CrawlJobs Logo
Citi Logo Citi · IT - Administration

Global Head of Cyber Risk and Compliance

United States, Irving, Texas, United States, New York, New York, United States Employment contract 250000.00 - 500000.00 USD / Year · Job Posted May 15, 2026
Apply Position
Job Link Share

Job Description

The Technology & Cyber Compliance and Operational Risk Office (TCCORO) at Citi is the firms reliable second set of eyes overseeing Technology and Cyber risk. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses. TCCORO provides the specialist subject matter experts to challenge Enterprise, Infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscious of the bank. In line with the ORM and ICRM frameworks, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated and aligned with our risk appetite.

Job Responsibility

  • Oversight and challenge of the cybersecurity incident response programs
  • Oversight of the security operations center (SOC) and cybersecurity fusion center (CSFC)
  • Oversight of cybersecurity penetration testing and red-team operations
  • Oversight of the Chief Information Security Office (CISO), including the review of the effectiveness of the controls, standards and programs across the enterprise
  • Implementation of guidance for overseeing Emerging Technology and Operational Risks, in compliance with OCC Heightened Standards
  • Able to present and lead discussions with key Regulators, internal and external auditors, as well the Board of Directors and the Risk and Audit sub-committees
  • Governance and Oversight of security risks impacting the business and technology
  • Support in the development of Cyber Policy and Standards
  • Oversight of Key Operational Risks and related indicators and thresholds
  • Challenge of Cyber Risk Self Assessments
  • Challenge of Business and Technology Scenario Analysis
  • Issue management, oversight and escalation
  • Advise on best practices leveraging expertise and industry insights

Requirements

  • 20+ years' experience in technology risk and/or cyber risk management in the banking/financial services industry, or related field, with at least 5+ years in 2nd or 3rd line senior leadership positions
  • Subject matter expert in technology risk and/or cyber risk management principles and practices across various information system architecture and engineering domains
  • Proven experience in managing complex risk portfolios and developing strategic risk management frameworks for large organizations
  • Robust understanding of operational risk management frameworks, industry standards, regulatory requirements, and risk mitigation practices
  • Experience managing and overseeing large remediation and transformation programs to achieve intended results
  • Extensive experience in effective written and verbal communication with executive audiences including Boards
  • Experienced risk challenger who balances risks vs. rewards aligned with corporate risk culture
  • Understanding of Citi products and services and downstream impacts of technology risk and/or cyber risk strategy
  • Professional certifications in either technology risk and/or cyber risk preferred, including: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ERM, CET, ISO27001, COBIT, TOGAF, or CRI
  • In-depth, working knowledge of banking technologies, fraud, cybercrime detection and countermeasures, encryption, data retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management
  • Technology Architecture components common across the Financial Industry
  • Information Systems Audit and Control Association's (ISACA) COBIT Standard
  • Information Technology Infrastructure Library (ITIL)
  • ISACA's Certified in Risk and Information Systems Control (CRISC) Job Practice Domains
  • Project management
  • Strong Leadership Skills
  • Excellent Communication Skills
  • Strong Presentation skills
  • Client Relationships/Business Partnerships
  • Bachelor's/University degree, Master's degree preferred

Nice to have

  • Professional certifications in either technology risk and/or cyber risk preferred, including: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ERM, CET, ISO27001, COBIT, TOGAF, or CRI
  • Master's degree preferred

What we offer

  • Discretionary and formulaic incentive and retention awards
  • medical, dental & vision coverage
  • 401(k)
  • life, accident, and disability insurance
  • wellness programs
  • paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays
Citi - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Global Head of Cyber Risk and Compliance

