Global Head of Cyber Risk and Compliance

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Job Overview

The Technology & Cyber Compliance and Operational Risk Office (TCCORO) at Citi is the firms reliable second set of eyes overseeing Technology and Cyber risk. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses. TCCORO provides the specialist subject matter experts to challenge Enterprise, Infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscious of the bank. In line with the ORM and ICRM frameworks, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated and aligned with our risk appetite.

Responsibilities

Reporting into the Global Head of TCCORO, the Head of Cyber Risk will have oversight responsibility for the Chief Information Security Office and evaluation of cyber risk holistically across the firm. The following highlight the coverage area responsibilities for this Managing Director position:

• Oversight and challenge of the cybersecurity incident response programs.
• Oversight of the security operations center (SOC) and cybersecurity fusion center (CSFC).
• Oversight of cybersecurity penetration testing and red-team operations.
• Oversight of the Chief Information Security Office (CISO), including the review of the effectiveness of the controls, standards and programs across the enterprise.
• Implementation of guidance for overseeing Emerging Technology and Operational Risks, in compliance with OCC Heightened Standards.
• Able to present and lead discussions with key Regulators, internal and external auditors, as well the Board of Directors and the Risk and Audit sub-committees.

• Governance and Oversight of security risks impacting the business and technology
• Support in the development of Cyber Policy and Standards
• Oversight of Key Operational Risks and related indicators and thresholds
• Challenge of Cyber Risk Self Assessments
• Challenge of Business and Technology Scenario Analysis
• Issue management, oversight and escalation
• Advise on best practices leveraging expertise and industry insights

Qualifications:

Knowledge /Experience

The Head of Cyber Risk will be an acknowledged thought leader in technology and security risk management with over 20 years of hands-on technical experience in complex IT management, Information Security, and Emerging Technologies with globally complex, dispersed and diverse organizations. The ideal Managing Director will have in-depth, detailed knowledge of good infrastructure, cloud, and emerging Technology Management inclusive of Artificial Intelligence, Operations and Information Security practices in the financial industry. This individual should have the following experience and skills:

• 20+ years' experience in technology risk and/or cyber risk management in the banking/financial services industry, or related field, with at least 5+ years in 2nd or 3rd line senior leadership positions.
• Subject matter expert in technology risk and/or cyber risk management principles and practices across various information system architecture and engineering domains.
• Proven experience in managing complex risk portfolios and developing strategic risk management frameworks for large organizations.
• Robust understanding of operational risk management frameworks, industry standards, regulatory requirements, and risk mitigation practices.
• Experience managing and overseeing large remediation and transformation programs to achieve intended results.
• Extensive experience in effective written and verbal communication with executive audiences including Boards.
• Experienced risk challenger who balances risks vs. rewards aligned with corporate risk culture.
• Understanding of Citi products and services and downstream impacts of technology risk and/or cyber risk strategy.
• Professional certifications in either technology risk and/or cyber risk preferred, including: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ERM, CET, ISO27001, COBIT, TOGAF, or CRI

The ideal candidate will have in-depth, working knowledge of banking technologies, fraud, cybercrime detection and countermeasures, encryption, data retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management. Prior experience in previous roles should include companies with global technology infrastructure in global financial services firms. Technology Skill set requirements will include capability to manage all aspects of these standards:

• Technology Architecture components common across the Financial Industry
• Information Systems Audit and Control Association’s (ISACA) COBIT* Standard
• Information Technology Infrastructure Library (ITIL)
• ISACA’s Certified in Risk and Information Systems Control (CRISC) Job Practice Domains
• Project management

Strong Leadership Skills:

• Provides leadership in risk identification, key risk indicator identification, and risk mitigation strategies in the domain of technology management.
• Engages business and technology managers to identify key control indicators and maintain effective and efficient continuous control monitoring processes.
• Strong analytical and problem-solving skills.

Excellent Communication Skills:

• Both verbal and written.
• Ability to interact with and influence people/groups of widely varying disciplines and backgrounds.
• Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership.
• Experienced in using active listening techniques on a consistent basis.

Strong Presentation skills:

• Comfortable with public speaking across various forums and be able to effectively and logically communicate when ideas are being challenged in an open forum.
• Comfortable interacting directly with technology executive leadership, including in a high stress environment.
• Understands the perspective of regulators and has the ability to shape messages and content to respond to a changing variety of regulatory standards.

Client Relationships/Business Partnerships:

• Strong planning, organization and time management experience that is strategically oriented, an innovative thinker, and a demonstrated and decisive decision maker.
• Collaboratively manage initiatives that span multiple geographic locations and time zones.
• Navigates organizational complexity; demonstrates organizational acumen.
• Builds partnerships across functions and regions; collaborates well with others.
• Networks regularly and builds relationships across Risk disciplines and with businesses, operations and technology

Logistics:

• The role is global, and the incumbent must be proactive and capable of leading solutions to global issues with others in different regions and time zones.
• The successful candidate will need to be a hands-on, self-starter, and able to manage tasks/timelines for self and others

Education: 

Bachelor's/University degree, Master's degree preferred

------------------------------------------------------

Job Family Group:

Risk Management

------------------------------------------------------

Job Family:

Operational Risk

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Primary Location:

Irving Texas United States

------------------------------------------------------

Primary Location Full Time Salary Range:

$250,000.00 - $500,000.00

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Most Relevant Skills

Analytical Thinking, Control Monitoring, Credible Challenge, Governance, Issue Management, Operational Risk, Policy and Procedure, Policy and Regulation, Risk Controls and Monitors, Risk Identification and Assessment.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Anticipated Posting Close Date:

May 25, 2026

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.