CrawlJobs Logo
Citi Logo Citi · Legal

Legal Third-Party Management and Information Security Risk Lead

United Kingdom, Belfast · Job Posted April 24, 2025

Job offer has expired

Job Link Share

Job Description

As part of the Legal Outside Counsel, Third Party Management and Operations team, the Legal Third-Party Management and Information Security Risk Lead is accountable for maintenance of the Legal Third Party Information Security and Controls Assessment program within Global Legal Solutions (GLS). This is a senior level, non-attorney role, responsible for providing legal support to the Citi Legal team. This role requires a pragmatic, proactive professional with thorough understanding of risk and compliance.

Job Responsibility

  • Manage and oversee a set of complex initiatives that span multiple lines of business in the Cyber Security (CS), Information Security (IS) and Third-Party Risk Management (TPRM) space for Global Legal Solutions
  • Assess the risks and effectiveness of Third Party IS processes and controls based on enterprise requirements ensuring the IS risk is within tolerance
  • Evaluate the design and execution of the Legal IS Program, identifies potential enhancements and drives implementation of governance, methodologies and tools required for the effective oversight of Third-Party Management IS risk to continually strengthen the Program
  • Assist the day-to-day activities within the TPM Risk and Info Sec group
  • Monitor, track and control outcomes to resolve issues, conflicts, dependencies and critical path deliverables related to issues and gaps found in the TPISA process
  • Drive implementation of enterprise Third Party Management controls required to be assessed as part of the Managers Control Assessment, reviews results, and determines if remediation actions are appropriate
  • Document control design, testing methodology, and evidence for effectiveness reviews in compliance with Citi's Risk and Control Standards
  • Contribute to quarterly control certifications, issue management processes and audit engagements

Requirements

  • Ability to assess residual risk in complex vendor environments and make sound defensible recommendations
  • Experience applying risk-based frameworks to prioritize issues and mitigation efforts
  • Strong interpersonal skills for engaging legal, compliance, technology, procurement and senior risk stakeholders
  • Proficiency in creating clear and concise reports dashboards and governance experience
  • Leading or supporting cross functional projects, ability to support risk transformation initiatives, and integrate evolving legal tech and regulatory guidance into assessment methodologies
  • Bachelor’s degree or equivalent

What we offer

  • Generous holiday allowance starting at 27 days plus bank holidays
  • increasing with tenure
  • A discretional annual performance related bonus
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources
  • Private medical insurance packages to suit your personal circumstances
Citi - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Legal Third-Party Management and Information Security Risk Lead

8 matching positions

Assistant Vice President – Third Party Risk Oversight specialist - TPRO - Consumer Credit Risk

The AVP – Third party risk oversight role is responsible for owning and enhancin...
Location
Location
India , Mumbai
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of experience in Risk management, third-party risk, vendor risk/management or credit risk with a large financial institution
  • US banking regulatory expectations
  • Prior experience operating with consumer credit risk or closely related risk domains
  • Extensive background in managing critical suppliers and regulated third-party relationships
  • Experience active as a risk/process oversight owner or leading risk platforms, frameworks, or governance models
  • Bachelor’s degree in related fields
  • Working knowledge of Vendor relationship management / Vendor risk management/ TPRO
  • Growth mindset with ability to balance risk, compliance and business enablement
  • Excellent stakeholder management and executive communication skills
  • Ability to challenge vendors and internal partners constructively
Job Responsibility
Job Responsibility
  • Product ownership and strategy: Own the end-to-end product vision for third-party risk oversight tools, processes, and controls within consumer credit risk
  • Own the TPRO vision, roadmap, and backlog, ensuring alignment with Citi risk policies and enterprise standards
  • Translate regulatory guidance, Citi policies, and risk requirements into User stories, controls, and functional requirements into scalable risk oversight solutions
  • Prioritize initiatives based on risk severity, regulatory commitments and business impact
  • Third-party Risk oversight: Oversee risk assessment lifecycle for third-party vendors, including: Inherent risk assessments, Due diligence (financial, operations, cyber, data privacy, model risk), Ongoing monitoring and periodic reviews
  • Ensure critical and high- risk vendors undergo enhanced oversight and governance
  • Maintain a risk-tiered vendor inventory aligned with consumer credit risk exposure
  • Supplier and contract management: Ensure supplier contracts meet regulatory, risk and control standard, including: SLAs, KPI, audit and access rights, data protection, information security, confidentiality, BCP/DR (business continuity planning/ Disaster recover), subcontractor and fourth-party controls
  • Track contract milestones, renewals, terminations and renegotiations
  • Proactively identify contracts nearing expirations and drive timely renewals or exit strategies
  • Fulltime
Read More
Arrow Right

Lead Information Security Engineer

My client is seeking an experienced Lead Information Security Engineer to suppor...
Location
Location
Ireland
Salary
Salary:
Not provided
nicollcurtin.com Logo
Nicoll Curtin
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong background in information security engineering within large environments
  • Hands-on experience with security governance, data protection, and risk management
  • Exposure to SaaS, cloud applications, and third-party risk
  • Confidence making and defending risk-based decisions
  • Experience with policy interpretation, enforcement, and escalation management
  • Strong analytical and documentation skills
Job Responsibility
Job Responsibility
  • Own key elements of the Shadow IT enforcement and governance process
  • Define and operate a blocking and escalation framework for unapproved applications
  • Assess risk based on data sensitivity, access, and exposure
  • Manage exceptions, unblock requests, and high-impact escalations
  • Document decisions clearly, including technical impact and policy alignment
  • Work closely with security, technology, legal, privacy, and business teams
  • Track and report Shadow IT metrics, trends, and outcomes
  • Contribute to the ongoing maturity of a scalable Shadow IT governance model
  • Fulltime
Read More
Arrow Right

Third-Party Cybersecurity Incident Analyst

This role is categorized as hybrid. This means the successful candidate is expec...
Location
Location
United States , Austin; Warren
Salary
Salary:
129400.00 - 212300.00 USD / Year
gm.com Logo
General Motors
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Information Systems, Computer Science, Information Security, or related field
  • At least 7 years in information security with prior incident management, security operations, and cyber event analysis experience
  • Expert in cyber incident detection, investigation, and response, especially third-party and supply chain risk
  • knowledge of application, network, and OS security controls
  • understanding of vulnerability management and risk mitigation
  • Proven ability to lead complex cyber event activities, communicate technical findings to executives, and mentor team members
  • Strong investigative mindset
  • able to translate technical analysis into strategic business recommendations
  • highly detail-oriented and organized
  • Trusted with confidential and sensitive information at the enterprise level
Job Responsibility
Job Responsibility
  • Lead the triage, analysis, and escalation of critical third-party cybersecurity incidents, ensuring alignment with GM’s strategy
  • Assess incident impacts and urgency, guide containment actions, and provide expert advice to technical and non-technical stakeholders
  • Oversee investigations, incident tracking, and resolution, ensuring thorough documentation and reporting
  • Collaborate cross-functionally with Cyber Defense, GMIT, Legal, Purchasing, and leadership for effective response operations
  • Engage external partners to determine root causes and shape third-party risk management
  • Provide strategic support during high-priority and after-hours third-party incidents
  • Prepare and deliver executive-level reports and metrics to support informed decision-making
  • Mentor and guide others, fostering skill development across the team
  • Drive continuous improvement of incident response processes, tools, and methods
  • Coordinate communications with stakeholders and executive leadership, maintaining transparency and alignment during incidents
What we offer
What we offer
  • medical
  • dental
  • vision
  • Health Savings Account
  • Flexible Spending Accounts
  • retirement savings plan
  • sickness and accident benefits
  • life insurance
  • paid vacation & holidays
  • tuition assistance programs
  • Fulltime
Read More
Arrow Right

Principal Auditor- Cyber, Risk and Analysis Technology Audit

Capital One’s Audit function is a dedicated group of professionals focused on de...
Location
Location
United States , McLean
Salary
Salary:
119400.00 - 163500.00 USD / Year
capitalone.com Logo
Capital One
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree or military experience
  • At least 4 years of experience in information technology (operations, software delivery, access management, microservices), information security (application security, network security, cyber security, data protection), information systems risk management, information systems auditing, or a combination
  • At least 1 year of experience in cloud computing and controls (design, operation, risk management, or auditing)
  • At least 2 years of experience in managing components of audit engagements, project management or a combination
  • At least 2 years of experience in analyzing data extracts to identify trends, patterns, and anomalies, including 1 year of experience in test scripting or coding (writing, reviewing, assessing)
Job Responsibility
Job Responsibility
  • Execute major components of audits, including critical technology functions, cloud-based infrastructure, cybersecurity, risk management, application, and third-party management, as well as the ability to assist in leading components of small to medium size audits
  • Perform risk assessments of business units and technology operations, design and execute audit procedures to verify the effectiveness of existing controls, identify and define issues, review and analyze evidence, and document client processes and procedures
  • Understand the broader context and implications (e.g., financial, legal, reputational, etc.) of the various types of risk affecting the business and critical technology functions
  • Establishes and maintains good client relations during engagements
  • Communicates or assists in communicating the results of some audit projects to management via written reports and oral presentations
  • Identify expectations of the client and take actions to support the client experience
  • Prepare clear, organized and complete documentation to support work performed
  • Self prioritize and effectively plan own work activities managing multiple priorities and tasks across the team to deliver quality results
  • Coordinate with others and proactively take on additional work
  • Deliver appropriate, succinct and organized information, tailoring communication style to audience
What we offer
What we offer
  • performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI)
  • comprehensive, competitive, and inclusive set of health, financial and other benefits
  • Fulltime
Read More
Arrow Right

VP, Information Security

Carex is partnering with a Financial Services industry partner to identify a VP,...
Location
Location
United States , Madison
Salary
Salary:
Not provided
carexconsulting.com Logo
Carex Consulting Group
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience developing and executing enterprise-wide information security strategies for mid to large organizations
  • Proven senior leadership experience with accountability for security governance, risk management, and operational execution
  • Deep knowledge of financial services regulations, privacy laws, and security frameworks such as NIST CSF, ISO 27001, CIS Controls, or comparable standards
  • Demonstrated expertise in threat management, vulnerability management, security operations, and modern ransomware defense strategies
  • Strong hands-on experience with cloud security architecture across IaaS, PaaS, and SaaS platforms, including identity and access management and zero-trust concepts
  • Experience leading enterprise incident response efforts in collaboration with executive leadership, Legal, Compliance, and Privacy teams
  • Background designing and overseeing third-party risk management programs and vendor security assessments
  • Bachelor’s degree required
  • Professional security certification such as CISSP strongly preferred
Job Responsibility
Job Responsibility
  • Lead the development and execution of a multi-year information security strategy aligned with business priorities and regulatory requirements
  • Build, mentor, and lead a high-performing information security team while fostering enterprise-wide security accountability
  • Establish and mature security governance, risk management, and control frameworks aligned with recognized industry standards
  • Provide executive-level reporting on security posture, risk exposure, and remediation progress
  • Partner closely with Legal, Compliance, and Privacy leadership to align security controls with regulatory obligations and financial services requirements
  • Support regulatory examinations, audits, and legal reviews related to cybersecurity and data protection
  • Oversee enterprise security operations, including threat detection, vulnerability management, endpoint protection, and incident response
  • Lead breach response coordination and tabletop exercises involving executive and cross-functional stakeholders
  • Establish and maintain secure cloud architectures across IaaS, PaaS, and SaaS environments
  • Strengthen identity and access management across hybrid and cloud environments using modern security principles
  • Fulltime
Read More
Arrow Right

Counsel, Special Investigations, Legal and Compliance

Counsel - Special Investigations, Legal and Compliance will lead and support sen...
Location
Location
United States , Detroit
Salary
Salary:
Not provided
gm.com Logo
General Motors
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Juris Doctor from an accredited law school
  • Active license to practice law in the United States
  • 5+ years of relevant legal experience in a major law firm, in-house legal department, government role, or a combination thereof
  • Meaningful experience in one or more of the following areas: internal investigations, compliance, white collar matters, employment law, government investigations, or prosecutorial work
  • Demonstrated experience handling sensitive investigations involving potential misconduct, fraud, or compliance concerns
  • Working knowledge of U.S. anti-bribery and anti-corruption laws, including the Foreign Corrupt Practices Act, as well as export compliance requirements
  • Strong analytical, interviewing, writing, and oral communication skills
  • Ability to assess issues objectively, manage ambiguity, and reach sound, well-supported conclusions
  • Ability to work independently, manage multiple priorities, and drive matters through to completion
  • Strong judgment, professionalism, and discretion in handling confidential matters
Job Responsibility
Job Responsibility
  • Develop investigative strategies and workplans for allegations of misconduct, fraud, policy violations, and other high-risk matters
  • Conduct prompt, thorough, and objective investigations in accordance with professional and legal standards
  • Identify, gather, and assess relevant sources of information, including documents, data, financial records, and witness testimony
  • Conduct effective informational and interrogatory interviews
  • Evaluate facts, identify key issues, and determine investigative findings based on evidence and sound legal judgment
  • Prepare clear, concise, and defensible written investigative materials and present findings to appropriate stakeholders in a timely manner
  • Recommend corrective actions, process improvements, and internal control enhancements based on investigative outcomes
  • Maintain strict confidentiality and handle sensitive information with discretion
  • Continually assess and improve investigative processes to drive efficiency, consistency, and quality
  • Provide practical legal and compliance counsel on issues involving anti-bribery and anti-corruption, conflicts of interest, export compliance, third-party risk, and related compliance matters
  • Fulltime
Read More
Arrow Right

