The business problem is to minimize losses from inadequate controls, fraud, and potential bankruptcy by establishing and managing operational risk policies, proposing strategies, and governance processes. This includes supervision over technology operational risk, cyber risk, and fraud risk, and developing tools for fraud monitoring and prevention.
Requirements
- Deep understanding of various technology risk and/or cyber principles, strategies, and technologies, including proficiency in areas such as data protection, network security, threat analysis, identity and access management, incident response, and security architecture.
- Proficiency in operational risk management frameworks, industry standards, regulatory requirements, and risk mitigation practices.
- Demonstrated leadership in coordinating with business units and senior management to address technology risk and/or cyber risk issues and implement solutions.
- Experience handling security incidents, including detection, response, mitigation, and post-incident analysis is crucial.
- Experience interacting with Regulators and Internal Audit.
- Professional certifications in either technology risk or cyber risk preferred, including: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ERM, CET, ISO27001, COBIT, TOGAF, or CRI.
- Robust analytical problem-solving abilities and a high level of integrity to deal with highly confidential data.
Responsibilities
- Oversee the application of technology and/or cyber risk policies, tools, technology and governance processes, creating sustainable solutions for minimizing losses resulting from failed internal processes, inadequate controls, and emerging risks.
- Monitor business adherence to Citi’s technology and/or cyber risk policies, standards and procedures.
- Design and oversee the implementation of robust control measures to mitigate identified technology and/or cyber risks.
- Review and challenge the effectiveness of risk mitigation strategies, tools and methodologies used for threat intelligence and threat analysis implemented by the 1st line of defense.
- Provide strategic technology and/or cyber risk advisory and support to the business and other stakeholders.
- Partner with key stakeholders to drive technology and/or cyber risk management strategy in alignment with organizational objectives and risk appetite.
- Support internal and external audits and regulatory examinations, as applicable.
Other
- Build and maintain effective relationships with Business partners, establishing credibility by understanding the business, their needs, strategic priorities, and challenges.
- Foster a culture of technology and/or cyber risk awareness and accountability in the organization, ensuring that employees understand their roles and responsibilities in mitigating risk exposure.
- Partner with Sr. management on the reporting and presentation of technology and/or cyber risk incidents, trends, and key developments to the board, regulators, and other key stakeholders, as applicable.
- Is an enthusiastic and early adopter of change; takes ownership for helping others see a better future and stay positive during uncertainty.
- Effective leadership ability to credibly challenge and influence stakeholders.
