Tech & Cyber Risk: Director - Cyber Risk Sr Group Manager (Hybrid)

Job Description

The Operational Risk Management (ORM) Group at Citi is the firms reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses. The Technology and Cyber Compliance and Operational Risk Office (TCCORO) team provides the specialist subject matter experts to challenge Enterprise, Infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscience of the bank. In line with the ORM framework, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated, and aligned with our risk appetite.


Reporting into the Global Head of Cyber Risk within TCCORO, the Head of Cyber Risk Assessments and Monitoring will be providing leadership with oversight for Cyber Risk monitoring processes across the firm.

Ideal candidate will be strategic, proven leader, strong technically, provide thought leadership, having strong industry engagement, and strong relationship builder that can influence and challenge effectively; will have experience with building and maintain teams, providing guidance and mentorship.

The following highlight the coverage area responsibilities for this Director position:

  • Provide leadership to the Second Line influence, advisory and challenge of key security capability domains including technical security controls, operational security processes and security governance.
  • Oversight of the establishment and implementation of security standards, procedures, and frameworks for the coverage domains.
  • Governance and Oversight of business and cyber risk while supporting the development of policy and standards; oversight of Key Operational Risks; challenge risk self-assessments and scenario analysis; issue management oversight and escalations.
  • Represent TCCORO/Second line of defense in various forums including Risk Forums, Safety & Soundness, Risk committees etc.
  • Oversight over multiple cyber programs including but not limited to data security, infrastructure security, application security and cloud security.
  • Actively engaged in the industry on latest in CyberRisk, and Emerging Operational Risks.
  • Oversight of planning, and implementation of technology programs including their governance, identification of risks and controls
  • Influence, and challenge as the organization implements the Transformation program for Cyber Risk.
  • Implementation of guidance for overseeing Cyber Operational Risks, aligned with OCC Heightened Standards.
  • Able to present and lead discussions with key Regulators, internal and external auditors, as well the Risk and Audit sub-committees.
  • Advise on best practices leveraging expertise and industry insights
  • Evaluate the design of controls and help first line cyber teams and control implementers understand the impact of control weaknesses to their service delivery capability.
  • Review and challenge coverage area appropriately consider significant operational risk in their Management Control Assessments (MCAs).
  • Evaluate the extent to which first line is aligned with internal and external control standards, as well as regulatory and audit requirements, including the CRI Profile, NIST and ISO27001
  • Review of the performance of universal key indicators and other metrics in support of the Cyber Risk Appetite Statements.


The Head Cyber Risk Assessments and Monitoring will be an acknowledged thought leader in cyber risk management with over 15 years of technology experience in complex security management, cyber risk, and controls with globally complex, dispersed, and diverse organizations.  The ideal Director will be an experienced people manager and influential leader with in-depth, detailed knowledge of cyber risks and controls and Information Security practices in the financial industry especially as it relates to overseeing the work of first line security teams. This individual should have the following experience and skills:

  • Knowledge of security domains and best practices
  • Experience with the defence in depth security of technology and operational components including networks, data, applications, and identity and access management.
  • Knowledge of Information Security and Cyber security controls, technologies, operations, and operational response processes.
  • Experience with reviewing and evaluating cyber control and capability design and solutions to include reviewing the people, process, and technology components.
  • Working familiarity with automated monitoring tools and incident tracking tools to effectively communicate and manage incidents, defects, and data quality issues.
  • Strong analytical and problem-solving skills
  • Experience presenting to Executive Committees and other senior forums
  • Strong leadership, communication, and presentation skills


  • Bachelor’s/University degree, Master’s degree preferred and managerial experience


Job Family Group:

Risk Management


Job Family:

Operational Risk


Time Type:

Full time


Primary Location:

New York New York United States


Primary Location Salary Range:

$170,000.00 - $300,000.00


Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting

Cyber Security Jobs by Category

Cyber Security Salaries