Vice President - Technology (AI Security & Risk Manager)

The Technology department at our client is responsible for creating and continuo...
Location
Location
United States , New York
Salary
Salary:
150000.00 - 175000.00 USD / Year
rennerbrown.com Logo
Renner Brown
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Computer Science, Information Security, Data Science, or a related field
  • advanced degree a plus
  • At least 7–10 years of experience in information security, technology risk, or a related field, with a minimum of 3 years focused on AI systems, machine learning security, or AI governance
  • Deep understanding of the AI and LLM landscape, including foundation model architecture, agentic systems, RAG pipelines, and the risk implications of each
  • Hands-on experience evaluating AI platforms and products, including the ability to assess vendor claims about model behavior, data handling, and security controls with appropriate skepticism
  • Familiarity with AI risk frameworks and emerging standards, including NIST AI RMF, MITRE ATLAS, OWASP LLM Top 10, and ISO/IEC 42001
  • Experience with vendor risk management in a regulated financial services environment, including contract negotiation support and third-party security assessments
  • Knowledge of relevant regulatory frameworks including DORA, SOX, SEC cybersecurity disclosure rules, and GDPR/CCPA as they apply to AI data flows
  • Strong technical skills sufficient to evaluate AI system architecture, API security, data pipeline design, and access control models without reliance solely on vendor documentation
  • Excellent communication skills, with the ability to translate highly technical AI risk concepts into clear, decision-ready language for senior leadership, Legal, and Compliance
Job Responsibility
Job Responsibility
  • Own and maintain the firm's AI risk framework, covering model risk, data privacy, adversarial threats, third-party AI, and regulatory compliance
  • Develop and enforce AI usage policies in collaboration with Legal and Compliance, including acceptable use, data classification requirements, and prompt handling standards
  • Maintain an inventory of AI tools deployed firm-wide — both sanctioned and shadow — and assess associated risk profiles
  • Provide regular AI risk reporting to the Head of Technology Risk and senior leadership, including emerging threat trends, vendor posture changes, and control gaps
  • Monitor the evolving regulatory environment for AI (EU AI Act, SEC guidance, DORA, NY DFS) and advise on compliance obligations and required controls
  • Lead security and risk assessments of vendors introducing AI capabilities into existing or new platforms, including evaluating model transparency, data handling practices, and auditability
  • Develop and maintain a structured AI vendor evaluation framework, incorporating criteria for model governance, output reliability, data residency, and incident response obligations
  • Partner with Procurement and Legal to ensure AI-specific provisions are reflected in vendor contracts, including data usage restrictions, model change notifications, and liability terms
  • Maintain a tiered risk register of third-party AI integrations, with ongoing monitoring for material changes to vendor AI functionality, architecture, or ownership
  • Engage directly with vendor security and product teams to assess AI-related controls and drive remediation of identified gaps
  • Fulltime
Read More
Arrow Right

Information Security Manager

As Information Security Manager, you will lead the strategy and delivery of init...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
jobs.360resourcing.co.uk Logo
360 Resourcing Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years’ experience in senior cybersecurity or information security roles
  • Leadership experience within a complex, multinational business
  • Experience managing global teams across multiple regions
  • Strong knowledge of ISO 27001, NIST, CIS Controls or similar frameworks
  • Proven experience in security operations, risk management and compliance
  • Experience handling security incidents and crisis management
  • Strong commercial awareness and budget management experience
  • Excellent communication and stakeholder management skills, including senior leadership exposure
  • Strong understanding of IT infrastructure, cloud technologies and enterprise systems
  • Experience managing third-party vendors and technology partners
Job Responsibility
Job Responsibility
  • Lead and deliver the information security strategy aligned to business goals
  • Develop and maintain security frameworks, policies and standards
  • Oversee risk management, threat assessment and vulnerability programmes
  • Ensure compliance with ISO 27001, ISO 42001, GDPR and other relevant frameworks
  • Manage security operations including incident response, monitoring and investigations
  • Partner with IT, engineering, legal and business teams to embed security best practice
  • Lead internal/external audits, assessments and remediation plans
  • Manage third-party and vendor security risk programmes
  • Build, mentor and lead a high-performing security team
  • Provide executive reporting on security risks, metrics and improvement plans
What we offer
What we offer
  • health
  • finances
  • fitness
  • travel
  • tech
  • Fulltime
Read More
Arrow Right