Legal Third-Party Management and Information Security Risk Lead, Citi

Citi

Location:
United Kingdom, Belfast

Category:
Legal

Contract Type:
Not provided

Salary:

Not provided

Save Job

Apply Position

Job Description:

As part of the Legal Outside Counsel, Third Party Management and Operations team, the Legal Third-Party Management and Information Security Risk Lead is accountable for maintenance of the Legal Third Party Information Security and Controls Assessment program within Global Legal Solutions (GLS). This is a senior level, non-attorney role, responsible for providing legal support to the Citi Legal team. This role requires a pragmatic, proactive professional with thorough understanding of risk and compliance.

Job Responsibility:

Manage and oversee a set of complex initiatives that span multiple lines of business in the Cyber Security (CS), Information Security (IS) and Third-Party Risk Management (TPRM) space for Global Legal Solutions
Assess the risks and effectiveness of Third Party IS processes and controls based on enterprise requirements ensuring the IS risk is within tolerance
Evaluate the design and execution of the Legal IS Program, identifies potential enhancements and drives implementation of governance, methodologies and tools required for the effective oversight of Third-Party Management IS risk to continually strengthen the Program
Assist the day-to-day activities within the TPM Risk and Info Sec group
Monitor, track and control outcomes to resolve issues, conflicts, dependencies and critical path deliverables related to issues and gaps found in the TPISA process
Drive implementation of enterprise Third Party Management controls required to be assessed as part of the Managers Control Assessment, reviews results, and determines if remediation actions are appropriate
Document control design, testing methodology, and evidence for effectiveness reviews in compliance with Citi's Risk and Control Standards
Contribute to quarterly control certifications, issue management processes and audit engagements

Requirements:

Ability to assess residual risk in complex vendor environments and make sound defensible recommendations
Experience applying risk-based frameworks to prioritize issues and mitigation efforts
Strong interpersonal skills for engaging legal, compliance, technology, procurement and senior risk stakeholders
Proficiency in creating clear and concise reports dashboards and governance experience
Leading or supporting cross functional projects, ability to support risk transformation initiatives, and integrate evolving legal tech and regulatory guidance into assessment methodologies
Bachelor’s degree or equivalent

What we offer:

Generous holiday allowance starting at 27 days plus bank holidays
increasing with tenure
A discretional annual performance related bonus
Employee Assistance Program
Pension Plan
Paid Parental Leave
Special discounts for employees, family, and friends
Access to an array of learning and development resources
Private medical insurance packages to suit your personal circumstances

Additional Information:

Job Posted:
April 24, 2025

Employment Type:

Fulltime

Work Type:

Hybrid work

View All Jobs In This Company

Job Link Share:

Legal Third-Party Management and Information Security Risk Lead