AVP, Technology/Cyber Risk Sr Analyst (Hybrid)

Whether you’re at the start of your career or looking to discover your next adventure, your story begins here.  At Citi, you’ll have the opportunity to expand your skills and make a difference at one of the world’s most global banks.  We’re fully committed to supporting your growth and development from the start with extensive on-the-job training and exposure to senior leaders, as well as more traditional learning.  You’ll also have the chance to give back and make a positive impact where we live and work through volunteerism.

Shape your Career with Citi

Citi’s Risk Management organization oversees Citi’s risk governance framework and risk appetite, ensures all risks generated by the firm’s businesses are measured, reviewed, and monitored on an ongoing basis.

We’re currently looking for a high caliber professional to join our team as Assistant Vice President, Technology/Cyber Risk Sr Analyst  - Hybrid (Internal Job Title: Cyber Risk Sr Analyst  - C12) based in Taguig, Philippines.  Being part of our team means that we’ll provide you with the resources to meet your unique needs, empower you to make healthy decision and manage your financial well-being to help plan for your future.  For instance:

• Citi provides programs and services for your physical and mental well-being including access to telehealth options, health advocates, confidential counseling and more. Coverage varies by country.

• We believe all parents deserve time to adjust to parenthood and bond with the newest members of their families. That’s why in early 2020 we began rolling out our expanded Paid Parental Leave Policy to include Citi employees around the world.

• We empower our employees to manage their financial well-being and help them plan for the future.

• Citi provides access to an array of learning and development resources to help broaden and deepen your skills and knowledge as your career progresses.

• We have a variety of programs that help employees balance their work and life, including generous paid time off packages.

• We offer our employees resources and tools to volunteer in the communities in which they live and work. In 2019, Citi employee volunteers contributed more than 1 million volunteer hours around the world.

In this role, you’re expected to:

The Technology and Cyber Compliance and Operational Risk Office (TCCORO) at Citi is the firm’s reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational and compliance risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses or regulatory breaches. TCCORO provides the specialist subject matter experts to challenge Enterprise, Infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscience of the bank. In line with the Operational Risk Management (ORM) and Independent Compliance Risk Management (ICRM) frameworks, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated, and aligned with our risk appetite.

The Tech/Cyber Compliance Risk Mgmt Sr Analyst is part of the Global Function (GF) Compliance Testing Team within TCCORO which is responsible for performing reviews and issue validations covering Tier 1/2 regulations. The role will leverage technology and cyber subject matter expertise, business experience, data analysis techniques, current events, and industry trends and best practices to inform the prioritization of risks and the second-line’s approach for associated challenge and influence activities. This position actively works with our ORM and Compliance partners and other stakeholders to provide support to our oversight and challenge activities with the components of our operational and compliance risk management frameworks. A successful candidate should have foundational expertise of how technology and cybersecurity risks are effectively managed in a large financial institution.  They should have a strong track record in technology and cyber risk management and/or a strong technical background with excellent analytical skills. A successful candidate should also demonstrate a strong interest in the field and a passion for risk management.

In this role, you are expected to:

·       Supports the review of compliance and technology and cyber policies and procedures, technology and tools, and governance processes to provide credible challenge for minimizing losses from technology and cyber risks.

·       Assesses technology and cyber risks and evaluates actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices.

·       Supports independent assurance activities to assess areas of concern including substantive and controls testing.

·       Supports the monitoring, evaluation, and challenge of Key Risks and associated Key Risk Indicators triggers and thresholds.

·       Reviews potential risks associated with program/project delivery on a technical level.

·       Participates in various second line of defense technology and cyber assessments including risk assessments, control assessments, maturity assessments etc.

·       Assesses technology and/or cyber risks associated with new initiatives and programs being proposed for implementation.

·       Supports the challenge of the design, adequacy and strength of the control environment associated to technology and cyber and recommends actions to ensure the operational risk profile is in line with the technology and cyber risk appetite.  

·       Supports ad-hoc activities for the TCCORO organization, including but not limited to: researching and drafting materials for presentations of deep dives into selected topics, coordinating deliverables related to audits and examinations, and maintaining associated data for executive reporting.

·       Helps to appropriately assess risk when business decisions are made, demonstrating knowledge for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules, and regulations, adhering to Policy, and applying sound ethical judgment.

As a successful candidate, you’d ideally have the following skills and exposure:

• 5-8 years of experience

• Experience in assessing, reviewing or auditing IT governance, IT risk management, IT general controls and application controls, including end user computing (EUC), covering relevant technology or cyber regulations

• Experience in technology and cyber risk assessments, metrics, enterprise technology services, risks, and controls within globally complex, dispersed and diverse organizations.

• Understanding of technology and cyber risks and controls across various information system architecture and engineering domains including: data protection, identity and access management, vulnerability management, network security, endpoint security, logging and monitoring, incident management, and third-party management; preferred expertise in EUC.

• Knowledge and understanding of industry standard risk management frameworks (including ISO27001, COBIT, TOGAF and CRI for example), and an in-depth understanding of technology and cyber risk mitigation strategies.

• Excellent written and verbal communication skills.

• Must be a self-starter, flexible, innovative, and adaptive.

• Strong interpersonal skills with the ability to work collaboratively and with people at all levels of the organization.

• Ability to work collaboratively with regional and global partners in other functional units; and to navigate a complex organization.

• Excellent project management and organizational skills and capability to handle multiple projects at one time.

• Proficient in MS Office applications (Excel, Word, PowerPoint).  

• Bachelor’s/University degree or equivalent experience

• Relevant certifications (in CISM, CRISC, CISSP, CISA, or PMP) a plus

Working at Citi is far more than just a job. A career with us means joining a family of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Take the next step in your career, apply for this role at Citi today

https://jobs.citi.com/dei

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting