Cybersecurity Controls Testing Lead - SVP - Hybrid

The Global Functions Control Testing Utility is responsible for the testing of controls that are designed and executed by the Citi’s Global Functions teams such as Finance, HR, Operations, Technology, COO & ESPA as well as the CBNA Legal Vehicle.

The InfoSec Controls Testing Team Leader for Tech Infrastructure reports to the Technology Controls Testing Head (C15) within the COO organization’s Central Controls Capabilities. Initially, this role will report to the Global Functions Control Testing Head until the Technology Controls Testing Head joins. This is a strategic and execution-oriented management position which along with the Technology Controls Testing Head, is accountable for end-to-end controls testing i.e., operational controls performance assurance/testing – which includes design, execution, results reporting, and insight sharing related to the above scope of controls testing. Initially, this role will focus on Maker Checker Controls across segments of the organization in support of Risk Reduction efforts related to the risks identified by IA for Maker Checker type controls.

The InfoSec Controls Testing Team Leader leads and directs a team of approximately 5 controls testing professionals responsible for supporting the above responsibilities, with breadth and depth on control testing planning and execution. The position closely follows latest trends in controls testing and adapts them for application within own job and covered businesses and functions, and often will be in touch with senior managers at Director or Managing Director levels.

Excellent management and communication skills are required to negotiate internally, often at a senior level. Developed communication and diplomacy skills are required to guide and influence others, in particular colleagues in other areas and occasional external customers. Accountable for controls testing results and advice regarding the controls execution. The role necessitates a degree of responsibility over technical strategy. Responsible for supporting the Enterprise Controls Testing Head on handling staff management issues, including resource management and allocation of work within the team/project.

Responsibilities:

• Supports the Controls Testing Utility by assessing control design, designing control testing tools, developing control testing procedures, ensuring control testing transitions, dispositioning exceptions, and developing insights for all controls within the Technology & InfoSec organization.
• Carries key responsibility for Control Design Assessment (CDA) by resolving escalations, defining the work plan, and designing the quality review process.
• Performs decision-making of control testing design activity, which includes approving/signing-off, undertaking escalations, and owning Internal Audit and issue management related actions.
• Approves testing procedures in Confluence and is responsible for delivering relevant procedures to Internal Audit reviews and issue remediation.
• Maintains resource forecast for own team as well as forecasting for successful controls testing transition and Central Execution training.
• Has the ultimate decision on controls testing outlier escalations.
• Handles control testing interactions with senior managers at Director or Managing Director levels.
• Represents control testing in Operational Risk Forums (ORF) and senior meetings as needed and works with each respective team to finalize materials.
• Develops and drives quality-checking routines to ensure compliance with all relevant policies, operating guides, and owned control testing.
• Supports team members on topics ranging from testing design and execution to performance management and control testing platforms basics.
• Helps driving continuous improvements in accuracy, efficiency, timeliness, and quality of MCA control design assessment and controls testing.
• Maintains relationships and drives accountability with partners and stakeholders to drive control testing's success in support of the business's strategy.
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.
• Supports other relevant work efforts of department where needed and as directed by their manager.

Qualifications:

• 10+ years relevant experience, 5+ years in Risk & Controls roles, 5+ years of direct management experience preferred. Hands on experience in the Finance function in a Global Bank would be a plus.
• Good understanding of Financial Services products and services.
• Expert in InfoSec Risk and Control as well as Cyber Risk Appetite as well as industry frameworks and methodologies to enable robust Control Design Assessment and Control Testing.
• Subject matter expert on controls design, execution and/or control testing.
• Expert-level understanding of MCA (Managers Control Assessment) frameworks and processes.
• Advanced skills in MS Word, MS Excel, MS PowerPoint, and MS SharePoint.
• Effective communication, written and presentation skills.
• Outstanding people and relationship management skills with the ability to influence others and foster a sense of collaboration.
• Independent thinker and able to perform a credible challenge of businesses/functions.
• Ability to work effectively on virtual teams, including across different geographies and time zones preferred.
• Knowledge of human-centered design an advantage.

