Head of Cyber Regulation Management

About Citi:

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.

As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and, in our clients’, best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.

Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

CISO Governance, Risk & Control, and Policy is responsible for providing governance, oversight, risk management, and strategic planning for Chief Information Security Office (CISO); as well as Third Party Information Security Assessments (TPISA). The team is also responsible for CISO Program and Performance Management including oversight of CISO’s book of work, maintaining a CISO strategy aligned with industry and regulatory requirements, and CISO’s performance management processes to ensure key IS metrics are in place to determine compliance with Citi’s standards. In addition, the team is responsible for the governance and oversight of Risk Management programs across CISO.

CISO MCA, Regulation Management, Controls, and Quality Assurance is responsible for Cyber MCA Governance and CISO MCA Transformation, Cyber CoB, TPM Governance, and Records Management, Cyber Quality Assurance services for Third Party Information Security Assessments, Information Security Risk Assessments, Vulnerability and Threat Management programs. Additionally, the team supports Cyber Regulation Management which involves managing new and updated regulations through conducting thorough impact assessments and ensuring closure of action plans.

Overview of the Role:

As the Director of Cyber Regulation Management, you will lead Cyber Regulation Management program for CISO globally and is responsible for ensuring CISO adherence to Citi Compliance Policy and Regulation Management standard as well as applicable cybersecurity regulatory requirements globally. This role partners closely with Citi Legal and ICRM to design, develop, and deliver information security regulatory programs for CISO. The overall objective of this role is to lead impact assessments of new and updated regulations applicable to CISO and ensure the organization is compliant with the requirements providing guidance and support to CISO functions.

This role requires a broad and comprehensive understanding of the different regulations relevant to CISO as well as strong knowledge of cybersecurity and underlying technologies. The successful candidate will have demonstrated success and be highly adept at leading global programs, managing high profile regulatory commitments, aligning resources and strategic decisions and driving transformation across a complex enterprise to support cybersecurity goals.

Job Responsibilities

• Serve as a subject matter expert on Citi’s regulatory programs and frameworks including GLBA, NYDFS, and PCI DSS as well as key European and Asia regulations.

• Provides expert guidance on information & cybersecurity for regulations to manage risks.

• Leads initiatives and manages high-impact project work streams with a results-driven focus to deliver solutions, including coordinating the implementation of new regulatory requirements.

• Guides on completing regulatory assessments and ultimately review and sign off to ascertain the assessment’s completeness and accuracy.

• Work with information security officer, functional owner, ICRM and legal as needed to determine projects meet regulatory requirements.

• Partnering with other ICRM teams and global functions, including Legal, Risk, Operations and Technology, and HR to prevent and detect non-compliance issues and promote a culture of compliance.

• Accountable for the quality, completeness, and accuracy of the implementation of the regulatory governance control analysis, remediation, applicability and mapping Framework.

• Determines the needs of policy updates, identifying opportunities driving process and control standardization (MCA) enhancements, and the development of improved monitoring controls and compliance metrics.

• Executes risk control coverage strategy, ensure appropriate risk mitigation actions are in place and escalate to senior management as appropriate.

• Guides CISO management in exercising control over Regulatory Operational and Compliance Risks in accordance with established Policy requirements.

• Influences standards and procedures that conform to enterprise requirements and support sound operational and compliance risk management.

• Responsible for managing and supporting multiple risk and control programs for the team including defining the strategy, approach, processes, and reporting.

Qualifications:

• Candidate with 10+ years of relevant experience in Technology/Cybersecurity/Risk Management

• Strong understanding of Risk Management, Cybersecurity and compliance within a large corporate environment

• Broad understanding of relevant banking regulation and supervisory expectations for large complex financial institutions.

• Well-developed listening skills and a strong ability to engage at the executive management level by providing proactive support and advice on a variety of risk matters.

• Superior oral and written communication skills, and in particular ability to assess and contribute to the content of key risk and control reporting.

• Strong leadership skills and demonstrated experience with a proven track record in driving positive and sustained change.

• Ability to lead by example, strong influential and interpersonal skills, used to deliver results and push the organization agenda in a complex environment.

• Strong ability to engage at the senior management level and demonstrated communication experience at different levels of organization

Education:

BS/BA degree in Technology, Cybersecurity, Risk Management or related fields

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Primary Location:

------------------------------------------------------

Primary Location Full Time Salary Range:

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Anticipated Posting Close Date:

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting