Public Cloud Risk and Controls Lead

Individuals in Assessment & Design are responsible for developing, designing, and implementing controls programs, and providing review and guidance on robust controls design adhering to Citi’s Policies, Standards, and Frameworks. Individuals proactively identify and drive controls enhancements such as automation, standardization and rationalization including transformation execution activities. Includes first line activities for identification, measurement (significance and likelihood), and ongoing assessment of key risks and controls in partnership with relevant process owners to drive management decisions to operate within the firm’s Risk Appetite.

About Citi:

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

About Our Team:

Within Citi's Technology & Business Enablement organization, two partner teams come together to deliver technology excellence and manage the safety, soundness and risk mitigation of those technologies: Cloud Technology Services (CTS) and Technology Controls.

Citi's Cloud Technology Services (CTS) team provides the critical technical foundation for Citi’s operations and is responsible for delivering reliable IT solutions, scalable infrastructure services, and secure capabilities while creating a trusted customer experience and enabling Citi’s workforce to be the best for our clients. Making the bank simpler, greener, and better connected while powering it with trusted, well-secured data, and automating policy enforcement through code are all at the heart of our refreshed global strategy. Data Quality, Simplification, Environmental Stability, Automation, and Service Excellence are the key pillars and priorities on our strategic journey.

CTS is driving an innovative Cloud First strategy that works to optimize the IT environment, reduce complexity, and implement high degrees of automation to enable more agile application delivery. We aim to give Citi businesses a competitive edge by leveraging cloud scale architectures and enabling new infrastructure economics.

The Technology Controls function supports the CTS Public Cloud services team, specializing in technology risk and controls management for Public Cloud Infrastructure and Platform as a Service (IaaS/PaaS) capabilities across providers such as Amazon Web Services (AWS), Google Cloud Platform (GCP), and data platforms, and for Artificial Intelligence solutions offered by Cloud Service Providers.

Responsibilities: 

• Proactive risk identification and corrective action plan coordination

• Partnership with IA and 2nd Line of Defense, and with Policy Owners when more cloud-friendly policy changes need to be influenced

• Advise engineers on application of policy

• Ensure processes are designed with control in mind

• Coordinate cross border clearance as needed

• Maintain continual assessment of Management Controls Assessment (MCA) Efficacy for Public Cloud

• Leverages data to examine impacts to Customer Experience and Regulatory breaks.

• Has the ability to operate with a limited level of direct supervision.

• Can exercise independence of judgement and autonomy.

• Acts as SME to senior stakeholders and /or other team members.

• Provide leadership to drive optimization and efficiencies in projects

• Assist management in guiding and influencing decisions that conform to business objectives

• Manage the design, development, and implementation of Citi's comprehensive controls program. 

• Assess the effectiveness of existing controls, identifying areas for improvement, and executing necessary changes. 

• Continually manage controls enhancements geared towards increasing efficiency and reducing risk. 

• Regularly assess the business/function risk appetite in line with changes in the business environment, regulatory requirements, and strategic objectives.

• Work closely with key stakeholders and process owners to drive management decisions aimed at maintaining operations within the firm’s Risk Appetite.

• Collaborate with key stakeholders to assess potential risks, develop risk mitigation activities, and define the acceptable level of risk across various areas of operation. 

• Drive execution of Enterprise Risk Management Framework and adherence with Risk Mgmt. / Compliance Policies.

• Collaborate with business and functions to understand control processes and identify potential areas for improvement. 

• Stay informed about regulatory changes and industry best practices related to control management, ensuring the controls program aligns with these standards. 

• Provide regular updates to senior management on the performance of the controls assessment and design.

Additional Strategic Responsibilities:

• Aid with strategic path buildout for risk and governance plan

• Actively consult policies and prioritization of codified controls with engineering teams who have multiple concurrent domains such as compute, containers, DB, middleware, etc.

• Ensure controls are automated and sustainable for cloud scale, and achieve defense in depth

• Drive transformational change to reduce adoption friction (process bureaucracy that slows down public cloud adoption) while improving sustainability of risk management processes

Qualifications: 

• 10+ years relevant work experience in Technology Risk & Controls, or Risk/Security/Compliance organization in a large organization in a heavily regulated industry, with at least 2 years of experience in Public Cloud Risk, Governance, Compliance and/or Control.

• Ability to identify, measure, and manage key risks and controls.

• Track record leading Control related projects and programs

• Ability to see the big pictures with high attention to critical details.

• Develop and implement strategy and process improvement initiatives.

• Comprehensive knowledge of Citi’s businesses and functions and their risk profiles.

• Developing new ideas and improving current processes to proactively mitigate risks.

• Requires an ability to provide challenge and make recommendation for risk and controls remediation.

• Expert knowledge in the development and execution for controls.

• Proven experience in control related functions in the financial industry.

• Proven experience in implementing sustainable solutions and improving processes.

• Expert understanding of compliance laws, rules, regulations, and best practices.

• Deep understanding of Citi’s Policies, Standards, and Procedures.

• Strong leadership, decision-making, and problem-solving skills.

• Strong analytical skills to evaluate complex risk and control activities and processes.

• Ability to deliver compelling presentations and influence executive audiences.

• Strong sense of accountability and ownership, with strong results orientation.

• Excellent communication skills; ability to engage and inspire across stakeholder groups.

• Exceptional command in Microsoft Office suite, particularly Excel, PowerPoint, and Word.

• Experience developing compliance documentation, user documentation, strategy documentation, white papers or project documentation

• Demonstrable interest in Public Cloud risk identification and mitigation

• Demonstrated ability to accurately interpret legal and policy documentation

• Experience working with NIST, COBIT, ITIL, CSA, and/or ISO risk and ITSM frameworks

• Familiarity with DevOps and Site Reliability Engineering (SRE) practices

Preferred Qualifications

• Risk certifications such as the CISM, CISSP, CISA, CRISC, CGEIT, CDPSE, etc.

• Certifications in Public Cloud such as AWS Certified Cloud Practitioner, AWS Certified Security Specialty, or cloud agnostic certifications like CCAK, CCSK, CompTIA Cloud+, CET

• Experience in an influence management discipline such as project management or product management

• Experience with data privacy concerns

• Experience in modern microservices architectures and deployments (docker/kubernetes)

• Experience working in a distributed, cloud-based environment using Azure/AWS/GCP

• Experience with cloud infrastructure and data services (compute, storage, networking and others)

• Experience with Infrastructure as Code (IaC) practices and frameworks

• Experience working with cloud-based relational and NoSQL databases

Education:

• Bachelor's/University degree or equivalent experience, Master's degree preferred

What we can offer you:

By joining Citi Hungary, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive compensation package and enjoy a whole host of additional benefits that support you (and your family) to be well, live well and save well:

• Cafeteria Program

• Home Office Allowance (for colleagues working in hybrid work models)

• Paid Parental Leave Program (maternity and paternity leave)

• Private Medical Care Program and onsite medical rooms at our offices

• Pension Plan Contribution to voluntary pension fund

• Group Life Insurance

• Employee Assistance Program

• Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed

• Flexible work arrangements to support you in managing work - life balance

• Career progression opportunities across geographies and business lines

• Socially active employee communities with diverse networking opportunities

Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self every day.  We want the best talent around the world to be energized to join us, motivated to stay, and empowered to thrive. 

Sounds like Citi has everything you need? Then apply to discover the true extent of your capabilities.

#LI -OD1

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.