Travel Requirement:

• Less than 10%.

Education:

• University degree preferred.

Primary Locations:

US Strategic Locations

The Business Risk and Control Group Manager is accountable for management of complex/critical/large professional disciplinary areas. Leads and directs a team of professionals. Requires a comprehensive understanding of multiple areas within a function and how they interact in order to achieve the objectives of the function. Applies in-depth understanding of the business impact of technical contributions. Strong commercial awareness is a necessity. Generally accountable for delivery of a full range of services to one or more businesses/ geographic regions. Excellent communication skills required in order to negotiate internally, often at a senior level. Some external communication may be necessary. Accountable for the end results of an area. Exercises control over resources, policy formulation and planning. Primarily affects a sub-function. Involved in short- to medium-term planning of actions and resources for own area. Full management responsibility of a team or multiple teams, including management of people, budget and planning, to include performance evaluation, compensation, hiring, disciplinary actions and terminations and budget approval.

Responsibilities:

• Guide and influence governance and the facilitation of the execution of the Manager Control Assessment (MCA, i.e.. Risk & Control Self-Assessment) as required by the MCA Standard including the assessment and appropriate approval of risk associated with business changes. 
• Responsible for the quality, completeness, and accuracy of the implementation of the Control Framework, including Risk Control Policy, Control Standard, Issue Management Policy, Lesson Learned Policy and Control Inventory.
• Manage and allocate resource for the identification of issue root cause, partnering with control and process owners to recommendations holistic corrective actions and improvements, provide check and challenge to ensure appropriate escalation in according with Issue Management and Escalation Policies.
• Assist in directing teams in the implementation of the Lessons Learned Policy, including monitoring of control breaches and dissemination and learnings across other business units for process improvement to limit the occurrence of similar future events and where similar risk exposure might exist.
• Support review and challenge, within the FLUs, on the effective design and management of controls to mitigate risks as required by the Control Standards, including implementation and operation, conducting the control monitoring, handling deficiencies, and escalating issues for resolution. 
• Direct teams on the timeliness, accuracy and completeness of the MCA through controls prior to the execution of a process (QC).
• Assess adherence to the MCA Standard through controls after the execution of a process (QA).
• Exercise control over Operational and Compliance Risk in accordance with established Policy requirements.
• Allocate resource to identify, assess, escalate, and manage risk exposures across Risk Categories (Operational Compliance, Strategic, Reputational, etc), including material, emerging and concentration risks in accordance with enterprise Policies and the establishment of Key Indicators to monitor risk exposures.
• Assess Risk Appetite and monitor / assess exposures against this in accordance with enterprise requirements (if applicable).
• Take ownership to identify, assess, record and response to Operational and Compliance Risk events, ensuring these are captured accurately, timely and in accordance with requirements.
• Responsible that adequate governance and training are in place to support management of Risk profiles.
• Assess the risks associated with New Activities and changes to the Business, ensuring these are well understood and adequately controlled (if applicable).
• Support operational risk scenario analysis and stress testing for Operational Risk Capital requirements.
• Take ownership of risk and control assessments or coordination for programs within various risk stripes and ensure sufficient subject matter expertise exists to enable management of these risks within the Business (e.g. third party, fraud, sanctions etc) (if applicable).
• Take ownership to ensure that risk and control responsibilities and accountabilities are embedded within FLUs, including providing training and leading by example.
• Guide and influence standards and procedures that conform to enterprise requirements and support sound operational and compliance risk management.
• Apply knowledge of the business, products or services to identify and implement control points and processes throughout the business.
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behaviour, conduct and business practices, and escalating, managing and reporting control issues with transparency.

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Primary Location:

------------------------------------------------------

Primary Location Full Time Salary Range:

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Anticipated Posting Close Date:

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting