AVP – Technology Risk Sr Analyst (Hybrid)

The Technology and Cyber Compliance and Operational Risk Office (TCCORO) at Citi is the firm’s reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational and compliance risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses or regulatory breaches. TCCORO provides the specialist subject matter experts to challenge Enterprise, Infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscience of the bank. In line with the Operational Risk Management (ORM) and Independent Compliance Risk Management (ICRM) frameworks, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated, and aligned with our risk appetite.

The Technology Risk Sr. Analyst is part of the Technology Infrastructure and Cloud Services Technology Risk team within TCCORO which provides oversight of Citi’s Foundational Services organization, including primary coverage of Cloud Technology Services, Digital Workplace Client Services, and Enterprise Services.  The role will leverage technology subject matter expertise, business experience, data analysis techniques, current events, and industry trends and best practices to inform the prioritization of risks and the second-line’s approach for associated challenge and influence activities. This position actively works with our ORM and Compliance partners and other stakeholders to provide support to our oversight and challenge activities with the components of our operational and compliance risk management frameworks. A successful candidate should have foundational expertise of how technology and cybersecurity risks are effectively managed in a large financial institution.  They should have a strong track record in technology risk management and/or a strong technical background with excellent analytical skills. A successful candidate should also demonstrate a strong interest in the field and a passion for risk management.

Responsibilities:

• Supports the review of compliance and technology policies and procedures, technology and tools, and governance processes to provide credible challenge for minimizing losses from technology risks.
• Assesses technology risks and evaluates actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices.
• Supports independent assurance activities to assess areas of concern including substantive and controls testing.
• Supports the monitoring, evaluation, and challenge of Key Risks and associated Key Risk Indicators triggers and thresholds.
• Reviews potential risks associated with program/project delivery on a technical level.
• Participates in various second line of defense technology assessments including risk assessments, control assessments, maturity assessments etc.
• Assesses technology risks associated with new initiatives and programs being proposed for implementation.
• Supports the challenge of the design, adequacy and strength of the control environment associated to technology and cyber and recommends actions to ensure the operational risk profile is in line with the technology risk appetite.  
• Supports ad-hoc activities for the TCCORO organization, including but not limited to: researching and drafting materials for presentations of deep dives into selected topics, coordinating deliverables related to audits and examinations, and maintaining associated data for executive reporting.
• Helps to appropriately assess risk when business decisions are made, demonstrating knowledge for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules, and regulations, adhering to Policy, and applying sound ethical judgment.

 Qualifications:

• 5-8 years of experience
• Experience in assessing, reviewing or auditing IT governance, IT risk management, IT general controls and application controls, including cloud controls, covering relevant technology regulations.
• Experience in managing risk with respect to cloud technology services, including knowledge of industry standard cloud computing frameworks (i.e., Cloud Security Alliance’s CCM).
• Experience in technology risk assessments, metrics, enterprise technology services, risks, and controls within globally complex, dispersed and diverse organizations.
• Understanding of technology and cyber risks and controls across various information system architecture and engineering domains including: asset and inventory management, configuration management, technical architecture, availability and capacity management, incident management; preferred expertise in cloud architecture.    
• Knowledge and understanding of industry standard risk management frameworks (including COBIT, CRI, ISO27001, and TOGAF for example), and an in-depth understanding of technology and cyber risk mitigation strategies.
• Excellent written and verbal communication skills.
• Must be a self-starter, flexible, innovative, and adaptive.
• Strong interpersonal skills with the ability to work collaboratively and with people at all levels of the organization.
• Ability to work collaboratively with regional and global partners in other functional units; and to navigate a complex organization.
• Excellent project management and organizational skills and capability to handle multiple projects at one time.
• Proficient in MS Office applications (Excel, Word, PowerPoint).  

Education:

• Bachelor’s/University degree or equivalent experience
• Relevant certifications (in CISM, CRISC, CISSP, CISA, or PMP) a plus

------------------------------------------------------

Job Family Group:

Risk Management

------------------------------------------------------

Job Family:

Operational Risk

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Primary Location:

Irving Texas United States

------------------------------------------------------

Primary Location Full Time Salary Range:

$96,400.00 - $144,600.00

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Anticipated Posting Close Date:

May 28, 2025

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

 

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.