Cyber / Tech 2nd LOD Senior Lead Analyst, Senior Vice President

Discover your future at Citi

Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact.

Job Overview

Team/Role Overview

The Technology and Cyber Compliance and Operational Risk Office (TCCORO) at Citi is the firm’s reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational and compliance risks while promoting the implementation of actions to address root causes which may lead to unintended operational losses or regulatory breaches. TCCORO provides the specialist subject matter experts to challenge Enterprise, Infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscience of the bank. In line with the Operational Risk Management (ORM) and Independent Compliance Risk Management (ICRM) frameworks, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated, and aligned with our risk appetite.

The Cyber / Tech 2nd LOD Senior Lead Analyst is part of the Business Segment Technology Risk & Compliance function within TCCORO which focuses on the Markets, Banking, and International lines of businesses. The role will leverage technology and cyber subject matter expertise, business experience, data analysis techniques, current events, and industry trends and best practices to inform the prioritization of risks and the second-line’s approach for associated challenge and influence activities.  

This position actively works with our ORM and Compliance partners and other stakeholders to provide subject matter expertise in line with our operational and compliance risk management frameworks. A successful candidate will have expertise in cyber risk in global financial services, be able to demonstrate a comprehensive understanding of the subject matter and how it applies to related risks.  They should have a strong track record in technology and cyber risk management and/or a strong technical background with excellent analytical skills. Excellent communication skills required to negotiate internally, often at a senior level. A successful candidate should also demonstrate a strong interest in the field and a passion for risk management.

What you’ll do

• Manages internal projects on threat issues that support a variety of participants and stakeholders measuring the effectiveness and comprehensiveness of Citi’s first line defenses.

• Establishes and oversees the application of compliance and technology and cyber policies and procedures, technology and tools, and governance processes to provide credible challenge for minimizing losses from technology and cyber risks.

• Independently assesses technology and cyber risks and drive actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices.

• Leads independent assurance activities to assess areas of concern including substantive and controls testing.

• Monitors, evaluates, and challenges Key Risks and associated Key Risk Indicators triggers and thresholds. Also lead discussions with Key Indicator owners on breaches and action steps to correct breaches.

• Identifies potential risks associated with program/project delivery on a technical and detailed level.

• Leads various second line of defense technology and cyber assessments including risk assessments, control assessments, maturity assessments etc.

• Assesses technology and cyber risks associated with new initiatives and programs being proposed for implementation.

• Challenges the design, adequacy and strength of the control environment associated to technology and cyber and recommends actions to ensure the operational risk profile is in line with the technology and cyber risk appetite.  

• Executes ad-hoc activities for the TCCORO organization, including but not limited to: researching and producing materials for presentations of deep dives into selected topics, coordinating deliverables related to audits and examinations, and maintaining associated data for executive reporting.

• Appropriately assesses risk when business decisions are made, demonstrating knowledge for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules, and regulations, adhering to Policy, and applying sound ethical judgment.

What we’ll need from you

• Experience in technology and cyber risk assessments, metrics, enterprise technology services, risks, and controls within globally complex, dispersed, and diverse organizations.

• Advanced knowledge and experience leading control design and operating effectiveness evaluation, testing, and reporting with a track record of influencing effective risk mitigation strategies

• Excellent presentation skills as well as the ability to effectively communicate complex topics to a broad audience.

• Advanced proficiency in creating written executive materials and mastery in verbal presentation to Executive audiences.

• Outstanding communication and influencing skills, with the ability connect with individuals throughout all levels of the organization and with external partners and vendors.

• Exceptional relationship management skills,  including demonstrable experience managing through conflict and issue resolution with senior stakeholders.

• Proven ability to work within teams, manage cross-functional projects, influence executive-level strategic decision-making, and effectively translate technology / cyber risk insights to value-add risk mitigation solutions

• Subject matter expert in one or more industry standard risk management frameworks (including ISO27001, COBIT, TOGAF and CRI for example), and an in-depth understanding of technology and cyber risk mitigation strategies.

