Cyber Governance Review and Control Lead Analyst (Vice President)

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Job Overview

Citi Information Security Office (CISO) Information Security Risk & Compliance Manager (Information Security) candidate will work with their staff to support the APAC Citi Information Security Office (CISO) group, helping the team the associated risks for the CISO processes, domains, and product. While the support will be focused on the APAC group, this position will help influence global CISO Risk and Compliance processes. This will be done through designing, implementing, and monitoring of risk and control framework. Person will be required to work with SMEs on Internal and external Audits; drive compliance of processes, Infrastructure, and applications with Citi Policies; ensure the teams follow the issue management standards and contribute to an Effective Management Control Assessment.

Responsibilities: 
Be responsible for managing and supporting multiple risk and control programs for the organization including working with the global CISO Risk team to define the strategy, approach, processes, quality, tools and reporting that provide APAC risk management consistency and excellence within CISO. 

• Strong understanding of APAC Regulatory requirements e.g. MAS Regulatory requirements for Financial Institutes like MAS644, MAS655 etc, RBI, SEBI, APRA, HKMA, Bank Negara etc. 

• Ensure that emerging risks identified are socialized with key stakeholders and mitigation strategies are in place. 

• Identify areas of engagement based on level of investment, inherent risk, complexity of change and other risk factors 

• Execute Risk Control coverage strategy, ensure appropriate risk mitigation actions are in place and escalate to senior management as appropriate 

• Provide supervision of Risk Control team's efforts and assist with prioritizing and addressing roadblocks encountered 

• Identify and assign key metrics (e.g. KRI/KPIs) to support effective monitoring and management of operational risk including controls assurance and ensure issues identified and corrective actions are raised to address gaps. 

• Provide strong oversight of CAP (Corrective Action Plan) remediation activities both for audit and control issues including quality completion of Risk Exception documentation and annual renewals.

• Support the assigned technology platform re ensuring the remediation of corrective actions relating to both self-identified and audit issues are completed on time and with the appropriate level of quality and adherence to IBAM. 

• Support assigned technology platform during internal and external audits.

• Assist in all interactions with audit including deliverables management, audit fieldwork, business monitoring and meetings. 

• Leverage reporting to identify trends, themes and areas requiring improved controls

• Drive Manager's Control Assessment monitoring, quarterly approvals and improvements required 

• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards. 

• Complete all tasks in connection with the organization’s activity but not detailed in the current job description, assigned by the direct manager, supervisor, or the functional head. 

Ideal Background 

• 10+ years’ experience in Risk and compliance experience

• Demonstrable Information Security Risk knowledge based on working in real-world environments & situations. 

• Strong understanding of APAC Regulatory requirements e.g. MAS Regulatory requirements for Financial Institutes like MAS644, MAS655 etc, RBI, SEBI, APRA, HKMA, Bank Negara etc. 

• Excellent communication skills required in order to negotiate internally, often at a senior level. Some external communication may be necessary. 

• Full management responsibility of a team or multiple teams. 

Education: 

• Bachelor’s/University degree or equivalent experience, potentially Master’s degree 

• Relevant professional qualifications with Risk / Security management e.g. CISM, CISA, CISSP or equivalent 

Benefits 

• Opportunity to widen your knowledge of technology risk area in global financial services organization 

• Long-term career path across geographies and business lines 

• Friendly work atmosphere 

• Competitive compensation package 

• Flexible work arrangements

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Information Security

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.