Head of Data Risk Appetite Oversight and Analysis, Director

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Job Overview

Operational Risk Management (ORM) is an enterprise-level independent risk management function responsible for enterprise-wide oversight and aggregation of operational risk. Its mandate covers all business lines (US Personal Banking, Global Wealth Management, Markets, Services, Banking, Global Functions & EO&T) spanning all geographies. The ORM function oversees the design and implementation of the non-financial risk management framework. Key objectives of the data risk management framework include:

• Operating model, staffing, and culture
• Operational risk appetite
• Control objectives and standards
• Operational risk and control assessments and reporting
• Strategic decision-making
• The effective execution of Citi's Enterprise Data transformation

Because Citi's Enterprise Data transformation cuts across the enterprise and is multi-disciplinary in nature, ORM's oversight for data risk management at Citi relies upon a “Hub and Spoke” approach, incorporating the second line of defense (2LOD) Business/Region/LV Global Op Risk Officers and other relevant independent risk functions. These teams work collectively to dispense appropriate risk oversight responsibilities, ensuring well-coordinated risk assessments, risk identification, measurement/monitoring, and timely remediation of key gaps. Furthermore, the ORM Data Risk team delivers an enterprise-level aggregation of risk oversight outcomes to assess the firm’s progress toward the Data Transformation target state.

The Head of Data Risk Appetite Oversight and Analysis role will oversee a group of data risk officers accountable for reviewing and challenging firm-wide efforts to manage data risk appetite expectations and the variety of monitoring efforts for the day-to-day delivery of data risk reduction activities. In addition, this role will be charged with ingesting and synthesizing firm-wide 2LOD challenge activity on data risk into the Data Risk Appetite Assessment process and generating requirements for additional assessment activity.

Key Responsibilities:

• Lead primary oversight of the firm’s Data Risk Appetite, including assessment of factors of risk, assessing and monitoring path-to-green efforts, management of metrics that measure risk, and all associated analysis.
• Work with 1LOD to define clear path-to-green and drive execution of agreed plans.
• Be accountable for identifying and executing independent second-line risk assessments in coordination with other ORM teams where needed (e.g., leading challenges of specific risk appetite metrics) to meet internal commitments, leveraging the hub-and-spoke model.
• Champion internal knowledge sharing for Data Risk Appetite efforts. Ensure that this multidisciplinary and cross-cutting risk area is well understood and that the implications of firm-wide remediation efforts are understood in terms of path-to-green efforts.
• Negotiate and remediate resulting risk and control concerns identified.
• Escalate significant or unaddressed risk issues and control environment concerns to appropriate governance forums and Risk leadership.
• As needed, serve as the primary interface to key stakeholders such as regulators, senior management, and the Board, as it relates to 2LOD assessment/point of view for the Risk Category.

Management and Leadership Characteristics:

• Broad experience in risk management, including a successful track record of managing large, complex, enterprise-wide risk management programs at a large financial services organization.
• Focused experience in assessing risk appetite for non-financial risks aligned with regulatory expectations. Proficient in risk assessment principles and supervisory expectations in terms of the quantity and quality of operational risk management.
• Subject matter expertise in Non-Financial Risk Management with a proven track record in risk and control related to technology, data, and/or reporting risk.
• Track record of managing internal relationships and partnering with a range of stakeholders (e.g., business, functions) in leading sustained change and change management efforts.
• Strong technical problem-solving skills and an ability to identify conflicts, discrepancies, and other issues, and bring together the right team to solve them.
• Well-developed listening skills and a strong ability to communicate and engage at the senior management level, both orally and in writing.
• Ability to constructively challenge others at all levels and across boundaries to deliver better results.
• Continuous improvement mind-set to solve for root causes, assess the impact of actions, and adjust as needed; simplify and standardize at every opportunity.
• Regulatory engagement experience.

Qualifications:

• 10+ years of direct experience as a senior Non-Financial Risk professional (data, technology, or reporting risk) or relevant 1LOD function in a large financial services organization.
• 8-10+ years' managerial experience
• Extensive experience with risk metrics, including providing oversight of design, delivery, and sustainability.
• Well-versed in executing risk management monitoring routines, tracking identification to resolution.
• Extensive experience applying operational risk management frameworks in a global organization.
• Strong track record in leading teams to deliver technical risk and control assessments and negotiate outcomes at scale.
• Demonstrable understanding of Data fundamentals, including Data architecture, Data principles, and a deep appreciation of intersectionality and interdependency with enterprise Technology and systems architecture.
• Deep knowledge of financial and risk data, along with an understanding of regulatory, compliance, risk management, and financial management concerns.
• Subject matter expertise in operational risk management as applied to Data risk.

Education:

• Bachelor's degree in Computer Science, Data Science, Information Technology, Business, or a related field.
• Master's degree preferred

------------------------------------------------------

Job Family Group:

Risk Management

------------------------------------------------------

Job Family:

Operational Risk

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Primary Location:

Getzville New York United States

------------------------------------------------------

Primary Location Full Time Salary Range:

$170,000.00 - $300,000.00

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Most Relevant Skills

Analytical Thinking, Control Monitoring, Credible Challenge, Governance, Issue Management, Operational Risk, Policy and Procedure, Policy and Regulation, Risk Controls and Monitors, Risk Identification and Assessment.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Anticipated Posting Close Date:

Oct 05, 2025

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.