Cybersecurity Third Party, Affiliate and Privacy Lead

The Chief Information Security Office (CISO) is made up of deeply dedicated and talented colleagues who work together to ensure the safety of Citi’s and our clients’ assets and information. We manage information security as an end-to-end program – one with a clear mandate and accountability. Our mission is to continually execute and enhance a global security program that is fully anchored to modern control and security frameworks, fully aligned with the technology of the firm, threat-focused and data-driven, and deeply integrated across all Citi businesses globally.

CISO Governance, Risk & Control, and Policy is responsible for providing governance, oversight, risk management, and strategic planning for CISO; as well as Third Party Information Security Assessments (TPISA). The team is also responsible for CISO Program and Performance Management including oversight of CISO’s book of work, maintaining a CISO strategy aligned with industry and regulatory requirements, and CISO’s performance management processes to ensure key IS metrics are in place to determine compliance with Citi’s standards. In addition, the team is responsible for the governance and oversight of Risk Management programs across CISO.

CISO MCA, Regulation Management, Controls, and Quality Assurance is responsible for Cyber MCA Governance and CISO MCA Transformation, Cyber CoB, TPM Governance, and Records Management, Cyber Quality Assurance services for Third Party Information Security Assessments, Information Security Risk Assessments, Vulnerability and Threat Management programs. Additionally, the team supports Cyber Regulation Management which involves managing new and updated regulations through conducting thorough impact assessments and ensuring closure of action plans.

Our commitment to diversity includes a workforce that represents the clients we serve globally from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.

#CISO

Cybersecurity Third Party, Affiliate and Privacy Lead, Senior Vice President (SVP)

This is a people management role that will lead Cyber Third Party, Affiliate and Privacy programs for CISO. This role is responsible for ensuring CISO adherence to Citi Privacy Policy and Third Party Management Policies as well as applicable regulatory requirements globally. This role partners closely with Citi TPM, Data Privacy Office and ICRM to ensure CISO fulfils all relevant requirements and effectively manages our internal and external third parties as well as provides support to CISO business and functions during data privacy reviews and cross border activities.  This role requires a broad and comprehensive understanding of regulatory requirements related to third party management, outsourcing and data privacy as well as strong knowledge of relevant policies. The successful candidate will have demonstrated success and be highly adept at: leading global programs and engineering change efforts; managing risk and execution of global programs by aligning resources and tactical/strategic decisions; and driving transformation across a complex enterprise to support cybersecurity goals.

Job Responsibilities:

• Ensures CISO adherence to Citi Third Party Management Policy, provides governance and guidance to CISO Business Activity Owners and Third Party Officers.

• Monitors critical metrics to ensure CISO third party suppliers follow all requirements of the third party management lifecycle. Participates in Third Party Management committees and provides relevant updates to CISO Leadership team.

• Manages CISO services in the Inter-Affiliate Service Catalogue and acts as the Service Provider contact for CISO services.

• Provides guidance and governance for the CISO Service Recipient contacts. Ensures CISO adherence to all Inter-Affiliate Standard requirements.   

• Provides expert guidance on Privacy regulations and ensures CISO’s compliance with Citi Data Privacy policy and standard as well as timely completion of required privacy assessments.

• Leads initiatives and manages high-impact project work streams with a results-driven focus to deliver solutions, including coordinating the implementation of new regulatory requirements.

• Works with information security officer, functional owner, ICRM and legal as needed to support CISO projects for Cross Border clearance.

• Partnering with other ICRM teams and global functions, including Legal, Risk, Operations and Technology, and HR to prevent and detect non-compliance issues and promote risk culture.

• Responsible for managing and supporting multiple risk and control programs for the team including defining the strategy, approach, processes, and reporting.

Qualifications:

• 10+ years of experience in third party risk management, compliance, privacy, or other control-related functions in the financial services industry.

• Ability to identify, measure, and manage key risks and controls.

• Ability to see the big pictures with high attention to critical details.

• Develop and implement strategy and process improvement initiatives.

• Comprehensive knowledge of Citi’s businesses and functions and their risk profiles.

• Developing new ideas and improving current processes to proactively mitigate risks.

• Expert understanding of compliance laws, rules, regulations, and best practices.

• Deep understanding of Citi’s Policies, Standards, and Procedures.

• Strong leadership, decision-making, and problem-solving skills.

• Strong analytical skills to evaluate complex risk and control activities and processes.

Education:

Bachelor's/University degree, Master's degree preferred

We Offer:

By joining Citi Solutions Center Poland, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive base salary (which is annually reviewed) and enjoy a whole host of additional benefits such as:

• Private Medical Care Program

• Life Insurance Program

• Pension Plan contribution (PPE Program)

• Employee Assistance Program

• Paid Parental Leave Program (maternity and paternity leave) 

• Sport Card

• Holidays Allowance

• Sport and team recreation activities

• Special offers and discounts for employees

• Access to an array of learning and development resources 

• A discretional annual performance related bonus

• A chance to make a difference with various affinity networks and charity initiatives

Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self every day.  We want the best talent around the world to be energized to join us, motivated to stay, and empowered to thrive. 

Sounds like Citi has everything you need? Then apply to discover the true extent of your capabilities.

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.