Director, Operational Risk Program Management Governance Oversight (Hybrid)

Individuals in Operational Risk establish and manage operational risk policies, propose strategies, and governance processes designed to minimize losses from inadequate controls, fraud, and potential bankruptcy. This includes supervision over technology operational risk, cyber risk, and fraud risk. These individuals are also responsible for the development of tools and infrastructure that support fraud monitoring and prevention, using advanced analytical and statistical skills to identify policy gaps and recommend changes to current policies. This role is crucial to the company as it fortifies against potential operational risks, thereby protecting the company's financial stability and reputation, and contributing towards the overall business resilience and success.

Responsibilities: 

• Establish frameworks, policies, standards and procedures to ensure consistency and alignment of technology and/or cyber risk management across the organization.
• Influence and advise the business in technology and/or cyber risk-related decision-making, ensuring that risk management is an integral part of business planning and daily operations.
• Establish strategic, innovative, intelligence reports that promote decision making to advance the safety and security of Citi’s infrastructure and brand.
• Develop publications and briefings of multi-source intelligence products on threat issues.
• Oversee the development and implementation of technology and/or cyber risk monitoring programs, including the creation of key risk indicators (KRIs) and dashboards to track risk exposure.
• Lead the reporting and presentation of technology and/or cyber risk status, trends, and significant developments to the board, regulators, and other key stakeholders as necessary
• Maintain awareness of regulatory changes relevant to technology and/or cyber risk, ensuring that the organization's technology and cyber risk management practices comply with all applicable laws and industry standards.
• Support internal and external audits and regulatory examinations, as applicable.
• Leverage technological advancements and innovative approaches to continuously enhance and streamline the organization's technology and/or cyber risk management processes.
• Regularly review and update the organization's technology and/or cyber risk management procedures and controls to ensure their effectiveness and relevance given evolving threats and vulnerabilities.

• Inspires people with a compelling and aspirational future vision; demonstrates optimism when leading the organization through challenges and uncertainty.
• Creates a highly resilient organization in which people persist through challenges, transparently communicate and own mistakes, and actively apply learnings to make Citi better.
• Establishes a safe environment where people candidly communicate opinions, seek diverse opinions, and actively debate decisions.
• Fosters a culture that rewards teams to pursue breakthrough ideas and improve business results; proactively invests resources in innovation initiatives.
• Creates a culture that strongly encourages teams to prioritize enterprise success over individual agendas and do the right thing for the organization.
• Boldly creates focus by aligning critical priorities across businesses, functions, and regions; eliminates nonessential work that could distract the organization from executing key priorities.
• Champions innovative ways to manage risk through streamlining processes and building common methods.
• Creates and reinforces a culture of exceptional controls that support client satisfaction and operational effectiveness.
• Proactively solves systemic enterprise challenges by investing time and resources to gather cross-enterprise data; builds sustainable solutions that fully address the root causes of issues.
• Creates a performance culture of high expectations that inspires people to continuously deliver excellence and exceed company goals.
• Energizes and reinforces an ethical environment where doing the right thing for clients and Citi is expected in every decision and action.
• Establishes a culture where teams actively cultivate collaborative partnerships across organizational boundaries; creates synergies that deliver added value for Citi.
• Champions strategies for leveraging Citi’s resources to have a positive impact on society; demonstrates deep understanding of client and community needs.
• Proactively implements systemic solutions to promote the well-being and engagement of all employees; embodies work-life balance through their words and actions and actively encourages others to do the same.
• Leads efforts to position Citi as an attractive place to work for diverse communities; cultivates an inclusive culture in which all individuals are valued and feel a strong sense of belonging.
• Leads with compassion and reinforces a culture in which people assume best intentions of others; treats others respectfully; listens, understands, and appreciates the unique challenges faced by others.

Qualifications: 

• Advanced knowledge of technology risk and/or cyber risk management principles and practices across various information system architecture and engineering domains including data protection, identity and access management, vulnerability management, network security, endpoint security, logging and monitoring and incident management.
• Subject matter expert in one or more industry standard risk management frameworks and an in-depth understanding of technology risk and/or cyber risk mitigation strategies.
• Experience in managing large-scale technology and/or cyber projects or initiatives such as implementing security solutions, managing security audits, or leading compliance initiatives.
• Practical experience managing, assessing, or auditing security operations processes and technologies.
• Professional certifications in either technology risk and/or cyber risk preferred, including: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ERM, CET, ISO27001, COBIT, TOGAF, or CRI.
• Understanding of Citi products and services and downstream impacts of technology risk and/or cyber risk strategy.
• Experience interacting with Regulators and Internal Audit.
• Demonstrated track record of effectively assessing and managing competing priorities.
• Comfortable in dynamic environments, capable of adapting to change while maintaining focus on risk management objectives.
• Ability to influence across cultures at a senior level, understanding how to operate effectively across diverse businesses.
• Ability to think strategically and align technology and/or cyber risk and operational risk management with organizational goals and regulatory obligations.
• Ability to manage and drive change within the organization, ensuring risk management processes evolve to meet changing business and regulatory environments.
• Outstanding communication skills, with the ability to present complex risk matters clearly and persuasively to senior management, the Board and other stakeholders.
• Exudes strong executive presence and poise to garner credibility and confidence with stakeholders in senior-leader forums.
• Robust analytical problem-solving abilities and a high level of integrity to deal with highly confidential data.
• Effective negotiation skills, a proactive and 'no surprises' approach in communicating issues and strength in sustaining independent views
• Strong analytical and strategic thinker; Demonstrated ability to make sound judgment calls on issues that can be both quantitative and qualitative in nature.

Education: 

Bachelor's/University degree, Master's degree preferred

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Primary Location:

------------------------------------------------------

Primary Location Full Time Salary Range:

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Anticipated Posting Close Date:

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting