Operational Risk Management Cyber Risk Senior Analyst - Assistant Vice President (Hybrid)
Description Overview:
The Operational Risk Management (ORM) Group at Citi is the firms reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational risks while promoting the implementation of actions to address root causes, which may lead to unintended operational losses. The ORM TCRO (Tech and Cyber Risk Office) team provides the specialist subject matter experts to challenge the enterprise infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscious of the bank. In line with the ORM framework, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated, and aligned with our risk appetite.
Responsibilities:
The Enterprise Tech/Cyber Architecture and Engineering Risk group within TCRO is responsible to influence, challenge, and provide oversight to Enterprise Tech and Cyber Architecture and Engineering including infrastructure, risk management and governance, and technology transformation. The Operational Risk Management Cyber Risk Sr. Analyst is a seasoned professional role that requires in-depth technical understanding of how technology and cybersecurity risks are effectively managed in a large financial institution. This role will particularly focus on Cyber capabilities with heavy engagement in identifying, assessing, and analyzing complex cyber topics as well as reporting and communicating on various second line oversights and assessments. A successful candidate should have a strong track record in cyber risk management and/or a strong technical background with excellent analytical skills. A successful candidate should also demonstrate a strong interest in the field and a passion for risk management.
Primary Objective
The objective of the Cyber Risk Sr Analyst is to reduce operational losses while enabling the objectives of the program at Citi, through front ending the initiatives in firm regarding infrastructure, storage, identify operational risks and recommend mitigations.
The role will be responsible for building engagement with key stakeholders, anticipating, challenging, and mitigating risks that could affect business objectives.
- Establishes and oversees the application of operational risk policies, technology and tools, and governance processes to create lasting solutions for minimizing losses from failed internal processes, inadequate controls, and emerging risks.
- Independently assess risks and drive actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices.
- Participates in various second line of defense cyber assessments including risk assessments, control assessments, maturity assessments etc.
- Contributes to risk assessments and provide analytical support and drive data-driven results.
- Evaluates Citi’s cyber control environment by ensuring appropriate controls is in place.
- Coordinates audits, examinations, and deliverable requirements from internal and external reviewers by supporting coordinating activities.
- Ensures project completion, special assignments, and other ad hoc activities as required.
- Performs data analysis to monitor for potential excessive cyber risk exposure
- Governance and oversight may include (not limited to) technology operational risk
- Looks for ways to improve the current process and share best practices with senior leadership
- Participates in senior leadership meetings to analyze documentation and processes to ensure risks and control points are properly addressed.
- Assists senior level management in gathering data and information for executive level reporting and to take ownership of specified projects and tasks.
- Builds trusted internal and external customer relationships.
- Has the ability to operate with a limited level of direct supervision.
- Acts as SME to senior stakeholders and /or other team members.
- Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.
Qualifications:
The candidate will have 3-6+ years of experience in technology/cyber risk, risk assessments, metrics, enterprise technology services, risks, and controls within globally complex, dispersed and diverse organizations. Experience in security architecture and engineering within infrastructure defense, perimeter/network security architecture, or enterprise cloud security architecture preferred.
Competencies:
- Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership.
- Excellent understanding in cyber risks and controls across various I.S architecture and engineering domains including, data protection, identity and access management, vulnerability management, network security, endpoint security, logging and monitoring, incident management, and third-party management; preferred expertise in infrastructure defense, perimeter/network security architecture, or enterprise cloud security architecture.
- Proficient in industry frameworks including but not limited to, NIST CSF, ISO standards, CRI, FFIEC handbooks, COBIT, TOGAF etc.
- Proficient in risk management frameworks and in-depth understanding of technology/cybersecurity risk mitigation strategies.
- Should have Excellent proficiency in Microsoft Office – particularly Excel (metrics and data analysis), PowerPoint (presentation decks), and Word (writing and editing procedural and technical documentation).
- Strong presentation skills: able to use data to tell a clear, compelling story
- Strong analytical and problem-solving skills.
- Comfortable interacting directly with technology executive leadership, including in a high stress environment.
- Builds partnerships across functions and regions; collaborates well with others.
Education:
Bachelor’s/University degree or equivalent experience
-------------------------------------------------
Job Family Group:
Risk Management-------------------------------------------------
Job Family:
Operational Risk------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Primary Location:
Tampa Florida United States------------------------------------------------------
Primary Location Salary Range:
$76,510.00 - $114,770.00------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the "EEO is the Law" poster. View the EEO is the Law Supplement.
View the EEO Policy Statement.
View the Pay Transparency Posting