The Operational Risk Sr Officer I is a strategic professional who closely follows latest trends in own field and adapts them for application within own job and the business. Typically a small number of people within the business that provide the same level of expertise. Excellent communication skills required in order to negotiate internally, often at a senior level. Developed communication and diplomacy skills are required in order to guide, influence and convince others, in particular colleagues in other areas and occasional external customers. Accountable for significant direct business results or authoritative advice regarding the operations of the business. Necessitates a degree of responsibility over technical strategy. Primarily affects a sub-function. Responsible for handling staff management issues, including resource management and allocation of work within the team/project.
- Establishes and oversees the application of operational risk policies, technology and tools, and governance processes to create lasting solutions for minimizing losses from failed internal processes, inadequate controls, and emerging risks.
- independently asses risks and drive actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices.
- Governance and oversight may include (not limited to) technology operational risk, cyber risk for example.
- Serves as a subject matter expert for all performance issues that surface.
- Issues Management (KPI/KRI/Corrective Action Plans)
- Resolves transactional level escalations coming from the vendor or internal partners
- Analyzes a multitude of scorecards/performance management tools in an attempt to mitigate exposure (risk/financial/regulatory)
- Monitors goals are met through performance, risk and relationship oversight of our extended supply chain and ensures compliance
- Collaborates to resolve any issues which fall within the terms of the contract. Escalate those that require commercial or legal support.
- Develops and maintains relationships across the business users and Lines of Defense to better understand and deliver customer requirements by responding to changes in the internal and external business environment
- Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
The Operational Risk Sr Officer I will identify, evaluate, assess, and advise on the adequacy of activity, risk, and control structures overall for Citi's Enterprise Infrastructure, Operations and Technology. This oversight will primarily be through the lens of Citi's Risk Appetite within the Cyber domain. The role includes independent assessment of the comprehensiveness and effectiveness of programs and underlying processes, the complete suite of control components, and the resulting impact on Risk Appetite.
Working with colleagues in Risk, as well as technology, business and other control functions, the Operational Risk Sr Officer 1 is expected to independently manage and drive oversight of ORM-T/C's activity related to Risk Appetite Oversight as well as overall strategy and planning for all risk management oversight activity for ORM-T/C. Primary responsibilities will include:
The candidate is also expected to contribute to the following global ORM-T/C activities:
- Lead production coordination of assigned Appetite Statements. Leverage subject matter expertise to review and challenge first line assessments of risk appetite alignment.
- Develop and deliver Risk Appetite-related reporting.
- Manage group-wide alignment with existing frameworks and operating models.
- Develop, Review and challenge of key risk indicators, thresholds and first line response to breaches (e.g., escalation and resolution) associated with relevant Appetite Statements.
- Governance and Oversight of technology risk
- Support in the development of Policy and Standards
- Oversight of Key Technology Operational Risks and related indicators and thresholds
- Challenge of business and technology Risk Self Assessments
- Challenge of Business technology Scenario Analysis
- Issue management and oversight and escalation
The Operational Risk Sr Officer I will be a thought leader in technology risk with over 10 years of information technology and information security. The ideal candidate will have in-depth, detailed knowledge of Cyber/Information Security Risk Management and Operations both poor and best. The ideal candidate will have a blend of both tactical technical experience and strategic initiative leadership. Prior experience in global financial services firms preferred.
- The ideal candidate will also have working knowledge of Banking Technologies, cybercrime detection and countermeasures, encryption, information security support, application development, network and systems operation, testing and vendor management. Working familiarity with network, operating system, and application security fundamentals.
- In depth knowledge of the NIST Cyber Security Framework & Financial Services Sector Profile in practice.
- Exposure to Technology Architecture components common across the Financial Industry including COBIT, Information Technology Infrastructure Library (ITIL), ISACA's Certified in Risk and Information Systems Control (CRISC), and the various frameworks sourced to the National Institute for Standards and Technology (NIST) etc.
- Outstanding communication and influencing skills through all levels of the organization and with external partners. Exceptional relationship management and customer service skills; must be able to address and resolve conflict while maintaining relationships. Strong written communication skills with the ability to effectively communicate complex topics to a broad audience.
- Detailed oriented with analytical skills, as the role requires a large amount of data manipulation and presentation. Expert in Microsoft Office Tools to include SharePoint.
- The role is global, and the incumbent must be proactive and capable of leading solutions to global issues with others in different regions and time zones. The successful candidate will need to be a hands-on, self-starter, and able to manage tasks/timelines for self and others.
- Bachelor's/University degree, Master's degree preferred.
- Information Security and Information Technology professional certifications preferred (CISA, CISSP, CRISC, etc).
Job Family Group:
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the "EEO is the Law" poster. View the EEO is the Law Supplement.
View the EEO Policy Statement.
View the Pay Transparency Posting
Posting ID: 611341174Posted: 2021-03-09Job Title: Operational Risk Cyber Risk