8 matching positions

Head of Cyber Security Operations Process Strategy and Optimization

The Cyber Security Operations (CSO) organization is seeking a highly motivated a...
Location
Location
Ireland , Dublin
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of professional experience in cybersecurity, technology risk management, or a related field
  • Extensive experience in Cyber Security Operations is highly preferred
  • Proven track record of leading large-scale business process re-engineering, process design, and optimization initiatives with measurable results
  • Demonstrated expertise in developing service maps, process documentation, and workflows using technologies such as Visio, JIRA, and other workflow management tools
  • Strong knowledge of continuous improvement models (e.g., Six Sigma, Lean) and their practical application in a technology or security environment
  • Experience in identifying and implementing automation and AI solutions, with a firm understanding of best practices and their impact on operational efficiency
  • Exceptional ability to identify financial and efficiency opportunities within complex operational processes
  • Proven leadership skills with the ability to influence and partner with senior stakeholders across a global organization
  • Excellent communication, presentation, and negotiation skills, with the ability to articulate complex concepts to both technical and non-technical audiences
Job Responsibility
Job Responsibility
  • Act as a direct transformation partner to CSO operational teams, driving a strategic agenda focused on operational excellence, efficiency, and scalability
  • Lead the identification, design, and execution of high-impact opportunities for process re-engineering
  • Develop, maintain, and govern a comprehensive inventory of all CSO Services, their supporting processes, and their interrelationships
  • Define, monitor, and report on strategic metrics for both operational performance and risk posture
  • Serve as the central hub for identifying, vetting, and prioritizing AI and automation candidates
  • Champion and embed methodologies like Six Sigma to foster a culture of operational excellence
  • Build and maintain strong relationships with senior leaders and operational teams across CSO
  • Appropriately assess risk when business decisions are made
  • Drive compliance with applicable laws, rules, and regulations
  • Lead business process re-engineering and operational excellence efforts
What we offer
What we offer
  • Competitive base salary, annually reviewed
  • Hybrid working model
  • Business casual workplace
  • Additional benefits to support well-being, growth, and work-life balance
  • Fulltime
Read More
Arrow Right

Risk Manager - Tech and Cyber Risk

Support the Senior Risk Manager – Tech & Cyber Risk and Head of Operational Risk...
Location
Location
United Kingdom , Birmingham
Salary
Salary:
Not provided
socialvalueportal.com Logo
Social Value Portal Ltd
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Knowledge and experience of risk management frameworks and tools with proven technology and cyber risk expertise
  • Experience of working in a global and fast paced business environment is essential
  • Degree level educated or an equivalent combination of education training and experience with security frameworks and industry standards
  • and/or Relevant professional qualification (e.g., IRM International Certificate in Operational Risk, Practitioner Certificate in Information Management, etc.)
  • Proven technology and cyber risk expertise, preferably with a strong understanding of the Lloyd’s or wider company insurance market and framework
  • Understanding of the commercial drivers and dynamics affecting risk decisions in the insurance sector, as well as operational and risk processes associated with an international insurance group
  • Ability to build strong partnering relationships with a wide range of stakeholders
  • Ability to interact professionally and with credibility and manage expectations of management and key stakeholders
  • Ability to manage time, meet deadlines and prioritise
  • Able to communicate effectively with others
Job Responsibility
Job Responsibility
  • Support the Senior Risk Manager – Tech & Cyber Risk and Head of Operational Risk in the oversight and management of technology and cyber risk management activities, as well as wider operational risk matters across the Group
  • Support the Senior Risk Manager – Tech & Cyber Risk in facilitating regular Risk & Control Self Assessments (RCSAs) with first line risk owners and stakeholders
  • Support the Senior Risk Manager – Tech & Cyber Risk in implementing and maintaining a robust control environment
  • Provide oversight and challenge of Beazley’s first line process around technology and cyber risk
  • Produce risk reporting and opinions, including deep dive reviews on hot topics influencing Beazley’s technology and cyber risk profile
  • Support the Senior Risk Manager – Tech & Cyber Risk and Head of Operational Risk in designing, writing and implementing frameworks, policies, procedures and processes where required
  • Provide critical appraisal of the control environment proposed by the business with reference to the agreed risk appetite
  • Liaise with first line business stakeholders and risk owners to capture new risks and review controls
  • Assist in the preparation of risk management material for internal and external presentations
  • Assist in the provision of induction training to all relevant employees
  • Fulltime
Read More
Arrow Right

Head of Insurance and Risk

The Head of Insurance and Risk is responsible for developing and executing the e...
Location
Location
United States of America , Raleigh
Salary
Salary:
Not provided
https://www.circlek.com Logo
Circle K
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree required
  • advanced degree or professional designation (ARM, CPCU, CRM, JD) preferred
  • 12–15+ years of progressive experience in risk management, insurance, or claims leadership, ideally within retail, fuel distribution, logistics, or similarly complex operational environments
  • Deep expertise in casualty claims, including high‑volume retail claims and fleet‑related exposures
  • Strong negotiation skills and established relationships within the insurance and risk management community
  • Proven ability to lead global programs and influence senior stakeholders
  • Exceptional analytical, communication, and strategic‑thinking capabilities
Job Responsibility
Job Responsibility
  • Build and maintain a comprehensive global risk management framework aligned with operational, financial, environmental, and regulatory priorities
  • Identify and assess risks across retail operations, fuel distribution, transportation, environmental compliance, and supply chain
  • Lead enterprise risk committees, reporting processes, and executive‑level risk communication
  • Advise senior leadership on emerging risks, including environmental liability, cyber threats, regulatory shifts, and market volatility
  • Design and manage global insurance programs covering property, casualty, auto/fleet, workers’ compensation, environmental liability, cyber, and specialty risks
  • Lead annual renewals, market negotiations, and program structuring to optimize coverage, retentions, and total cost of risk
  • Maintain strong relationships with brokers, carriers, TPAs, and risk engineering partners
  • Ensure insurance programs support business expansion, acquisitions, new store formats, and evolving fuel technologies (EV charging, alternative fuels)
  • Oversee end‑to‑end management of casualty claims, including: General liability (slip‑and‑fall, premises liability), Auto liability (fleet accidents, fuel transport), Workers’ compensation (retail and logistics workforce), Product liability (fuel quality, foodservice)
  • Establish claims handling protocols, reserving standards, and litigation management strategies
What we offer
What we offer
  • Competitive Salary
  • Complete benefits packages (medical, dental, deferred compensation plan, employee stock plan, etc.)
  • People Perks which allows for great discounts on food and fuel
  • Vacation / PTO time
  • Work in a collaborative, dynamic and high performing team
  • Work for a leading, innovative, and growing company in convenience stores operations
  • Fortune 500 company and a 5-time Gallup Exceptional Workplace Award Winner
  • Tuition reimbursement of $5,000 per year
  • Learning opportunities to develop new skills and to evolve professionally in a fast-growing company
  • Fulltime
Read More
Arrow Right

Data Privacy Senior Analyst - Assistant Vice President

The Data Privacy Sr Analyst is responsible for providing governance and oversigh...
Location
Location
India , Pune
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-8 years of relevant experience
  • Demonstrates Data Privacy, Data Privacy Operations, Information Security or Cyber related risk management or minimum two years in an Internal Audit, Risk Management, or Control Management related role
  • Working knowledge of Data Privacy Compliance laws, rules, regulations, risks, and appropriate controls
  • Strong project management skills
  • Ability to anticipate and balance the needs of multiple stakeholders
  • Ability to communicate effectively
  • Risk-based thinking and analytical mindset
  • Ability to build rapport and work closely with stakeholders
  • Up-to-date understanding of key Data Privacy risk and control concepts, tools and trends
  • Proficient in the use of basic Microsoft applications (Word, Excel, PowerPoint)
Job Responsibility
Job Responsibility
  • Complete the Privacy Impact Assessment (PIA) process and controls required for all initiatives, new products and services
  • Assess, evaluate, and validate controls through processes and tools such as the MCA and KRIs as appropriate for data privacy risk
  • Support the product heads, function heads, COOs and In Business Risk team on gap analysis and the implementation of global policy requirements and regional standards
  • Support periodic reviews of the Business’s data privacy processes and control and validate changes as a result of such reviews
  • Track and review deviations and risk acceptances when raised and at the time of renewal
  • Follow Escalation Policy and procedures to ensure effective escalation and socialization of material risk events and issues across businesses for any Data Privacy related items
  • Escalate material risk events and issues appropriately
  • Assist business in creation of Issues/CAPs related to Data Privacy as needed
  • Support the Business and Functions on reviews and audits on Data Privacy
  • Work with Global In-Business Regulatory head on all reviews and audits to ensure appropriate preparation, pre-review assessments and post-review remediation
  • Fulltime
Read More
Arrow Right

Data Privacy Lead Analyst

Location
Location
Hungary , Budapest
Salary
Salary:
14768850.00 - 24762350.00 HUF / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6-10 years of relevant experience
  • Demonstrates Data Privacy, Data Privacy Operations, Information Security or Cyber related risk management experience or minimum two years in an Internal Audit, Risk Management, or Control Management related role
  • Working knowledge of Data Privacy Compliance laws, rules, regulations, risks, and appropriate controls
  • Familiarity with privacy related technology considerations such as cookies, mobile devices, biometric and geolocation data is desired
  • Risk-based thinking and analytical mindset
  • Ability to lead and drive controls across the products and functions irrespective of reporting lines
  • Communicates effectively, develops and delivers multi-mode communications that convey a clear understanding of the unique needs of different audiences
  • able to drive consensus, and influence relationships at all levels
  • Collaborates effectively by building partnerships and working well with others to meet shared objectives
  • Up-to-date understanding of key data privacy risk and control concepts, tools and trends
Job Responsibility
Job Responsibility
  • Assess, evaluate, and validate controls through processes and tools such as the MCA and KRIs as appropriate for data privacy risk
  • Support the Business and Functions on reviews and audits on Data Privacy and Cross Border Data Transfers
  • Support the business on reviewing and responding to findings by reviewers
  • Manage day to day activities that support implementation of global policy requirements and regional standards, and on the assessment of the legal and regulatory requirements with Country Legal and Compliance as well as the development of local procedures as relate to Cross Border and Data Privacy
  • Coordinate periodic reviews of the Business's data privacy processes, Cross border data transfers and control and validate changes as a result of such reviews
  • Track and review deviations and risk acceptances when raised and at the time of renewal to assess the need for deviations and ascertain that the business has implemented and documented effective compensating controls
  • Follow Escalation Policy and procedures to ensure effective escalation and socialization of material risk events and issues across businesses for any data privacy related items
  • Provide input and review of completed Cross Border Data Clearance CAPs in the tracking system prior to validation by other control and assessment functions such as Internal Audit and ORM
  • Coordinate and support the Business in the implementation of global, regional and local Data Privacy, regulatory and risk and control projects
  • Ensure high quality execution for Data Privacy and Cross Border Data Transfer programs for any Citi initiated programs, in coordination with Global Risk and Control and the In Business Regulatory Engagement Head
What we offer
What we offer
  • Cafeteria Program
  • Home Office Allowance (for colleagues working in hybrid work models)
  • Paid Parental Leave Program (maternity and paternity leave)
  • Private Medical Care Program and onsite medical rooms at our offices
  • Pension Plan Contribution to voluntary pension fund
  • Group Life Insurance
  • Employee Assistance Program
  • Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
  • Flexible work arrangements to support you in managing work - life balance
  • Career progression opportunities across geographies and business lines
  • Fulltime
Read More
Arrow Right

Data Privacy Lead Analyst – Vice President

The Data Privacy Lead Analyst is responsible for facilitating/ executing the day...
Location
Location
India , Pune
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6-10 years of relevant experience
  • Demonstrates Data Privacy, Data Privacy Operations, Information Security or Cyber related risk management experience or minimum two years in an Internal Audit, Risk Management, or Control Management related role
  • Working knowledge of Data Privacy Compliance laws, rules, regulations, risks, and appropriate controls
  • familiarity with privacy related technology considerations such as cookies, mobile devices, biometric and geolocation data is desired
  • Risk-based thinking and analytical mindset
  • Ability to lead and drive controls across the products and functions irrespective of reporting lines
  • Communicates effectively, develops and delivers multi-mode communications that convey a clear understanding of the unique needs of different audiences
  • able to drive consensus, and influence relationships at all levels
  • Collaborates effectively by building partnerships and working well with others to meet shared objectives
  • Up-to-date understanding of key data privacy risk and control concepts, tools and trends
Job Responsibility
Job Responsibility
  • Engages in assessment of Privacy impact processes and controls required for all initiatives, new products and services
  • Assess, evaluate, and validate controls through processes and tools such as the MCA and KRIs as appropriate for data privacy risk
  • Support the Business and Functions on reviews and audits on Data Privacy
  • Support the business on reviewing and responding to findings by reviewers
  • Manage day to day activities that support implementation of global policy requirements and regional standards, and on the assessment of the legal and regulatory requirements with Country Legal and Compliance as well as the development of local procedures as relate to Data Privacy
  • Coordinate periodic reviews of the Business’s data privacy processes and control and validate changes as a result of such reviews
  • Track and review deviations and risk acceptances when raised and at the time of renewal to assess the need for deviations and ascertain that the business has implemented and documented effective compensating controls
  • Follow Escalation Policy and procedures to ensure effective escalation and socialization of material risk events and issues across businesses for any data privacy related items
  • Assist business in creation of Issues/CAPs related to data privacy as needed (issues and CAPs owned by Product/Region business owner)
  • Track and escalate as necessary
  • Fulltime
Read More
Arrow Right

Asia Cyber Security Operations Lead

Citigroup seeks an experienced, proactive, and innovative Asia Cybersecurity Ope...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15+ years of experience in cybersecurity and financial services
  • Demonstrated leadership experience within security operations or similar functions
  • Proven track record of contributing to and managing security operations and supporting transformative change
  • Strong understanding of the cyber threat landscape, attack vectors, and mitigation strategies
  • Expertise in aspects of Security Operations Centers (SOC), Incident Response, Hunting Operations, Threat Defense, Penetration Testing, Vulnerability Management, Red Team operations, threat intelligence, and cybersecurity models
  • Strong communication, interpersonal, and team collaboration skills, with the ability to operate effectively across diverse regional cultures
  • Ability to work effectively in a fast-paced, high-pressure environment
  • Cybersecurity Leadership: Demonstrated ability to lead and motivate cybersecurity teams, manage projects, and contribute to strategic direction under pressure across multiple functions (SOC, Offensive Security, VM, Fusion Center)
  • Strategic Thinking: Capacity to assist in developing and implementing comprehensive Cybersecurity strategy aligned with business objectives and industry best practices across the JANA and Asia South regions
  • Transformation & Innovation: Experience supporting large-scale cyber and digital transformations, fostering a culture of innovation and continuous improvement
Job Responsibility
Job Responsibility
  • Contribute to and manage aspects of Cybersecurity Incident Response and Crisis Management within the JANA and Asia South regions
  • Oversee Hunting Operations and Threat Defense initiatives to proactively identify and neutralize threats
  • Lead and manage Penetration Testing, Vulnerability Management, and Red Team activities within the cluster
  • Support Third-party incident response and management processes
  • Assist in Critical Vulnerability response and remediation initiatives
  • Participate in and lead specific Cyber Exercises Program activities
  • Contribute to Cyber Threat Intelligence efforts and analysis
  • Support Cyber Data Analytics and reporting for regional operations
  • Assist in the development and implementation of Cybersecurity risk mitigation programs
  • Pro-actively support the Global Head in evolving the Cyber Fusion function and other cybersecurity operational capabilities, contributing to the development and implementation of a comprehensive strategy aligned with Citigroup's business enablement & efficiency objectives and security posture within the JANA and Asia South regions
  • Fulltime
Read More
Arrow Right

Head of Security Governance, Risk & Compliance

We’re looking for a dynamic, experienced Head of GRC to lead our global governan...
Location
Location
Luxembourg , Luxembourg
Salary
Salary:
Not provided
ppro.com Logo
PPRO GmbH
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A proven track record transforming traditional GRC frameworks (ISO27001, PCI DSS, SOC2) into modern, automated, developer-friendly control assurance programmes
  • Solid grounding in financial services regulation, payments, operational resilience, outsourcing/cloud guidelines etc.
  • Strong experience interacting with regulators and auditors (CSSF, FCA, etc.) and implementing regulatory requirements
  • Proven ability to run risk management processes, control frameworks and audit cycles
  • Experience evaluating technology, cyber and operational risks in a cloud-native environment
  • Engineering-first mindset, with an understanding of cloud-native architectures (AWS preferred) and how GRC requirements fit into engineering workflows
  • Experience with GRC tooling, workflow automation or process optimisation
  • Ability to translate regulatory requirements into practical, technical control expectations
  • Excellent communicator, capable of influencing executives, engineers, auditors and regulators
  • Pragmatic, commercially-minded, empathetic and customer-focused
Job Responsibility
Job Responsibility
  • Lead PPRO’s global Security GRC strategy and team, to support our international regulatory and compliance footprint
  • Oversee and enhance our ISO27001:2022 and PCI DSS v4.0 programmes, building a culture of continuous compliance through automation and control transformation
  • Partner with relevant functions to ensure ongoing DORA compliance, including security risk management, incident reporting, operational resilience testing and governance
  • Define and deliver a strategy for a pragmatic, high-value 2nd line automated control assurance programme, underpinned by relevant business metrics
  • Own and manage regulatory expectations on security topics by the CSSF in Luxembourg, FCA in the UK and other international bodies as relevant
  • Maintain and enhance PPRO’s security risk register, defining and delivering cross-organisation improvement and remediation roadmaps
  • Lead security control testing, issue management, KRI monitoring, SLA reporting and Board-level reporting
  • Act as Information Security Officer for PPRO’s local Luxembourg entity
  • Own third party security risk management and oversight for PPRO across the full procurement lifecycle
  • Partner closely with Engineering to build shared understanding and transform controls via thoughtful automation, streamlining evidence collection and control monitoring
What we offer
What we offer
  • Hybrid working with a 3 days / week on site expectation
  • Work from abroad policy, enabling employees to work remotely for up to another 30 days per year
  • €1,000 annual budget for professional growth
  • Leadership cafés, on-the-job training
  • Lunch Vouchers - 12,80euros x 18 / month
  • Enhanced family leave
  • Travel Insurance
  • Gym membership contribution
  • Mental Health Platform
  • Pet-friendly office
  • Fulltime
Read More
Arrow Right