Overview
Remote
On Site
USD 114,720.00 - 172,080.00 per year
Full Time
Skills
AIM
Internal Control
Finance
Data Analysis
Object-relational Mapping
Financial Services
Policies and Procedures
ROOT
Testing
Project Delivery
Research
Technical Drafting
Presentations
Auditing
Reporting
Regulatory Compliance
IT Risk Management
IT Risk
Systems Architecture
Change Management
Application Development
Release Management
Project Management
Data Management
Vulnerability Management
Management
Risk Assessment
ISO/IEC 27001:2005
COBIT
TOGAF
Writing
Communication
Analytical Skill
CISM
ISACA
CISSP
CISA
PMP
Risk Management
Operational Risk
Insurance
Law
Accessibility
Job Details
The Technology and Cyber Compliance and Operational Risk Office (TCCORO) at Citi is the firm's reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational and compliance risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses or regulatory breaches. TCCORO provides the specialist subject matter experts to challenge Enterprise, Infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscience of the bank. In line with the Operational Risk Management (ORM) and Independent Compliance Risk Management (ICRM) frameworks, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated, and aligned with our risk appetite. The Tech/Cyber Risk Officer is part of the Finance and Data Technology second line of defense organization within TCCORO which is responsible for the oversight of Finance and Data Technology organizations portfolio of projects, applications, systems, and processes. The role will leverage technology and/or cyber subject matter expertise, business experience, data analysis techniques, current events, and industry trends and best practices to inform the prioritization of risks and the second-line's approach for associated challenge and influence activities. This position actively works with our ORM and Compliance partners and other stakeholders to provide subject matter expertise in line with our operational and compliance risk management frameworks. A successful candidate will have expertise in technology cyber risk in global financial services and be able to demonstrate a comprehensive understanding of the subject matter and how it applies to related risks. They should have a strong track record in technology and cyber risk management and/or a strong technical background with excellent analytical skills. A successful candidate should also demonstrate a strong interest in the field and a passion for risk management.
Responsibilities:
Reviews and evaluates compliance and technology and/or cyber policies and procedures, technology and tools, and governance processes to provide credible challenge for minimizing losses from technology and/or cyber risks.
Assesses technology and/or cyber risks and evaluates actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices.
Supports independent assurance activities to assess areas of concern including substantive and controls testing.
Monitors, evaluates, and challenges Key Risks and associated Key Risk Indicators triggers and thresholds. Also liaises with Key Indicator owners on breaches and action steps to correct breaches.
Reviews potential risks associated with program/project delivery on a technical and detailed level.
Participates in various second line of defense technology and/or cyber assessments including risk assessments, control assessments, maturity assessments etc.
Assesses technology and/or cyber risks associated with new initiatives and programs being proposed for implementation.
Challenges the design, adequacy and strength of the control environment associated to technology and cyber and recommends actions to ensure the operational risk profile is in ine with the technology and/or cyber risk appetite.
Executes ad-hoc activities for the TCCORO organization, including but not limited to: researching and drafting materials for presentations of deep dives into selected topics, coordinating deliverables related to audits and examinations, and maintaining associated data for executive reporting.
Appropriately assesses risk when business decisions are made, demonstrating knowledge for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules, and regulations, adhering to Policy, and applying sound ethical judgment.
Qualifications:
6-10 years relevant experience Preferred skills: Expertise in Operational Risk and Technology Risk; Thorough understanding of process, risk and controls framework; Excellent verbal and written skills are a requirement for the role
In-depth knowledge of technology and/or cyber risks and controls across various information system architecture and engineering domains including: availability/incident/change management, solution delivery life cycle, application development/deployment and release management, project management, data management, identity, access, and vulnerability management, and third party management.
Knowledge of products within the coverage area, including an understanding of current and emerging trends as well as the ability to apply understanding of the business impacts of technical contributions.
Experience in technology and/or cyber risk assessments, metrics, enterprise technology services, risks, and controls within globally complex, dispersed and diverse organizations. Proficient in industry standard risk management frameworks (including ISO27001, COBIT, TOGAF and CRI for example), and an in-depth understanding of technology and/or cyber risk mitigation strategies.
Consistently demonstrates clear and concise written and verbal communication skills. Has prior experience writing reports and work papers.
Developed communication and diplomacy skills are required to guide, influence, and convince others, in particular colleagues in other areas and occasional external customers. Requires good analytical skills to filter, prioritize and validate potentially complex material from multiple sources.
Education:
Bachelor's/University degree, Master's degree preferred
Relevant certifications (in CISM, CRISC, CISSP, CISA, or PMP) a plus
Job Family Group:
Risk Management
Job Family:
Operational Risk
Time Type:
Full time
Primary Location:
Wilmington Delaware United States
Primary Location Full Time Salary Range:
$114,720.00 - $172,080.00
In addition to salary, Citi's offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.
Anticipated Posting Close Date:
May 19, 2025
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.
If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View Citi's EEO Policy Statement and the Know Your Rights poster.
Responsibilities:
Reviews and evaluates compliance and technology and/or cyber policies and procedures, technology and tools, and governance processes to provide credible challenge for minimizing losses from technology and/or cyber risks.
Assesses technology and/or cyber risks and evaluates actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices.
Supports independent assurance activities to assess areas of concern including substantive and controls testing.
Monitors, evaluates, and challenges Key Risks and associated Key Risk Indicators triggers and thresholds. Also liaises with Key Indicator owners on breaches and action steps to correct breaches.
Reviews potential risks associated with program/project delivery on a technical and detailed level.
Participates in various second line of defense technology and/or cyber assessments including risk assessments, control assessments, maturity assessments etc.
Assesses technology and/or cyber risks associated with new initiatives and programs being proposed for implementation.
Challenges the design, adequacy and strength of the control environment associated to technology and cyber and recommends actions to ensure the operational risk profile is in ine with the technology and/or cyber risk appetite.
Executes ad-hoc activities for the TCCORO organization, including but not limited to: researching and drafting materials for presentations of deep dives into selected topics, coordinating deliverables related to audits and examinations, and maintaining associated data for executive reporting.
Appropriately assesses risk when business decisions are made, demonstrating knowledge for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules, and regulations, adhering to Policy, and applying sound ethical judgment.
Qualifications:
6-10 years relevant experience Preferred skills: Expertise in Operational Risk and Technology Risk; Thorough understanding of process, risk and controls framework; Excellent verbal and written skills are a requirement for the role
In-depth knowledge of technology and/or cyber risks and controls across various information system architecture and engineering domains including: availability/incident/change management, solution delivery life cycle, application development/deployment and release management, project management, data management, identity, access, and vulnerability management, and third party management.
Knowledge of products within the coverage area, including an understanding of current and emerging trends as well as the ability to apply understanding of the business impacts of technical contributions.
Experience in technology and/or cyber risk assessments, metrics, enterprise technology services, risks, and controls within globally complex, dispersed and diverse organizations. Proficient in industry standard risk management frameworks (including ISO27001, COBIT, TOGAF and CRI for example), and an in-depth understanding of technology and/or cyber risk mitigation strategies.
Consistently demonstrates clear and concise written and verbal communication skills. Has prior experience writing reports and work papers.
Developed communication and diplomacy skills are required to guide, influence, and convince others, in particular colleagues in other areas and occasional external customers. Requires good analytical skills to filter, prioritize and validate potentially complex material from multiple sources.
Education:
Bachelor's/University degree, Master's degree preferred
Relevant certifications (in CISM, CRISC, CISSP, CISA, or PMP) a plus
Job Family Group:
Risk Management
Job Family:
Operational Risk
Time Type:
Full time
Primary Location:
Wilmington Delaware United States
Primary Location Full Time Salary Range:
$114,720.00 - $172,080.00
In addition to salary, Citi's offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.
Anticipated Posting Close Date:
May 19, 2025
Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.
If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View Citi's EEO Policy Statement and the Know Your Rights poster.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.