Skip to main content


Operational Risk Manager - Adversary Emulation Oversight - Senior Vice President (Hybrid)

Job Req ID 23628681 Location(s) New York, New York; Washington, DC; Irving, Texas; Tampa, Florida Job Category Risk Management
Apply Now

Cyber Risk Design Assurance serves as an authoritative body for providing independent assurance that the cyber threats faced by the firm have been properly understood, assessed and mitigated via first line information security defensive programs. Cyber Risk Assurance team is looking for an experienced passionate Cybersecurity Risk Management leader with right balance of Information Security analytical skills and deep IT risk management insights to deliver solid defensible cyber risk analyses, contributing towards Citi’s cyber resiliency.

The Cyber Risk Design Assurance officer is expected to plan, coordinate and conduct risk reviews according to a defined second line risk assurance framework; assess the effectiveness of design of Information Security Programs and operations in particularly (though not limited to) Vulnerability Assessment and Management and Red Team programs. This role will be responsible for monitoring, overseeing, and validating compliance with regulatory-led cyber penetration frameworks. They will have the ability to understand complex business, IT and Information Security processes and be able to assess the implications of current and emerging cyber threats as well as recommend corrective action where needed.

The Cyber Risk Design Assurance role requires an experienced, credible, professional authority on Cyber Risk.


Planning, coordinating and conducting in depth, independent assessments of first line cyber risk management processes including assessments of technical cyber security operations practices.

Planning, coordinating and conducting in depth, end-to-end independent cyber risk assurance reviews of business-critical services, applications and processes.

Monitoring and overseeing independent red-team exercises.

Participating in senior-level engagements with international regulators and practitioners across various other functional groups within Citi

Authoring white papers on industry best practices across thematic cyber risk topics.

Identifying cyber threats, investigating risks and developing control recommendations.

Investigating existing cyber risk mitigation strategies / controls and developing assessments of their effectiveness.

Provide oversight responsibility for the quality and delivery schedule of remediation plans addressing the findings from independent assessments and/or credible challenges.

Performing research on both quantitative and qualitative data to identify key cyber risk themes.

Writing detailed reports containing findings, observations and recommendations.

Providing strategic input into the Cyber Risk Assurance framework and methodology to strengthen our independent assurance methodology.

This position sits on a team that also covers geopolitical risk.  Knowledge of geopolitical and interest in contributing to a new body of work is a plus as teamwork and strong collaboration skills are necessary for success in this role. 

Desired Experience and Skills:

Minimum 6 years of experience in Vulnerability Assessment, Red-Teaming, Cyber Security, Information Security or related function.

Industry recognized Information Security certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) certifications, or other related certifications would be advantageous.

Industry recognized penetration testing certification such as CEH, GPEN, OSCP, CPTE, or other relevant certification would be advantageous.

Demonstrates considerable technical knowledge of Vulnerability Assessment, Cyber Security, Data Protection, IT Risk and Compliance.

Solid understanding of enterprise cyber security and enterprise architecture with experience of designing, operating or managing complex IT environment, security solutions or controls within a complex global network.

Considerable knowledge and understanding of common cyber security technology tools such as firewalls, IDPS, Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption and authentication.

Knowledge of industry standards/regulations (ISO, NIST, PCI-DSS, PSD2, GDPR, NIS) preferred.

Experience of managing cyber, IT or Information Security controls.

Experience of overseeing or conducting independent risk assessments, business process or IT control auditing would be advantageous.

Experience of working in a large multinational financial institution is advantageous.

A broad understanding of global financial business activities such as Markets and Trading, Investment Banking and Consumer Banking would be advantageous.

An understanding of global financial payment systems such as SWIFT is advantageous.

Proven experience of interfacing with senior, C-level stakeholders.

Proven experience of steering the planning and execution of projects in cyber security, risk management, compliance, IT audit or IT risk management.

Execution and delivery focused; creating high quality reporting using appropriate business and technical language for the audience.

Excellent communication and organization skills.

Aptitude and capability for conducting quantitative and qualitative research over large, complex IT systems and Business Processes.

Experience working for a regulator (preferred)

Background in threat intelligence and geopolitical risk is a plus.

* All competitive applications may be considered, including those with equivalent experiences.


Bachelor's degree in Computer Science, Mathematics, Science, Technology, Engineering or other professional field of study.


Job Family Group:

Risk Management


Job Family:

Operational Risk


Time Type:

Full time


Primary Location:

New York New York United States


Primary Location Salary Range:

$170,880.00 - $256,320.00


Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting

Apply Now
  • Join our team
    of 220,000+
    strong diverse employees

  • Socially minded employees volunteering in communities across 90 countries

  • Meaningful career opportunities thanks to a physical presence in over 95 markets

We foster a culture that embraces all individuals and encourages diverse perspectives, where you can make an impact and grow your career. At Citi, we value colleagues that demonstrate high professional standards, a strong sense of integrity and generosity, intellectual curiosity, and rigor. We recognize the importance of owning your career, with the commitment that if you do, we promise to meet you more than half way.

Saved Jobs

You have no saved jobs

Previously Viewed Jobs

You have no viewed jobs