• Deep knowledge of products within the coverage area (e.g, Markets, Banking), including a technical understanding of current and emerging trends as well as the ability to apply in-depth understanding of the business impacts of technical contributions.

• In-depth knowledge of technology and cyber risks and controls across various information system architecture and engineering domains including data protection, identity and access management, vulnerability management, network security, endpoint security, logging and monitoring, incident management, and third-party management; preferred expertise in the following areas:

  • Experience with reviewing and evaluating technology architecture design and solutions inclusive of reviewing the people, process, and technology components.

  • Knowledge of full system, software, and security development lifecycle.

  • Knowledge of Information Security and Cyber security controls, technologies, operations, and operational response processes.

  • Knowledge of the risks and underlying controls that support the integration, testing and production support needs of Payment, Trade, and Banking applications.

  • Demonstrated expertise in data management and/or AI/ML/GenAI space.

  • Knowledge of Cloud security and controls, including secure design patterns and governance

  • Working familiarity with automated monitoring tools and incident tracking tools to effectively communicate and manage incidents, defects, and data quality issues.

  • Extensive technology and cyber risk domain knowledge including ability to analyse metrics and independently derive risk insights focused on business and regulatory context.

What we can offer you

By joining Citi Solutions Center Poland, you will not only be part of a business casual workplace with a hybrid working model (currently up to 2 days working at home per week), but also (potentially, subject to final offer) receive a competitive base salary and enjoy a whole host of additional benefits which can include: 

• Employer paid Defined Contribution Pension Plan contribution of 6% of employee’s pensionable earnings (PPE Program) 

• Employer paid Private Medical Care Package for employees and Private Medical Care Packages for certain family members available at preferential rates 

• Employer paid Life Insurance Program for employees and Life Insurance for certain family members available at preferential rates  

• Employee Assistance Program financed by Employer  

• Paid Parental Leave Program (maternity and paternity leave; statutory and 2 weeks additional paid paternity leave)  

• Sport Card for employees subsidised via Social Benefits Fund and Sport Cards for certain family members available at preferential rates  

• Additional benefits from Company’s Social Benefit Fund, in particular: Holidays Allowance, support for sport and cultural activities, team building events. 

• Additional day off for volunteering 

• Cafeteria/ flex benefit – a company benefits system which enables employees to select and purchase benefits offered by a provider and available for employees on the platform. 

• Opportunity to receive an annual discretionary incentive award 

• Special offers and discounts for employees 

• For further information on the Remuneration Regulations click here. Alternatively, copy and paste the link below https://tbcdn.talentbrew.com/company/287/cms/v3/docs/policies/RemunerationRegulations-KeyProvisions-CitibankEurope_plc_05012025_A.pdf

Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self every day.  We want the best talent around the world to be energized to join us, motivated to stay, and empowered to thrive.  

Sounds like Citi has everything you need? Then apply to discover the true extent of your capabilities.

------------------------------------------------------

Job Family Group:

Risk Management

------------------------------------------------------

Job Family:

Operational Risk

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Primary Location Full Time Salary Range:

zł340,990.00 - zł580,610.00

------------------------------------------------------

Most Relevant Skills

Analytical Thinking, Control Monitoring, Credible Challenge, Governance, Issue Management, Operational Risk, Policy and Procedure, Policy and Regulation, Risk Controls and Monitors, Risk Identification and Assessment.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Automated Processing and AI

We use automated processing, including artificial intelligence, for our legitimate business interests (or our reasonable and appropriate business purposes) to identify and align the candidate's skills and abilities with a specific job opening. Additionally, if you so choose, or consent, we can match your skills and abilities to other suitable roles at Citi.

Importantly, all our hiring processes and decisions, including determining your suitability for a role, are conducted, checked, and decided by individuals. Our automated processing and AI do not involve relying on automatic or autonomous decision-making. Please refer to any Jurisdictional Considerations, with specific provisions for your country (where relevant) for further details.

------------------------------------------------------

This job opening is for an existing job vacancy.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.