About Citi:
Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments, and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management.
As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large tech company. Our technology solutions are the foundations of everything we do from keeping the bank safe, managing global resources, and providing the technical tools our workers need to be successful to designing our digital architecture and ensuring our platforms provide a first-class customer experience. We reimagine client and partner experiences to deliver excellence through secure, reliable, and efficient services.
Our commitment to diversity includes a workforce that represents the clients we serve from all walks of life, backgrounds, and origins. We foster an environment where the best people want to work. We value and demand respect for others, promote individuals based on merit, and ensure opportunities for personal development are widely available to all. Ideal candidates are innovators with well-rounded backgrounds who bring their authentic selves to work and complement our culture of delivering results with pride. If you are a problem solver who seeks passion in your work, come join us. We’ll enable growth and progress together.
This role will be responsible for managing the CISO Manager’s Control Assessment (MCA) Execution Team primarily responsible for developing and executing strategies to innovate, support and help lead global MCA Transformation efforts including approach design, development, implementation, reporting, and governance. Integrates subject matter and industry expertise within a defined area. Contributes to standards around which others will operate. Requires in-depth understanding of how areas collectively integrate within the sub-function as well as coordinate and contribute to the objectives of the entire function. May have responsibility for planning, budgeting, and policy/standard formulation within area of expertise. Involved in short-term planning resource planning. Full management responsibility of a team, which may include management of people, budget and planning, to include duties such as performance evaluation, compensation, hiring, disciplinary and terminations and may include budget approval.
The CISO MCA Manager will help innovate, foster a positive culture, and strengthen Citi’s risk and controls environment.
Responsibilities:
- Responsible for leading CISO’s Manager’s Control Assessment (MCA) team to ensure compliance with enterprise risk management policies and standards (e.g., MCA Standards and Procedures)
- Lead and develop a high-performing team of risk management professionals, fostering a culture of collaboration, innovation and continuous learning
- Set clear goals and objectives for the team, aligning them with organizational priorities and driving accountability for results
- Provide strategic direction and guidance to team members, empowering them to make informed decisions and take calculated risks
- Oversee the execution of MCA including identification of risk trends, analysis, and governance of CISO's Assessment Units (AUs) across all Information Security/Cybersecurity functions/domains including businesses (e.g., Security Architecture Council, Identity & Access Management, Cyber Intelligence Center, Third Party Management, Data Security, Infrastructure Defense, Cyber Security Innovation Center, SMB, USPB and Wealth)
- Drive implementation of Global MCA Transformation efforts in response to Consent Order requirements
- Serve as a liaison between the O&T MCA Transformation and CISO Transformation teams to communicate and implement new changes to the overall MCA governance program while establishing operational processes and identifying efficiencies for the CISO MCA Governance team
- Prepare and deliver presentations to executive leadership (C15-C16/Director-MD) on a regular basis including MGE Quarterly Risk Assessments (QRA) and Annual Risk Assessments (ARA), monthly CISO Domain Reviews and RCMs, to communicate complex MCA concepts and risk management strategy results in a clear and concise manner
- Provide strategic guidance and recommendations to senior leadership on improving risk appetite for the bank
- Lead and liaise with the CISO Transformation Lead on the global transformation efforts focused on improving risk and control environment for the firm, collaborating with functional teams across O&T to standardize processes, enhance controls, and implement best practices for CISO’s MCA Governance program
- Drive change management initiatives to ensure successful adoption of new MCA Transformation activities affecting CISO Assessment Units (AUs)
- Provide thought-leadership to direct reports and influence decisions on a global scale by championing MCA transformation efforts and operational cybersecurity risk, while advocating for necessary resources and aligning efforts with organizational objectives
- Accomplishes results through the management of the MCA team leading Quarterly Risk Assessment (QRA) and (Annual Risk Assessment (ARA) meetings with CISO Assessment Units (AUs), managing creation and enhancements of MCA controls, ensuring policy, standard and regulatory alignments, and partnering with various Operations & Technology functions across engineering, operations, application, and risk management teams to achieve sustained success.
- Supports the strategy, planning, directing and coordination of day-to-day activities of running the MCA team.
- Ensures program plans meet business needs, all stakeholders are identified and included in scope definition activities and understand the program schedule and key milestones and escalates program risks.
- Integrates subject matter and industry expertise within a defined area and contributes to standards around which others will operate.
- Actively engage, collaborate, and manage relationships with O&T-wide, technology, governance, risk and controls teams to recommend solutions that improve business processes and reduce risk in the environment.
- Cross-train on related processes, drive problem solving and root cause analyses, simplify complex messages and summarize key points for senior executive discussions and presentations
- Develop and produce insightful MCA reporting for partners and stakeholders to gain a better understanding of risk within their functions as well as identifying process optimization opportunities
- Integrate improvement considerations into the development of new or modified processes
- Ensure MCA process documentation aligns with enterprise changes as a result of Citi Transformation initiatives
- Foster constructive dialogue and facilitate open discussion, sharing of knowledge and experience with customers and stakeholders
Qualifications:
- 6+ years of experience in leadership management, risk management and/or regulatory compliance in one or more of the following risk disciplines: technology risk, business continuity, operational risk, supplier risk, or audit and controls.
- Broad knowledge of other risk areas, with strong understanding of supplier or third-party risk impact in a financial services company is a plus. Demonstrates knowledge of in-scope business and product areas.
- Project management and governance experience with demonstrated ability to achieve and exceed critical milestones.
- Ability to foster working relationships and outstanding leadership and communication skills with senior leaders across multiple lines of business and with support organizations, including auditors and regulators.
- Demonstrated judgement and critical thinking skills.
- Innovate and demonstrate the passion and initiative required to enable growth and progress
- Bring creative approaches to help us drive value for clients
- Ability to influence decisions with senior leadership and business partners when confronted with differing opinions on information and cybersecurity risks
- Strong work ethic, critical thinking, and analytical skills
- Ability to work under pressure, meet challenging deadlines
- Ability to work independently and effectively in a large, global corporate environment while also being coachable and open to constructive feedback
- Ability to influence others and achieve desired outcome in areas outside of direct control
- Demonstrate ability to interpret, review and assess enterprise policies and standards
- Demonstrate clear and concise written and verbal communication
- 5+ years of relevant experience (knowledge in Risk Management, and Governance, Risk and Control [GRC], Technology, Information Security, and Cybersecurity is a plus)
- Risk Management, Technical and/or Project Management certifications are a plus (e.g. CRISC, CISA, CISM, CISSP, PMP)
Education:
- Bachelor’s/University degree or equivalent experience
------------------------------------------------------
Job Family Group:
Risk Management
------------------------------------------------------
Job Family:
Business Risk & Control
------------------------------------------------------
Time Type:
Full time
------------------------------------------------------
Primary Location:
Tampa Florida United States
------------------------------------------------------
Primary Location Full Time Salary Range:
$103,920.00 - $155,880.00
In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.
------------------------------------------------------
Anticipated Posting Close Date:
Mar 15, 2024
------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the "EEO is the Law" poster. View the EEO is the Law Supplement.
View the EEO Policy Statement.
View the Pay Transparency Posting