Cyber Risk Architecture & Engineering Director
Job Purpose
The Operational Risk Cyber Team serves as an authoritative body, providing independent oversight and challenge of the firm’s Information Security program to ensure that cyber threats faced by the firm have been properly identified, assessed, and mitigated by the first line information security program.
The Cyber Risk Architecture and Engineering Director is a highly experienced subject matter expert in their field and is expected to plan, coordinate, and lead a team of experienced cyber risk professionals to perform risk reviews in alignment with a defined second line risk assurance framework, and assess the effectiveness of first line Cyber and Information Security control activities. They will have the ability to understand complex business, IT and Information Security processes and systems, and be able to assess the implications of current and emerging cyber threats as well as recommend corrective action where needed.
The role requires a highly experienced, credible, professional authority on Information Security and Cyber Risk.
Role Responsibilities:
• Lead the development and execution strategy of the Cyber risk team.
• Develop and execute a prioritized book of work, setting goals and objectives for the team, and driving delivery though effective leadership.
• Build and maintain effective, collaborative relationships across a broad range of stakeholders across all three lines of defense.
• Act as a trusted advisor and thought leader across the wider business.
• Planning, coordinating and conducting in depth, independent assessments of first line cyber risk management processes including assessments of cyber governance and technical cyber security operations practices.
• Planning, coordinating and conducting in depth, end-to-end independent cyber risk assurance reviews of business-critical services, applications and processes.
• Supervising and leading engagements with both internal audit and international regulators.
• Drive the development and enhancement of the cyber risk appetite and the key risk indicators used to assess cyber risk appetite.
• Represent independent risk management on a range of executive risk committees and information security governance forums to provide expert input and independent challenge.
• Authoring white papers on best practices across thematic cyber risk topics.
• Analyzing existing cyber risk mitigation strategies / controls and developing assessments of their effectiveness.
• Provide oversight responsibility for the quality and delivery schedule of remediation plans addressing the findings from independent assessments and/or credible challenges.
• Performing an analysis of both quantitative and qualitative data to identify key cyber risk themes.
• Writing detailed reports containing findings, observations, and recommendations.
• Providing strategic input into the Operational Risk management framework and methodology to strengthen our oversight of cyber risk.
Experience / Competencies:
• Extensive experience in Cyber Security or Information Security related function such as Vulnerability Assessment, Identity & Access Management, Authentication and Authorization systems, Data Protection, Application Security and Secure SDLC methodologies as well as Cloud Security.
• Bachelor's degree in Computer Science, Mathematics, Science, Technology, Engineering or other professional field of study.
• Industry recognized Information Security certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) certifications, or other related certifications.
• Demonstrates considerable technical knowledge of Vulnerability Assessment, Cyber Security, Data Protection, IT Risk and Compliance.
• Solid understanding of enterprise cyber security and enterprise architecture with experience of designing, operating or managing complex IT environment, security solutions or controls within a complex global network.
• Considerable knowledge and understanding of common cyber security technology tools such as firewalls, IDPS, Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption, and authentication.
• Strong experience in cyber security governance frameworks and information security governance best practice.
• Knowledge of industry standards/regulations such as ISO, NIST, PCI-DSS, PSD2, GDPR, NIS.
• Experience of managing cyber, IT or Information Security controls as part of the first line of defense.
• Experience of overseeing or conducting independent risk assessments, business process or IT control auditing.
• Experience of working in a large multinational financial institution.
• A broad understanding of global financial business activities such as Markets and Trading, Investment Banking and Consumer Banking.
• Proven experience of interfacing with senior, C-level stakeholders.
• Proven experience of leading the planning and execution of projects in cyber security, risk management, compliance, IT audit or IT risk management.
• Execution and delivery focused, creating high quality reporting and analysis using appropriate business and technical language for the audience.
• Excellent communication and organization skills.
• Aptitude and capability for conducting quantitative and qualitative analyses of large, complex IT systems and Business Processes.
-------------------------------------------------
Job Family Group:
Risk Management-------------------------------------------------
Job Family:
Operational Risk------------------------------------------------------
Time Type:
Full time------------------------------------------------------
Primary Location:
New York New York United States------------------------------------------------------
Primary Location Salary Range:
$170,000.00 - $300,000.00------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the "EEO is the Law" poster. View the EEO is the Law Supplement.
View the EEO Policy Statement.
View the Pay Transparency Posting
-----------------------------
Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.