Job Description

About Citi
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.
Citi's Mission and Value Proposition  explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients' and the public's trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.
Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop are widely available to all.
 
Overview:
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.
Operational Risk Management's (ORM) mission is to create lasting solutions for minimizing losses from failed internal processes, inadequate controls, emerging risks and to drive actions to address the root causes that persistently lead to operational risk losses. The objective is to reduce operational losses for Citi through preventive actions and solutions to effectively manage and mitigate significant operational risks and vulnerabilities that may arise within Systems and Technology processes.
Responsibilities:
The Global Functions - Technology Risk Director will have oversight responsibility for the technology risk management framework supporting the Global Functions technology entities comprising of Global Functions Technology Services, Chief Data Office and Citi Architecture and Technology Engineering (CATE). Independently assess inherent operational risks in Citi's technology process execution, the suite of control components in the IT realm, and the acceptability of residual risk. Lead independent risk assessment with respect to comprehensiveness and effectiveness of processes by which Citi Technology provides technology services and products. Work proactively with Citi's technologists and technology control specialists to analyze technology measures and risk metrics.
The Technology Risk Director will also have oversight responsibility for Emerging Technologies supporting Global Functions within Citi.  The Technology Risk Analyst will work proactively with Citi's technologists and technology control specialists to analyze emerging technologies before they are deployed into Citi.
Working with colleagues in Risk, as well as technology, business and other control functions, the
Technology Director is expected to contribute to:
  • Governance and Oversight of technology risk
  • Challenge IS Policy and Standards
  • Oversight of Cyber/IS Key Technology Operational Risks and related indicators and thresholds
  • Challenge of business and technology Risk Self Assessments
  • Challenge of technology Scenario Analysis
  • Perform internal and external event reviews
  • Issue management and oversight and escalation
  • Advise on best practices leveraging expertise and industry insights
  • Drive technology risk focus toward a comprehensive set of underlying risks, cyber, process management, fraud, physical access, and other categories
Independently assess inherent operational risks in Citi's technology process execution, the suite of control components in the IT realm, and the acceptability of residual risk. Lead independent challenge of technology risk management capabilities at Citi. Lead independent risk assessment with respect to comprehensiveness and effectiveness of Information Security Systems and processes.
The candidate will be expected to evaluate the design of process flows to help technology and business managers understand the impact of control weaknesses to their technology service delivery capability.
The candidate will review and challenge whether non-Technology Operating Entities business/regional entities appropriately consider significant technology risk in their Management Control Assessments (MCAs).
The candidate will be expected to evaluate the extent to which technology managers can demonstrate they are in compliance with internal and external technology control standards, as well as regulatory and audit requirements.
The candidate will be expected to advise on continuous monitoring and control test methods, and recommend technology metrics in support of decisions concerning technology control objectives.
The candidate is charged with independent assessment of the business dependency on technology as well as independent oversight of Technology Operational Risk Management.
Business technology dependency assessment includes, but is not limited to:
  • Credible challenge of first line adherence to the Technology Risk Appetite especially on Information Security and Cyber metrics
  • Identification of gaps, inconsistencies and other integrity issues in business technology risk management capabilities, and recommend solutions that remediate issues
  • In-depth analysis of emerging and evolving technology risk
  • Assessing the effectiveness of the technology risk governance model implemented and driving escalation, prioritization and control improvement discussions as needed.
  • Technology Operational Risk Management Oversight includes, but is not limited to:
  • Review and challenge of key risk indicators, thresholds and first line response to breaches (e.g., escalation and resolution) associated with the Technology Risk Appetite statement.
  • Independently identifying emerging, evolving and previously unidentified technology risks impacting Citi.
  • MCA Effectiveness Challenge for Technology Operational Entities
  •        Support Independent Senior Operational Risk Managers by:
  • Conducting due diligence with respect to technology risks related to the acquisition of significant technology activities or investments in Information Security for the firm.
  • Participating in Executive Risk and Control Forums that focus on operational risk management as well as Information Security issues.
  • Independent observation and oversight of technology-risk-related operating committees such as Information Security, Continuity of Business, and IT Policy.
  • Evaluate the extent to which technology managers can demonstrate they are in compliance with internal and external technology control standards, as well as regulatory and audit requirements.


Knowledge /Experience
The Global Functions and Emerging Technologies- Technology Risk Director  will be a thought leader in in technology risk with over 12 years of hands-on technical experience in IT management, controls and/or Cyber/information security within globally complex, dispersed and diverse organizations. The ideal candidate will have in-depth, detailed knowledge of Technology Management, Operations and Information Security practices, both poor and best.
More specific proven experience, knowledge and skills that are desirable for a candidate in the Technology Risk Analyst role are outlined below:
  • Experience with technology infrastructure components such as network topology, data storage devices, virtual machine monitors, directory services, database management systems, messaging services, and middleware.
  • In-depth knowledge of Network Security, Network Infrastructure, mobile devices and web application development etc.
  • Experience with SCRUM/Agile methodologies will be a plus.
  • Experience with enterprise technology architecture as a holistic structure that includes people, process, and technology components combined to achieve business goals for automation.
  • Experience with Mobile technology, application development and threats associated with Mobile Online Banking.
  • Knowledge of security architecture patterns such as Demilitarized Zones, Policy Enforcement Tools, and Segregation of Duties for Change Control, Federated Identity, and Toxic Combinations.
  • Practical experience as a team member in a project or program wherein technology control metrics were devised, delivered, and/or analyzed.
  • Knowledge of full system, software, and security development lifecycle, including abuse and misuse cases within development and testing.
  • Working familiarity with data warehousing and big data environments.
  • Working familiarity with network, operating system, and application security fundamentals.
  • Working familiarity Experience with automated monitoring tools and incident tracking tools to effectively communicate and manage incidents, defects and data quality issues.
  • Strong analytical and problem-solving skills
The Global Functions - Technology Director will be an acknowledged thought leader in technology risk management with over 12 years' experience in IT, and a minimum of 10 years of hands-on technical experience in IT management, controls and/or information security within globally complex, dispersed and diverse organizations.
The ideal candidate will have in-depth, detailed knowledge of access and content management, authentication, repudiation, Internet and cellular distribution systems, cybercrime detection and countermeasures, encryption, information retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management. Prior experience in previous roles should include companies with global technology infrastructure such as Internet service providers, global manufacturing firms, or global financial services firms.
More specific proven experience, knowledge and skills that are desirable for a candidate in the Technology Risk Analyst role are outlined below:
Technology Skill set requirements will include capability to manage all aspects of these standards:
*              Technology Architecture components common across the Financial Industry
*              Information Systems Audit and Control Association's (ISACA) COBIT* Standard
*              Information Technology Infrastructure Library (ITIL)
*              ISACA's certified in Risk and Information Systems Control (CRISC) Job Practice Domains
The candidate will have both undergraduate and advanced degrees in a technology related field.
Project management experiences a plus.
Leadership, Management Behavioral Competencies
Strong Leadership Skills:
  • Provides leadership in risk identification, key risk indicator identification, and risk mitigation strategies in the domain of technology management.
  • Engages technology managers to identify key technology control indicators and maintain effective and efficient continuous control monitoring processes.
  • Strong analytical and problem-solving skills.
  • Excellent Communication Skills:
  • Both verbal and written.
  • Ability to interact with and influence people/groups of widely varying disciplines and backgrounds.
  • Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership.
  • Experienced in using active listening techniques on a consistent basis.
  • Strong Presentation skills:
  • Comfortable with public speaking across various forums and be able to effectively and logically communicate when ideas are being challenged in an open forum.
  • Comfortable interacting directly with technology executive leadership, including in a high stress environment.
  • Understands the perspective of regulators and has the ability to shape messages and content to respond to a changing variety of regulatory standards.
  • Client Relationships/Business Partnerships:
  • Strong planning, organization and time management experience that is strategically oriented, an innovative thinker, and a demonstrated and decisive decision maker.
  • Able to collaboratively manage initiatives that span multiple geographic locations and time zones.
  • Navigates organizational complexity; demonstrates organizational savvy.
  • Builds partnerships across functions and regions; collaborates well with others.
  • Networks regularly and builds relationships across Risk disciplines and with businesses, operations and technology
  • Logistics:
  • The role is global, and the incumbent must be proactive and capable of leading solutions to global issues with others in different regions and time zones.
  • The successful candidate will need to be a hands-on, self-starter, and able to manage tasks/timelines for self and others.


Qualifications

Citi is an equal opportunity and affirmative action employer. Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online