Fevrok logo
Enterprise Technology & Cyber Risk Operations Lead
3 years ago

The Operational Risk Management (ORM) Group at Citi is the firms reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses. The ORM Technology and Cyber (ORM T/C) team provides the specialist subject matter experts to challenge Enterprise, Infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscious of the bank. In line with the ORM framework, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated and aligned with our risk appetite.


**Responsibilities**


Reporting into the Head of Enterprise Technology and Cyber Risk (ETCR), the Enterprise Technology & Cyber Risk Operations Lead will have oversight responsibility for a significant portfolio of the Enterprise Operations & Technology (EO&T) organization. The following highlight the coverage area responsibilities for this Managing Director position:


+ Oversight and challenge of the technology and cybersecurity incident response programs.

+ Oversight of the security operations center (SOC) and cybersecurity fusion center (CSFC).

+ Oversight of cybersecurity penetration testing and red-team operations.

+ Oversight of the Chief Information Security Office (CISO), including the review of the effectiveness of the controls, standards and programs across the enterprise.

+ Implementation of guidance for overseeing Emerging Technology and Operational Risks, in compliance with OCC Heightened Standards.

+ Able to present and lead discussions with key Regulators, internal and external auditors, as well the Board of Directors and the Risk and Audit sub-committees.


Building upon Citis Operational Risk Management Framework, this Managing Director position will have responsibility to perform independent assessment of technology and other operational inherent risks in Citis infrastructure and security programs and services, and reviewing the acceptability of residual risk.


Working with colleagues in Risk, as well as technology, business and other control functions, the Enterprise Technology & Cybersecurity Risk Operations Lead will contribute to the following:


+ Governance and Oversight of business and technology risk

+ Support in the development of Policy and Standards

+ Oversight of Key Operational Risks and related indicators and thresholds

+ Challenge of business and technology Risk Self Assessments

+ Challenge of Business and Technology Scenario Analysis

+ Perform internal and external event reviews specific to the EO&T portfolio

+ Issue management, oversight and escalation

+ Advise on best practices leveraging expertise and industry insights


**Qualifications:**


Knowledge /Experience


The Enterprise Technology & Cyber Risk Operations Lead will be an acknowledged thought leader in technology and security risk management with over 15 years of hands-on technical experience in complex IT management, Information Security, and Emerging Technologies with globally complex, dispersed and diverse organizations.


The ideal Managing Director will have in-depth, detailed knowledge of good infrastructure, cloud, and emerging Technology Management, Operations and Information Security practices in the financial industry. This individual should have the following experience and skills:


+ In-depth knowledge of the incident response program, including forensic investigation, User and Entity Behavior Analytics (UEBA), Security Orchestration and Automation (SOAR) and other security incident and event management capabilities.

+ In-depth knowledge of complex digital investigations supporting data loss prevention and insider threat programs.

+ In-depth knowledge of computer and network forensics techniques and current cyber threat environment.

+ Knowledge of Information technology including network, servers, databases, and data center design and operations, cloud, mobile & IoT security

+ Knowledge of security programs for identity and access, authentication, network and application security, and testing and scanning.

+ Knowledge of the risks and underlying controls that support the integration, testing and support to business application and services, to include ATMs, Payment Systems, Mobile Applications, and Banking applications.

+ Strong analytical and problem-solving skills


The ideal candidate will have in-depth, working knowledge of banking technologies, fraud, cybercrime detection and countermeasures, encryption, data retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management. Prior experience in previous roles should include companies with global technology infrastructure in global financial services firms.


Technology Skill set requirements will include capability to manage all aspects of these standards:


+ Technology Architecture components common across the Financial Industry

+ Information Systems Audit and Control Associations (ISACA) COBIT* Standard

+ Information Technology Infrastructure Library (ITIL)

+ ISACAs Certified in Risk and Information Systems Control (CRISC) Job Practice Domains

+ Masters in a technology related field.

+ Project management experiences is a plus.


Strong Leadership Skills:


+ Provides leadership in risk identification, key risk indicator identification, and risk mitigation strategies in the domain of technology management.

+ Engages business and technology managers to identify key control indicators and maintain effective and efficient continuous control monitoring processes.

+ Strong analytical and problem-solving skills.


Excellent Communication Skills:


+ Both verbal and written.

+ Ability to interact with and influence people/groups of widely varying disciplines and backgrounds.

+ Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership.

+ Experienced in using active listening techniques on a consistent basis.


Strong Presentation skills:


+ Comfortable with public speaking across various forums and be able to effectively and logically communicate when ideas are being challenged in an open forum.

+ Comfortable interacting directly with technology executive leadership, including in a high stress environment.

+ Understands the perspective of regulators and has the ability to shape messages and content to respond to a changing variety of regulatory standards.


Client Relationships/Business Partnerships:


+ Strong planning, organization and time management experience that is strategically oriented, an innovative thinker, and a demonstrated and decisive decision maker.

+ Collaboratively manage initiatives that span multiple geographic locations and time zones.

+ Navigates organizational complexity; demonstrates organizational acumen.

+ Builds partnerships across functions and regions; collaborates well with others.

+ Networks regularly and builds relationships across Risk disciplines and with businesses, operations and technology


Logistics:


+ The role is global, and the incumbent must be proactive and capable of leading solutions to global issues with others in different regions and time zones.

+ The successful candidate will need to be a hands-on, self-starter, and able to manage tasks/timelines for self and others


-------------------------------------------------


**Job Family Group:**


Risk Management

-------------------------------------------------


**Job Family:**


Operational Risk

------------------------------------------------------


**Time Type:**


Full time

------------------------------------------------------


Citi is an equal opportunity and affirmative action employer.


Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.


Citigroup Inc. and its subsidiaries ("Citi) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review **Accessibility at Citi (https://www.citigroup.com/citi/accessibility/application-accessibility.htm)** .


View the "EEO is the Law (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/eeopost.pdf) " poster. View the EEO is the Law Supplement (https://www.dol.gov/sites/dolgov/files/ofccp/regs/compliance/posters/pdf/OFCCP\_EEO\_Supplement\_Final\_JRF\_QA\_508c.pdf) .


View the EEO Policy Statement (http://citi.com/citi/diversity/assets/pdf/eeo\_aa\_policy.pdf) .


View the Pay Transparency Posting (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp\_%20English\_formattedESQA508c.pdf)


-----------------------------


Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

posted by
Fevrok Botavatar
Fevrok Bot @bot
I'm a Fevrok Bot I fetch jobs from Fevrok partners websites
Company
Citigroup's logo
Citigroup
@citigroup (company)
similar jobs
Senior Application Penetration Tester, VP (C13) Senior Vice President (Operational Risk) Enterprise Cloud Risk Application Monitoring and Response Analyst - Cyber Security Operations Senior Vice President, IT Risk, ITGC, and eDiscovery Management Cyber Security Onsite Third Party Assessor Back-end Python/Django Developer - Global Information Security Onsite Third Party Assessor Onsite Third Party Assessor Onsite Third Party Assessor
Fevrok logo
Get support
Company
About us Blog Sitemap
Legal
Privacy policy
©2025 Fevrok. All Rights Reserved.
  english