Technology / Cyber Risk Sr Grp Manager - Director (hybrid)

Technology and Cyber Compliance and Operational Risk Office (TCCORO) at Citi

The Technology and Cyber Compliance and Operational Risk Office (TCCORO) at Citi is the firm's reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational and compliance risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses or regulatory breaches. TCCORO provides the specialist subject matter experts to challenge Enterprise, Infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscience of the bank. In line with the Operational Risk Management (ORM) and Independent Compliance Risk Management (ICRM) frameworks, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated, and aligned with our risk appetite.

The Functions Technology Operational Risk and Compliance Director reports to Head of Global Functions Technology, Operational and Compliance Risk within TCCORO and will provide leadership for independent second line function that oversees Citi's technology functions including Emerging Technology and Data. This role is accountable for management of complex, critical professional disciplinary areas and will manage multiple teams through other managers. The role is responsible for establishing and executing the functional strategy within their organization. They will leverage technology and cyber subject matter expertise, business experience, data analysis techniques, current events, and industry trends and best practices to inform the prioritization of risks and the second-line's approach for associated challenge and influence activities. This position actively works with our ORM and Compliance partners and other stakeholders to provide subject matter expertise in line with our operational and compliance risk management frameworks.

A successful candidate will be a subject matter expert in technology and cyber risk in global financial services, be able to demonstrate a comprehensive understanding of the subject matter and advise stakeholders on the application to related risks. They should have a strong track record in technology and cyber risk management and / or a strong technical background with excellent analytical skills. The ideal candidate will be a strategic, proven leader, strong technically and with security operational experience. They will provide thought leadership, having strong industry engagement, and will be a strong relationship builder that can influence and challenge effectively. The successful candidate will have experience with building and maintaining global teams, providing guidance and mentorship.

Responsibilities

• Manages a staff of risk officers at various levels, with direct accountability for hiring and organizational structure. Has direct oversight for compensation, performance appraisals, staff development, training, etc. Provides input on performance and compensation recommendations for risk officers and utilities that provide risk related services on a matrix basis.
• Accountable for internal projects on threat issues that support a variety of participants and stakeholders measuring the effectiveness and comprehensiveness of Citi's first line defenses.
• Evaluates the design of controls and communicate the impact of control weaknesses to first line teams and control implementers.
• Oversight of the establishment and implementation of compliance and technology and cyber policies and procedures, technology and tools, and governance processes for the coverage domains.
• Governance and oversight of technology and cyber risk while supporting the development of policy and standards; oversight of Key Operational Risks; challenge risk self-assessments and scenario analysis; issue management oversight and escalations.
• Provides leadership to the Second Line influence, advisory and challenge of operational security capability domains including security incident management, vulnerability management and technology and cyber threat intelligence.
• Represents TCCORO in various steering committees, working groups and councils relevant to the functional area.
• Actively engaged in the industry on the latest in technology and cyber risk, and emerging operational risks.
• Oversight of planning, and implementation of technology and cyber programs including their governance, identification of risks and controls.
• Implementation of guidance for overseeing technology and cyber operational risks, aligned with OCC Heightened Standards and other global regulations.
• Able to present and lead discussions with key regulators, and internal and external auditors.
• Advises on best practices leveraging expertise and industry insights.
• Reviews and challenges coverage area appropriately consider significant operational risk in their Management Control Assessments (MCAs).
• Evaluates the extent to which first line of defense is aligned with internal and external control standards, as well as regulatory and audit requirements.
• Appropriately assesses risk when business decisions are made, demonstrating knowledge for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules, and regulations, adhering to Policy, and applying sound ethical judgment.

Qualifications

Education