Global Consumer Coverage Functions - Technology Risk Analyst - I, SVP
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.
Citi's Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients' and the public's trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.
Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop are widely available to all.
Operational Risk Management's (ORM) mission is to create lasting solutions for minimizing losses from failed internal processes, inadequate controls, emerging risks and to drive actions to address the root causes that persistently lead to operational risk losses. The objective is to reduce operational losses for Citi through preventive actions and solutions to effectively manage and mitigate significant operational risks and vulnerabilities that may arise within Systems and Technology processes.
Reporting into the Global Consumer Coverage Functions - Technology Risk Director, the Technology Risk Analyst will have oversight responsibility for the technology risk management framework supporting the Global Consumer Group (GCG). Building on Citi's strong Operational Risk Management Framework, the Technology Risk Director will independently assess inherent operational risks in Citi's technology process execution, the suite of control components in the IT realm, and the acceptability of residual risk. Lead independent risk assessment with respect to comprehensiveness and effectiveness of processes by which Global Consumer Technology provides technology services and products to the Global Consumer Group. Work proactively with Citi's technologists and technology control specialists to analyze technology measures and risk metrics.
Working with colleagues in Risk, as well as technology, business and other control functions, the
Technology Risk Analyst is expected to contribute to:
* Governance and Oversight of technology risk
* Development of Policy and Standards
* Oversight of Key Technology Operational Risks and related indicators and thresholds
* Challenge of business and technology Risk Self Assessments
* Challenge of technology Scenario Analysis
* Perform internal and external event reviews
* Issue management and oversight and escalation
* Advise on best practices leveraging expertise and industry insights
The candidate will be expected to evaluate the design of process flows to help technology and business managers understand the impact of control weaknesses to their technology service delivery capability.
The candidate will review and challenge whether Global Consumer Non-Technology Operating Entities business/regional entities appropriately consider significant technology risk in their Management Control Assessments (MCAs).
The candidate will be expected to evaluate the extent to which technology managers can demonstrate they are in compliance with internal and external technology control standards, as well as regulatory and audit requirements.
The candidate will be expected to advise on continuous monitoring and control test methods, and recommend technology metrics in support of the Technology Risk Appetite Statement.
The candidate is charged with independent assessment of the business dependency on technology as well as independent oversight of Technology Operational Risk Management.
Business technology dependency assessment includes, but is not limited to:
* Support for ORM Business Operational Risk Management teams performing risk reviews and evaluating Business processes in relation to technology risk.
* Identification of gaps, inconsistencies and other integrity issues in business technology risk management capabilities, and recommending solutions that remediate issues
* In-depth analysis of emerging and evolving technology risk
* Assessing the effectiveness of the technology risk governance model implemented and driving escalation, prioritization and control improvement discussions as needed.
* Technology Operational Risk Management Oversight includes, but is not limited to:
* Review and challenge of key risk indicators, thresholds and first line response to breaches (e.g., escalation and resolution) associated with the Technology Risk Appetite statement.
* Independently identifying emerging, evolving and previously unidentified technology risks impacting Global Consumer Group
* MCA Effectiveness Challenge for Technology Operational Entities
Support Independent Senior Operational Risk Managers by:
* Conducting due diligence with respect to technology risks related to the acquisition of significant technology activities or investments (e.g., Fintech).
* Evaluating the extent to which technology managers can demonstrate they are in compliance with internal and external technology control standards, as well as regulatory and audit requirements.
The Global Consumer Coverage Functions - Technology Risk Analyst will be a thought leader in Consumer technology risk with over 10 years of hands-on technical experience in IT management, controls and FinTechs within globally complex, dispersed and diverse organizations.
The ideal candidate will have in-depth, detailed knowledge of Consumer Technology Management, Operations and Information Security practices, both poor and best.
More specific proven experience, knowledge and skills that are desirable for a candidate in the
Technology Risk Analyst role are outlined below:
* Experience with SCRUM/Agile methodologies within Consumer Banking.
* Experience with enterprise technology architecture as a holistic structure that includes people, process, and technology components combined to achieve business goals for automation.
* Experience with technology infrastructure components such as ATMs, Payment Systems, Consumer Mobile Applications, Consumer Branch Technology, Consumer Banking applications and database management systems.
* Knowledge of security architecture patterns such as Demilitarized Zones, Policy Enforcement Tools, and Segregation of Duties for Change Control, Federated Identity, and Toxic Combinations.
* Practical experience as a team member in a project or program wherein technology control metrics were devised, delivered, and/or analyzed.
* Knowledge of full system, software, and security development lifecycle, including abuse and misuse cases within development and testing specifically within Consumer Banking.
* Working familiarity with data warehousing and big data environments.
* Working familiarity with network, operating system, and application security fundamentals.
* Working familiarity with automated monitoring tools and incident tracking tools to effectively communicate and manage incidents, defects and data quality issues.
* Strong analytical and problem-solving skills
The Global Consumer Coverage Functions - Technology Risk Analyst will be an acknowledged thought leader in technology risk management with over 10 years' experience in IT, and a minimum of 8 years of hands-on technical experience in IT management, controls and/or information security within globally complex, dispersed and diverse organizations.
The ideal candidate will have in-depth, working knowledge of Consumer Banking Technologies, Consumer fraud, cybercrime detection and countermeasures, encryption, information retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management. Prior experience in previous roles should include companies with global technology infrastructure in global financial services firms.
More specific proven experience, knowledge and skills that are desirable for a candidate in the Technology Risk Analyst role are outlined below:
Technology Skill set requirements will include capability to manage all aspects of these standards:
* Technology Architecture components common across the Financial Industry
* Information Systems Audit and Control Association's (ISACA) COBIT* Standard
* Information Technology Infrastructure Library (ITIL)
* ISACA's Certified in Risk and Information Systems Control (CRISC) Job Practice Domains
The candidate will require a Masters in a technology related field.
Project management experiences a plus.
Leadership, Management Behavioral Competencies
Strong Leadership Skills:
* Provides leadership in risk identification, key risk indicator identification, and risk mitigation strategies in the domain of technology management.
* Engages technology managers to identify key technology control indicators and maintain effective and efficient continuous control monitoring processes.
* Strong analytical and problem-solving skills.
Excellent Communication Skills:
* Both verbal and written.
* Ability to interact with and influence people/groups of widely varying disciplines and backgrounds.
* Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership.
* Experienced in using active listening techniques on a consistent basis.
Strong Presentation skills:
* Comfortable with public speaking across various forums and be able to effectively and logically communicate when ideas are being challenged in an open forum.
* Comfortable interacting directly with technology executive leadership, including in a high stress environment.
* Understands the perspective of regulators and has the ability to shape messages and content to respond to a changing variety of regulatory standards.
Client Relationships/Business Partnerships:
* Strong planning, organization and time management experience that is strategically oriented, an innovative thinker, and a demonstrated and decisive decision maker.
* Able to collaboratively manage initiatives that span multiple geographic locations and time zones.
* Navigates organizational complexity; demonstrates organizational savvy.
* Builds partnerships across functions and regions; collaborates well with others.
* Networks regularly and builds relationships across Risk disciplines and with businesses, operations and technology
* The role is global, and the incumbent must be proactive and capable of leading solutions to global issues with others in different regions and time zones.
* The successful candidate will need to be a hands-on, self-starter, and able to manage tasks/timelines for self and others
Job Status: Full Time
Job Reference #: 17077687