Cyber Risk Director

Are you looking for a career move that will put you at the heart of a global financial institution?

By Joining Citi, you will become part of a global organisation whose mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress.

Team/Role Overview

The Technology and Cyber Compliance and Operational Risk Office (TCCORO) at Citi is the firm’s reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational and compliance risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses or regulatory breaches. TCCORO provides the specialist subject matter experts to challenge Enterprise, Infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscience of the bank. In line with the Operational Risk Management (ORM) and Independent Compliance Risk Management (ICRM) frameworks, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated, and aligned with our risk appetite.

The Head of Cyber Risk and Compliance – Security Operations reports to The Head of Cyber Risk and Compliance within TCCORO and will provide leadership for Cyber Risk and Compliance – Security Operations team.  This role is accountable for management of complex, critical professional disciplinary areas and will manage multiple teams through other managers. The role is responsible for establishing and executing the functional strategy within their organisation. They will leverage cyber subject matter expertise (particularly security operational processes), business experience, data analysis techniques, current events, and industry trends and best practices to inform the prioritisation of risks and the second-line’s approach for associated challenge and influence activities. This position actively works with our ORM and Compliance partners and other stakeholders to provide subject matter expertise in line with our operational and compliance risk management frameworks.

What you’ll do

A successful candidate will be a subject matter expert in cyber risk in global financial services, be able to demonstrate a comprehensive understanding of the subject matter and advise stakeholders on the application to related risks. They should have a strong track record in cyber risk management and/or a strong technical background with excellent analytical skills. The ideal candidate will be a strategic, proven leader, strong technically and with security operational experience. They will provide thought leadership, having strong industry engagement, and will be a strong relationship builder that can influence and challenge effectively. The successful candidate will have experience with building and maintaining global teams, providing guidance and mentorship.

  • Manages a staff of risk officers at various levels, with direct accountability for hiring and organisational structure. Has direct oversight for compensation, performance appraisals, staff development, training, etc. Provides input on performance and compensation recommendations for risk officers and utilities that provide risk related services on a matrix basis.
  • Accountable for internal projects on threat issues that support a variety of participants and stakeholders measuring the effectiveness and comprehensiveness of Citi’s first line defences.
  • Evaluates the design of controls and communicate the impact of control weaknesses to first line teams and control implementers.
  • Oversight of the establishment and implementation of compliance and cyber policies and procedures, technology and tools, and governance processes for the coverage domains.
  • Governance and oversight of cyber risk while supporting the development of policy and standards; oversight of Key Operational Risks; challenge risk self-assessments and scenario analysis; issue management oversight and escalations.
  • Provides leadership to the Second Line influence, advisory and challenge of operational security capability domains including security incident management, fusion centre and cyber threat intelligence.
  • Represents TCCORO in various steering committees, working groups and councils relevant to the functional area.
  • Actively engaged in the industry on the latest in cyber risk, and emerging operational risks.
  • Oversight of planning, and implementation of cyber programs including their governance, identification of risks and controls.
  • Implementation of guidance for overseeing cyber operational risks, aligned with The Office of the Comptroller of the Currency (OCC) Heightened Standards and other global regulations.
  • Able to present and lead discussions with key regulators, and internal and external auditors.
  • Advises on best practices leveraging expertise and industry insights.
  • Reviews and challenges coverage area appropriately consider significant operational risk in their Management Control Assessments (MCAs).
  • Evaluates the extent to which first line of defence is aligned with internal and external control standards, as well as regulatory and audit requirements.
  • Appropriately assesses risk when business decisions are made, demonstrating knowledge for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules, and regulations, adhering to Policy, and applying sound ethical judgment.

What we’ll need from you  

  • Relevant technical experience and experience managing a team of professionals.
  • Practical experience managing, assessing or auditing security operations processes and technologies including Security Operations Centre, Security Information and Event Management, Fusion Centre, Incident Response, etc.
  • In-depth knowledge of products within the coverage area, including a technical understanding of current and emerging trends as well as the ability to apply in-depth understanding of the business impacts of technical contributions.
  • Experience in cyber risk assessments, metrics, enterprise technology services, risks, and controls within globally complex, dispersed, and diverse organisations.
  • In-depth knowledge of cyber risks and controls across various information system architecture and engineering domains including: data protection, identity and access management, vulnerability management, network security, endpoint security, logging and monitoring, incident management, and third-party management; preferred expertise in security operations.
  • Subject matter expert in one or more industry standard risk management frameworks (including ISO27001, COBIT, TOGAF and CRI for example), and an in-depth understanding of cyber risk mitigation strategies.
  • Self-motivated and goal-oriented with the ability to seize the initiative, garner consensus and develop and implement an effective strategy. Demonstrates a high level of analytical rigor in formulating strategies, goals and measuring results.
  • Sense of urgency in implementing programs and evaluating priorities; decisive, action-oriented and practical.
  • Willingness to challenge and question the status quo, making recommendations for options and best solutions.
  • Demonstrated strategic thinking skills. Organisationally astute, with influencing, collaboration and communication skills. Personal presence, intellect, energy and drive to succeed in a high-performance environment.
  • Able to analyse and think through highly complex issues, but then appropriately execute and implement against a well thought through framework in a seamless manner. A global citizen who is comfortable in all geographies, regions and cultures.
  • Strong leadership, communication, and presentation skills including the ability to adapt his/her style to suit the different needs of any audience.
  • Bachelor’s/University degree, Master’s degree preferred
  • Relevant certifications (in CISM, CRISC, CISSP, etc.) a plus

What we can offer you

By joining Citi Solutions Centre Poland, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive base salary (which is annually reviewed) and enjoy a whole host of additional benefits such as:

  • Private Medical Care Programme
  • Life Insurance Programme
  • Pension Plan contribution (PPE Programme)
  • Employee Assistance Programme
  • Paid Parental Leave Programme (maternity and paternity leave) 
  • Sport Card
  • Holidays Allowance
  • Sport and team recreation activities
  • Special offers and discounts for employees
  • Access to an array of learning and development resources 
  • A discretional annual performance related bonus
  • A chance to make a difference with various affinity networks and charity initiatives

Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self every day.  We want the best talent around the world to be energised to join us, motivated to stay, and empowered to thrive. 

Sounds like Citi has everything you need? Then apply to discover the true extent of your capabilities. 



Job Family Group:

Risk Management


Job Family:

Operational Risk


Time Type:

Full time


Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting

Cyber Security Jobs by Category

Cyber Security Salaries