Business Risk Officer – Cybersecurity

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do. We keep the bank safe and provide the technical tools our workers need to be successful. We design our digital architecture and ensure our platforms provide a first-class customer experience. Our operations teams manage risk, resources, and program management. We focus on enterprise resiliency and business continuity. We develop, coordinate, and execute strategic operational plans. Essentially, Enterprise Operations & Technology re-engineers client and partner processes to deliver excellence through secure, reliable, and controlled services.

The Chief Information Security Office (CISO) is made up of deeply dedicated and talented colleagues who work together to ensure the safety of Citi’s and our clients’ assets and information. We manage information security as an end-to-end program – one with a clear mandate and accountability. Our mission is to continually execute and enhance a global security program that is fully anchored to modern control and security frameworks, fully aligned with the technology of the firm, threat-focused and data-driven, and deeply integrated across all Citi businesses globally.

Being talent-driven, we are focused on attracting, developing, and retaining diverse and inclusive talent with a high technical skill level. As a member of our team we will provide you with career development opportunities at all stages of your career. Our employees model a passion for protecting Citi and our clients and believe in treating others with dignity and respect.

CISO Governance, Risk & Control, and Policy is responsible for providing governance, oversight, risk management, and strategic planning for CISO; as well as Third Party Information Security Assessments (TPISA). The team is also responsible for CISO Program and Performance Management including oversight of CISO’s book of work, maintaining a CISO strategy aligned with industry and regulatory requirements, and CISO’s performance management processes to ensure key IS metrics are in place to determine compliance with Citi’s standards. In addition, the team is responsible for the governance and oversight of Risk Management programs across CISO.

CISO MCA, Regulatory Management, Controls, and Quality Assurance is responsible for Cyber MCA Governance and CISO MCA Transformation, Cyber CoB, TPM Governance, and Records Management, Cyber Quality Assurance services for Third Party Information Security Assessments, Information Security Risk Assessments, Vulnerability and Threat Management programs. Additionally, the team supports Cyber Regulation Management which involves managing new and updated regulations through conducting thorough impact assessments and ensuring closure of action plans.

Our commitment to diversity includes a workforce that represents the clients we serve globally from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

This role will report to the Cybersecurity MCA Governance Manager, responsible for programs and activities related to Citi’s Transformation for the Manager’s Control Assessment (MCA) and implementation of the future state MCA for CISO organization. This role will be dedicated on transformation efforts and high-quality implementation as well as support execution of current MCA business-as-usual (BAU) activities and implement a sustainable program that can cater to CISO/Cyber’s needs.

The role will be also responsible for developing and executing strategies to innovate and support the expansion of the Cybersecurity Risk Appetite Metrics QA program including approach design, development, implementation, reporting, and analysis of the data.  

What you will do:

• Manage the planning, coordination, and execution of MCA Transformation program for CISO.
• Lead efforts on creating global process profiles for CISO processes.
• Gain deep knowledge of MCA Standard, Process and tools to support future state MCA.
• Support CISO Process and Control owners in their responsibilities related to MCA execution.
• Identify and document key controls necessary for mitigation of cybersecurity risk.
• Be a hands-on Subject Matter Expert (SME) with the ability to drive problem solving and root cause analyses, simplify complex messages and summarize key points.
• Lead efforts on expanding the Cybersecurity Risk Appetite Metrics QA program including approach design, development, implementation, reporting, and analysis of the data.  
• Foster constructive dialogue and facilitate open discussion, sharing of knowledge and experience with customers and stakeholders.
• Actively manage relationships with CISO business partners and risk management teams to achieve sustained success.
• Educate and train people at all levels on how to apply basic tools and methodologies to achieve improvement objectives.
• Establish relationships that balance short-term gains with long-term considerations.

Your profile:

• Have at least 8+ years of relevant experience.
• Experience in Manager’s Control Assessment, Operational Risk, Information Security, Cybersecurity, Risk Management, Governance, Risk and Control (GRC).
• Risk Management, and/or Project Management certifications are a plus (e.g. CRISC, CISA, CISM, CISSP, PMP).
• Bring creative approaches to help us drive value for clients.
• Ability to influence decisions with senior leadership and business partners when confronted with differing opinions on information security risks.
• Demonstrate clear and concise written and verbal communication.
• Proven analytical skills.
• Proficiency with Microsoft Office, advanced Excel skills (e.g. macros, pivots, complex formulas).
• Knowledge of data visualization/analytics business applications such as Tableau, QlikView, and Microsoft Power BI.
• Familiarity with Machine Learning and Artificial Intelligence (AI) is a plus.
• Fluent English knowledge.

What we can offer you:

By joining Citi Hungary, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive compensation package and enjoy a whole host of additional benefits that support you (and your family) to be well, live well and save well:

• Cafeteria Program

• Home Office Allowance (for colleagues working in hybrid work models)

• Paid Parental Leave Program (maternity and paternity leave)

• Private Medical Care Program and onsite medical rooms at our offices

• Pension Plan Contribution to voluntary pension fund

• Group Life Insurance

• Employee Assistance Program

• Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed

• Flexible work arrangements to support you in managing work - life balance

• Career progression opportunities across geographies and business lines

• Socially active employee communities with diverse networking opportunities

Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self every day.  We want the best talent around the world to be energized to join us, motivated to stay, and empowered to thrive. 

Sounds like Citi has everything you need? Then apply to discover the true extent of your capabilities. 

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting