Cyber Risk Head for Services

Overview of the Role

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

The Services Cyber Risk Manager manages a team of Cyber Risk analysts supporting the identification, assessment, and remediation of cyber risks for Services globally. The Cyber Risk Manager for Services will have a lateral and vertical view of risk, end-to-end process mapping and cross-function visibility of product, operations and technology. This role requires someone with extensive knowledge of risk methodologies and the application of risk mitigation techniques.  The incumbent will be required to influence without formal authority, explain detailed and complex scenarios to technical and non-technical stakeholders and ‘own’ outcomes to drive them to a successful conclusion. The incumbent will also have extensive knowledge and experience across the cyber disciplines including controls, incident management, emerging risk, technical architecture, and process orientation.

The Cyber risk manager will lead the Services Cyber risk team in identification, assessment and remediation of risk gaps. The incumbent will have experience in applying current risk methodologies to fluid situations and experience in balance risk decisions against the control's vs ease of use dichotomy.

The Incumbent will have excellent communication skills to articulate complex scenarios to all levels of the organization.  The Services Cyber Risk Manager will also be responsible for monitoring CSRA metrics and helping to define remediation action plans with stakeholders. Furthermore, the incumbent will be responsible for establishing and developing excellent relationships with 2nd and 3rd line business partners.

Responsibilities:

• Team Management
• Building and developing an effective team structure
• Setting meaningful and achievable team goals
• Assigning and tracking projects effectively
• Excellent communication skills
• Act as a Trusted Security Advisor to business and technology teams, guiding them on understanding and addressing cyber risk.
• Develop relationships with the business, technology, second line, third line, and other CISO teams.
• Articulate risk and impact to stakeholders (at all levels of the organization) in a clear and succinct manner.
• Evaluate CISO programs escalations, security incidents, key metrics, and other sources to prepare guidance for stakeholders on risk remediation and reduction prioritization.
• Review results of cyber security risk appetite non-compliance, understand the gaps identified, their root causes, impacts and provide guidance to responsible stakeholders, as well as insights on key themes and remediation plans to CISO and related governance organizations. 
• Partner with BFT-ISO leadership to identify and dimension cyber risk, presenting status and actions.
• Partner with other BFT-ISO leaders, as well as second line of defense to drive security compliance and awareness.
• Develop expertise of Citi’s cyber security standards and partner with business/technology teams to help them understand the “so what” and prioritize risk reduction efforts. 
• Oversight of issues identified and excellent understanding of impacts to the Services Business.
• Articulate how risk scoring is determined and be able to articulate why a risk is high, medium, or low.
• Determine if compensating/mitigating controls are sufficient to reduce risk score
• Determine if severity should be increased when risks are aggregated.
• Challenge issue owners and the organization on predicted to achieve appropriate risk reduction.
• Define, develop and present risk-based reporting to senior leaders, stakeholders, including business, technology, second line of defense, and other BFT-ISO teams.
• Client / Vendor Support
• Partner with Enterprise CISO Programs to ensure third party risks are effectively captured, dimensioned and addressed to align to Citi’s risk appetite.  
• Understand regulatory and country-specific requirements for cyber security impacting the business and support audit requests working in partnership with CISO Governance, Controls and Policy.

Qualifications:

• 10-15 years of relevant experience.
• Understanding of security frameworks and risk methodologies, specifically the Cyber Risk Institute (CRI) Profile.
• Understanding of policy compliance and how it relates to risk. Developing strategies to address any potential gaps between policy and current risk.
• Extensive knowledge of information security risk assessment methodologies, tools, and industry standards.
• Excellent leadership, analytical, and problem-solving skills
• Excellent communication and interpersonal skills.
• CRISC, CISA, CISM, CISSP, CEH preferred.
• At least intermediate-level proficiency in Microsoft Office tools

Critical Competencies:

• Expert knowledge of the Services business models and their associated risks.
• Ability to articulate complex concepts to all levels of the organization.
• Ability to work at both a strategic and tactical level, focusing on the broader picture while driving execution.
• Experience in managing a team to achieve multiple (sometimes competing) priorities.
• Ability to manage multiple initiatives simultaneously, determine prioritization, and work under minimal supervision.
• Awareness of latest risk management developments in the wider environment.
• Capability to flourish in a global, diverse, and hybrid (office and virtual) work environment.
• Project management skills, ability to organize and prioritize activities, and report on those activities at an executive level.
• Strong risk analysis and problem-solving skills.
• Knowledge of regulatory, and compliance requirements in the financial services industry.

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Primary Location:

Jersey City New Jersey United States

------------------------------------------------------

Primary Location Full Time Salary Range:

$176,720.00 - $265,080.00

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Anticipated Posting Close Date:

Aug 14, 2024

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting