Cyber Risk Officer

• Reviews and evaluates compliance and cyber policies and procedures, technology and tools, and governance processes to provide credible challenge for minimizing losses from cyber risks
• Assesses cyber risks and evaluates actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices
• Supports independent assurance activities to assess areas of concern including substantive and controls testing
• Monitors, evaluates, and challenges key cyber risks and associated Key Risk Indicators limits and thresholds
• Also consults with indicator owners on breaches and action steps to correct breaches
• Reviews potential risks associated with program/project delivery on a technical and detailed level
• Participates in various second line of defence cyber assessments including risk assessments, control assessments, maturity assessments
• Assesses cyber risks associated with new initiatives and programs being proposed for implementation
• Challenges the design, adequacy and strength of the control environment associated to technology and cyber and recommends actions to ensure the operational risk profile is in line with the cyber risk appetite
• Executes ad-hoc activities for the TCCORO organization, including but not limited to researching and drafting materials for presentations of deep dives into selected topics, coordinating deliverables related to audits and examinations, and maintaining associated data for executive reporting
• Appropriately assesses risk when business decisions are made, demonstrating knowledge for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules, and regulations, adhering to Policy, and applying sound ethical judgment

• Proven track record of success operating as a Cyber Risk Officer ideally within the financial services sector
• Practical experience working in, assessing or auditing security architecture, infrastructure security, network security, cloud security, or data protection
• Knowledge of products within the coverage area, including an understanding of current and emerging trends as well as the ability to apply understanding of the business impacts of technical contributions
• Experience in cyber risk assessments, metrics, enterprise technology services, risks, and controls within globally complex, dispersed, and diverse organisations
• In-depth knowledge of cyber risks and controls across various information system architecture and engineering domains including data protection, identity and access management, vulnerability management, network security, endpoint security, logging and monitoring, incident management, and third-party management
• preferred expertise in infrastructure/network security, cloud security and data protection
• Proficient in industry standard risk management frameworks (including ISO27001, COBIT, TOGAF and CRI for example), and an in-depth understanding of cyber risk mitigation strategies
• Excellent communication skills with the ability to work collaboratively with people at all levels of the organisation and with regional and global partners in other functional units
• Effective analytical skills to filter, prioritize and validate potentially complex material from multiple sources and distil into risk insights
• Excellent project management and organizational skills and capability to oversee multiple projects
• Bachelor’s/University degree, master’s degree preferred
• Relevant certifications in CISM, CRISC, CISSP, etc. a distinct advantage

Relevant certifications in CISM, CRISC, CISSP

• Private Medical Care Program
• Life Insurance Program
• Pension Plan contribution (PPE Program)
• Employee Assistance Program
• Paid Parental Leave Program (maternity and paternity leave)
• Sports Card
• Holidays Allowance
• Sport and team recreation activities
• Exclusive offers and discounts for employees
• Access to an array of learning and development resources
• A discretional annual performance related bonus