Skip to main content



The health and safety of our colleagues and candidates for employment are our highest priority. Accordingly, Citi continues to monitor the COVID-19 situation closely. We have implemented precautionary measures across our firm globally, including conducting all candidate interviews virtually on a temporary basis until further notice where needed.

Cyber Risk Architecture & Engineering Director

Job Req ID 22544291 Location(s) New York, New York Job Category Risk Management
Apply Now

Job Purpose

The Operational Risk Cyber Team serves as an authoritative body, providing independent oversight and challenge of the firm’s Information Security program to ensure that cyber threats faced by the firm have been properly identified, assessed, and mitigated by the first line information security program.

The Cyber Risk Architecture and Engineering Director is a highly experienced subject matter expert in their field and is expected to plan, coordinate, and lead a team of experienced cyber risk professionals to perform risk reviews in alignment with a defined second line risk assurance framework, and assess the effectiveness of first line Cyber and Information Security control activities. They will have the ability to understand complex business, IT and Information Security processes and systems, and be able to assess the implications of current and emerging cyber threats as well as recommend corrective action where needed.

The role requires a highly experienced, credible, professional authority on Information Security and Cyber Risk.

Role Responsibilities:

• Lead the development and execution strategy of the Cyber risk team.

• Develop and execute a prioritized book of work, setting goals and objectives for the team, and driving delivery though effective leadership.

• Build and maintain effective, collaborative relationships across a broad range of stakeholders across all three lines of defense.

• Act as a trusted advisor and thought leader across the wider business.

• Planning, coordinating and conducting in depth, independent assessments of first line cyber risk management processes including assessments of cyber governance and technical cyber security operations practices.

• Planning, coordinating and conducting in depth, end-to-end independent cyber risk assurance reviews of business-critical services, applications and processes.

• Supervising and leading engagements with both internal audit and international regulators.

• Drive the development and enhancement of the cyber risk appetite and the key risk indicators used to assess cyber risk appetite.

• Represent independent risk management on a range of executive risk committees and information security governance forums to provide expert input and independent challenge.

• Authoring white papers on best practices across thematic cyber risk topics.

• Analyzing existing cyber risk mitigation strategies / controls and developing assessments of their effectiveness.

• Provide oversight responsibility for the quality and delivery schedule of remediation plans addressing the findings from independent assessments and/or credible challenges.

• Performing an analysis of both quantitative and qualitative data to identify key cyber risk themes.

• Writing detailed reports containing findings, observations, and recommendations.

• Providing strategic input into the Operational Risk management framework and methodology to strengthen our oversight of cyber risk.

Experience / Competencies:

• Extensive experience in Cyber Security or Information Security related function such as Vulnerability Assessment, Identity & Access Management, Authentication and Authorization systems, Data Protection, Application Security and Secure SDLC methodologies as well as Cloud Security.

• Bachelor's degree in Computer Science, Mathematics, Science, Technology, Engineering or other professional field of study.

• Industry recognized Information Security certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) certifications, or other related certifications.

• Demonstrates considerable technical knowledge of Vulnerability Assessment, Cyber Security, Data Protection, IT Risk and Compliance.

• Solid understanding of enterprise cyber security and enterprise architecture with experience of designing, operating or managing complex IT environment, security solutions or controls within a complex global network.

• Considerable knowledge and understanding of common cyber security technology tools such as firewalls, IDPS, Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption, and authentication.

• Strong experience in cyber security governance frameworks and information security governance best practice.

• Knowledge of industry standards/regulations such as ISO, NIST, PCI-DSS, PSD2, GDPR, NIS.

• Experience of managing cyber, IT or Information Security controls as part of the first line of defense.

• Experience of overseeing or conducting independent risk assessments, business process or IT control auditing.

• Experience of working in a large multinational financial institution.

• A broad understanding of global financial business activities such as Markets and Trading, Investment Banking and Consumer Banking.

• Proven experience of interfacing with senior, C-level stakeholders.

• Proven experience of leading the planning and execution of projects in cyber security, risk management, compliance, IT audit or IT risk management.

• Execution and delivery focused, creating high quality reporting and analysis using appropriate business and technical language for the audience.

• Excellent communication and organization skills.

• Aptitude and capability for conducting quantitative and qualitative analyses of large, complex IT systems and Business Processes.


Job Family Group:

Risk Management


Job Family:

Operational Risk


Time Type:

Full time


Primary Location:

New York New York United States


Primary Location Salary Range:

$170,000.00 - $300,000.00


Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting


Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.

Apply Now
  • Join our team
    of 220,000+
    strong diverse employees

  • Socially minded employees volunteering in communities across 90 countries

  • Meaningful career opportunities thanks to a physical presence in over 95 markets

We foster a culture that embraces all individuals and encourages diverse perspectives, where you can make an impact and grow your career. At Citi, we value colleagues that demonstrate high professional standards, a strong sense of integrity and generosity, intellectual curiosity, and rigor. We recognize the importance of owning your career, with the commitment that if you do, we promise to meet you more than half way.

Saved Jobs

You have no saved jobs

Previously Viewed Jobs

You have no viewed jobs