This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
Manages internal projects on threat issues that support a variety of participants and stakeholders measuring the effectiveness and comprehensiveness of Citi’s first line defenses
Establishes and oversees the application of compliance and cyber policies and procedures, technology and tools, and governance processes to provide credible challenge for minimizing losses from cyber risks
Independently assesses cyber risks and drive actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices
Leads independent assurance activities to assess areas of concern including substantive and controls testing
Monitors, evaluates, and challenges Key Risks and associated Key Risk Indicators triggers and thresholds
Also lead discussions with Key Indicator owners on breaches and action steps to correct breaches
Identifies potential risks associated with program/project delivery on a technical and detailed level
Leads various second line of defense cyber assessments including risk assessments, control assessments, maturity assessments etc
Assesses cyber risks associated with new initiatives and programs being proposed for implementation
Challenges the design, adequacy and strength of the control environment associated to technology and cyber and recommends actions to ensure the operational risk profile is in line with the cyber risk appetite
Executes ad-hoc activities for the TCCORO organization, including but not limited to: researching and producing materials for presentations of deep dives into selected topics, coordinating deliverables related to audits and examinations, and maintaining associated data for executive reporting
Appropriately assesses risk when business decisions are made, demonstrating knowledge for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules, and regulations, adhering to Policy, and applying sound ethical judgment
Requirements
10+ years relevant experience
Practical experience working in, assessing, or challenging security architecture, infrastructure security, network security, cloud security, cyber resilience or data protection
Deep knowledge of products within the coverage area, including a technical understanding of current and emerging trends as well as the ability to apply in-depth understanding of the business impacts of technical contributions
Experience in cyber risk assessments, metrics, enterprise technology services, risks, and controls within globally complex, dispersed, and diverse organizations
In-depth knowledge of cyber risks and controls across various information system architecture and engineering domains including: data protection, identity and access management, vulnerability management, network security, endpoint security, logging and monitoring, incident management, cyber resilience and third-party management
preferred expertise in security architecture, cloud security, and emerging technologies (including Artificial Intelligence and Digital Assets)
Subject matter expert in one or more industry standard risk management frameworks (including ISO27001, COBIT, TOGAF and CRI for example), and an in-depth understanding of cyber risk mitigation strategies
Outstanding communication and influencing skills through all levels of the organization and with external partners and vendors
Exceptional relationship management skills
must be able to address and resolve conflict while maintaining relationships
Ability to effectively communicate complex topics to a broad audience
Strong analytical skills, including the ability to filter, prioritize and validate potentially complex material from multiple sources