Senior Vice President - Cyber Risk and Service Delivery

About Citi:
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.
 

About Our Team:

The Chief Information Security Office (CISO) is home to deeply talented colleagues that work to ensure the safety of Citi's clients', our revenue, our employees and our proprietary data. We manage information security as one end-to end program – one with a clear mandate and accountability. Our mission is a program that is fully anchored to modern control and architectural frameworks, is fully aligned with the enterprise architecture of the firm and is deeply integrated into the sectors and functions.

Senior Vice President - Cyber Risk and Service Delivery will have combined responsibilities for managing cyber risk, service delivery, and strategic portfolio management for the Citi Wealth and Legacy Franchise organization within the Business, Functions & Technology (BFT) Information Security Office (ISO). This role will drive cybersecurity compliance, oversee risk management strategies, and deliver high-quality service outcomes as an execution lead supporting the Wealth and Legacy Franchise business Head of Cyber. While serving as a trusted partner to business and technology teams, you will be partnering with stakeholders across the organization to influence and implement strategic initiatives.

The ideal candidate should bring deep expertise in cybersecurity, strong leadership and communication skills, and a strategic mindset to balance risk management with organizational goals. He or she will act as a key point of contact for cyber-related matters, providing oversight for initiatives, governance, and compliance efforts, while delivering proactive and positive service to our stakeholders in business and technology organization.

Responsibilities:

Cyber Risk Management

• Partner with stakeholders in CISO, business, technology, and all three lines of defense to drive security compliance and awareness.

• Understand the spirit as well as the language in security policies, standards, and procedures. Use that information to guide action in line with CISO requirements.

• Summarize, analyze, and present risk-based monthly reporting to senior leadership teams, business forums, key stakeholders and CISO, including running reports, performing analysis, articulating the context of the risk and actions required.

• Serve as a subject matter expert and trusted security partner on cyber risks, regulatory reporting, and audit requirements, supporting requests and providing guidance to application managers, customer-facing business partners, and executive leadership.

• Perform detailed review of non-standard information security terms in third-party agreements to articulate the non-standard terms, the impact, level of risk being accepted, and guide the organization in making an informed risk-based decision. Identify if systemic challenges exist with specific third parties.

• Perform analysis on third-party and application security noncompliance, vulnerabilities, and key metrics to provide actionable recommendations to stakeholders.

• Conduct independent review of high-risk items (new software, risk acceptances), ensuring actionable risk-based insights and solutions.

• Understanding of key security programs (e.g., vulnerability management, identity and access management, data loss protection, etc.) and ability to leverage data to articulate both inherent and residual risk to drive risk-based guidance and remediation.  

• Act as a subject matter expert for risk scoring determination and guide the organization on why something is scored a certain way (high, medium, low).

• Oversee determination if compensating/mitigating controls are sufficient to reduce risk score and can articulate the impact.

• Lead annual risk workshops involving stakeholders from CISO and related groups, aligned with industry best practices. Identify risk scenarios using the MIRE ATT&CK Framework, calculate scoring, and present to executive leadership to drive risk-based action.

Service Delivery Management

• Serve as advisor and trusted partner to the Head of Cyber for Wealth and Legacy Franchise.

• Represent the Head of Cyber in internal and external meetings, ensuring consistent communication and alignment. Support Head of Cyber in meetings by taking notes and assuming responsibility for completion of action items.

• Manage the cyber portfolio for the Wealth and Legacy Franchise businesses, establishing and maintaining monthly portfolio reviews and tracking.

• Provide support to the Head of Cyber in the development of performance goals, metrics, and reports for CISO leadership teams.

• Coordinate annual investment planning requests (budget).

• Strong presentation skills and materials – creating and telling “the story”.

Strategic Planning and Execution

• Provide oversight for the timely completion of projects and initiatives under the Head of Cyber’s responsibility.

• Identify opportunities to improve service performance and streamline operations.

• Support transformation efforts, including organization design, service delivery enhancements and compliance initiatives.

• Provides input to Head of Cyber to improve service performance and processes to streamline operations.

• New project or pilot coordination as needed and liaison to project management functions.

Stakeholder Engagement and Communication

• Build and maintain strong relationships with business, technology, three lines of defense, and CISO teams across the organization.

• Serve as the liaison between Head of Cyber and other executives, clients, and stakeholders to ensure consistent communication and ensuring involvement or decision-making at the proper time.

• Articulate risks and their impact to stakeholders in a clear, actionable manner.

• Develop executive-level reporting on key topics.

• Provide regular updates on cyber risk status through meetings, presentations, and reports.

Qualifications:

• 10+ years of experience, including 5+ years in a senior security role with project management.

• Strong understanding of IT security frameworks (e.g. NIST SP-800, PCI, ISO 27001, CIRI Profile).

• Proficient in Microsoft Office (Excel: pivot tables, VLOOKUPs, macros; PowerPoint: design, animations, data visualization).

• Strong ability to influence change and build productive relationships.”

• Experienced in interpreting and applying security policies, standards, and procedures.”

• Preferred Certifications: CRISC, CISM, CISA, or CISSP.

Critical Competencies:

• Exceptional communication and leadership skills.

• Strong executive presence with the ability to influence action.

• Operates effectively at both strategic and tactical levels, balancing vision with execution. ​

• Exhibits exceptional capability in managing multiple concurrent initiatives, adeptly determining prioritization, and efficiently guides teammates on achieving objectives.

• Possesses advanced project management skills, organizing and prioritizing activities effectively and reporting progress and outcomes comprehensively to executive leadership.

• Knowledgeable in current and emerging cybersecurity risks and trends.

• Strategic thinker who can perform risk analysis and problem-solve, providing guidance on the identification, assessment, and mitigation of potential risks.

• Self-starter who takes ownership, identifies gaps, and collaborates effectively under tight deadlines.

• Thrives in a global, diverse, and hybrid work environment, leveraging cultural and geographical diversity to drive innovation and collaboration.

Education:

Bachelor’s degree in a related security field (Master’s preferred).

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Primary Location:

New Castle Delaware United States

------------------------------------------------------

Primary Location Full Time Salary Range:

$156,160.00 - $234,240.00

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Anticipated Posting Close Date:

Mar 31, 2025

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting