accountability to build an integrated reporting function for Technology & Cyber risks across Enterprise and Business Sectors. The responsibilities for this Managing Director position entail the following:
- Building a streamlined reporting function inclusive of
- Establish a standardized reporting process, drive development of dashboards, and required reporting needs for senior management
- Develop and define Key Risk Indicators (KRIs), and drive analysis and preparation of reports for management, regulators, auditors, etc. that detail risks inherent to risk and compliance
- Drive current state assessment efforts, establish standardized documentation requirements, and evergreen process flows of critical business services
- Lead and perform analytics that support compliance and risk policies and strategies
- Works closely with key partners to support and advance metric reporting and data visualization projects in development
- Participates in preparing regular and time-sensitive ad-hoc deliverables to regulators and senior management, closely working across teams within the Technology Cyber Compliance and Risk Office (TCCRO)
- Appropriately assess risk when business decisions are made, demonstrating consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency
- Perform independent review and credible challenge of the performance of universal key indicators and other metrics in support of the Technology and Cyber Risk Appetite Statements to support thematic analysis with key directional risk trends.
- Represent TCCRO/Second line of defense in various forums including Risk Forums, Safety & Soundness, Risk committees, Regulatory Updates, Internal and External Auditors, etc.
- Influence and challenge TCCRO to devise appropriate monitoring and testing activities based on risk trends.
- Clearly communicate to technology and business managers the impact of control weakness and design control deficiencies on service delivery capabilities through comprehensive reporting packages.
Building upon Citi’s Operational Risk Management Framework, this Managing Director position will have responsibility to perform independent, aggregated reporting to opine on Tech and Cyber risk appetite performance to identify the inherent risks in Citi’s infrastructure and security programs and services and reviewing the acceptability of residual risk. The ability to forge strong relationships across a variety of disciplines is vital to the success of this function. Further, staying abreast of key Tech and Cyber trends, actively engaging the industry on latest and emerging operational Risks and authoring white papers will solidify credibility and contribute to best in class second line coverage.
Qualifications:
This candidate will be an acknowledged thought leader in technology and cyber risk management with over 20 years of technology experience in complex IT management, tech/cyber risk, and controls with globally complex, dispersed, and diverse organizations.
The ideal Managing Director will have in-depth, detailed knowledge of technology risks and controls, infrastructure, cloud, and emerging Technology Management, Operations, and Information Security practices in the financial industry especially as it relates to enterprise functions and business sectors. This individual should have the following experience and skills:
- Knowledge of full system, software, and security development lifecycle.
- Extensive risk knowledge including ability develop metrics, risk appetite thresholds, trend analysis and reporting.
- Experience with the management and oversight of technology architecture, infrastructure components such as Network, servers, databases, and data center design and operations, Information Security and Cyber security controls, technologies, operations, and operational response processes.
- Knowledge of the risks and underlying controls that support the integration, testing and support to business applications and services, with an emphasis in financial services.
- Working familiarity with data warehousing and big data environments to source pertinent data and build dashboards and visualization tools.
- Working familiarity with automated monitoring tools and incident tracking tools to effectively communicate and manage incidents, defects, and data quality issues.
- Strong analytical and problem-solving skills
- Experience presenting to Executive Committees and other senior forums.
- Strong leadership, communication, and presentation skills
Additionally, having in-depth, working knowledge of banking technologies, fraud, cybercrime detection and countermeasures, encryption, data retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management. Prior experience in previous roles should include companies with global technology infrastructure in global financial services firms.
Technology Skill set requirements will include capability to manage all aspects of these standards:
- Technology Architecture components common across the Financial Industry
- Information Systems Audit and Control Association’s (ISACA) COBIT* Standard
- Information Technology Infrastructure Library (ITIL)
- ISACA’s Certified in Risk and Information Systems Control (CRISC) Job Practice Domains
- Masters in a technology related field preferred.
- Project management experiences is a plus.
Strong Leadership Skills:
- Provides leadership in risk identification, key risk indicator identification, and risk mitigation strategies in the domain of technology management.
- Engages business and technology managers to identify key control indicators and maintain effective and efficient continuous control monitoring processes.
- Strong analytical and problem-solving skills.
- Strong planning, organization and time management experience that is strategically oriented, an innovative thinker, and a demonstrated and decisive decision maker.
- Collaboratively manage initiatives that span multiple geographic locations and time zones.
- Navigates organizational complexity; demonstrates organizational acumen.
- Builds partnerships across functions and regions; collaborates well with others.
- Networks regularly and builds relationships across Risk disciplines and with businesses, operations and technology.
Excellent Communication & Presentation Skills:
- Advanced proficiency in creating written executive materials and mastery in verbal presentation to Executive audiences.
- Ability to interact with and influence people/groups of widely varying disciplines and backgrounds.
- Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership.
- Experienced in using active listening techniques on a consistent basis.
- Comfortable with public speaking across various forums and be able to effectively and logically communicate when ideas are being challenged in an open forum.
- Comfortable interacting directly with technology executive leadership, including in a high stress environment.
- Understands the perspective of regulators and has the ability to shape messages and content to respond to a changing variety of regulatory standards.
Logistics:
- The role is global, and the incumbent must be proactive and capable of leading solutions to global issues with stakeholders and colleagues in different regions and time zones.
- The successful candidate will need to be a hands-on, self-starter, and able to manage tasks/timelines for self and others.
-------------------------------------------------
Job Family Group:
Risk Management-------------------------------------------------
Job Family:
Operational Risk------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Primary Location:
New York New York United States------------------------------------------------------
Primary Location Salary Range:
$275,000.00 - $500,000.00------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the "EEO is the Law" poster. View the EEO is the Law Supplement.
View the EEO Policy Statement.
View the Pay Transparency Posting