Tech & Cyber Risk: SVP - Technology & Cyber Risk Officer (Hybrid)
Citigroup
- Wilmington, DE
- Permanent
- Full-time
- Guide and influence the coverage area technology/cyber risk management activities by leveraging subject matter knowledge through experience in managing Global Functions (Finance, HR, Legal, Risk, Compliance etc.) businesses and technology to drive organizations mission and value proposition.
- Provide independent oversight of Cit's risk appetite using both a proactive and reactive approach.
- Partner with first, second, and third lines of defense to identify, measure, monitor, report and manage IT risks that could affect Citi's risk profile.
- Serve as subject matter expert and deliver value-added IT risk and controls guidance across businesses.
- Provide effective challenge of technology/cyber risks and controls via various work efforts (e.g., risk assessments, metrics, etc.)
- Specific responsibilities include:
- Identify and track technology/cyber risks including related indicators and influence the prioritization.
- Oversee the business’s identification and management of key technology and cyber risks, by analyzing related indicators and associated thresholds.
- Advise on continuous monitoring and control test methods and recommend technology metrics in support of decisions concerning technology control objectives.
- Participate in various initiatives and provide guidance related to risk reduction efforts (e.g., control enhancements, remediation closures).
- Influence/challenge business and technology risk self-assessments.
- Influence/challenge technology scenario analysis activities.
- Influence/challenge lessons learned reviews performed by the business and technology.
- Lead independent operational risk reviews and capability assessments.
- Identify gaps, inconsistencies and other integrity issues in technology controls and risk metrics and recommend solutions.
- Verify and validate technology/cyber control measures.
- Oversee the management of technology control issues.
- Advice on best practices leveraging expertise and industry insights.
- Experience with corporate functions applications (e.g. applications supporting Human Resources, Legal, Risk, Compliance, Corporate Treasury and Accounting) on either 1LOD/2LOD.
- Experience with technical systems architecture and design, software development, and/or large data and analytics environments
- Experience with security protections and techniques in one or more of the following areas: applications, database, cloud, network infrastructure, and/or data.
- Experience with enterprise technology architecture as a holistic structure that includes people, process, and technology components combined to achieve business goals for automation.
- Experience leading operational risk reviews and capability assessments including identification of potential issues, and coordination with various teams including leadership.
- Experience in risk assessment and measurement of cloud applications, infrastructure components, and database management systems.
- Experience in security software development lifecycle including risk identification, assessments, and understanding of security testing.
- Experience with data management/security, data warehousing and big data environments.
- Experience with automated monitoring tools and incident tracking tools to effectively communicate and manage incidents, defects, and data quality issues.
- Plus if candidate has previous experience with emerging technologies including cloud technology, and AI/ML.
- Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership.
- Strong presentation skills: able to use data to tell a clear and compelling story.
- Strong analytical and problem-solving skills.
- Comfortable with public speaking across various forums and be able to effectively and logically communicate when ideas are being challenged in an open forum.
- Comfortable interacting directly with technology executive leadership, including in a high stress environment.
- Understands the perspective of regulators and has the ability to develop messages and content to respond to the requirements.
- Strong planning, organization and time management experience that is strategically oriented, an innovative thinker, and a demonstrated and decisive decision maker.
- Able to collaboratively manage initiatives that span multiple geographic locations and time zones.
- Navigates organizational complexity; demonstrates organizational savvy.
- Builds partnerships across functions and regions; collaborates well with others.
- The successful candidate will need to be a hands-on, self-starter, and able to manage tasks/timelines for self and others.
- Bachelor’s/University degree, Master’s degree a plus.
- Related industry certifications (e.g., CISSP, CCSP, CISM, CCSK, CIPP)