Operational Risk - Cyber Risk Security Architecture SVP
Company: Citi
Location: Grapevine
Posted on: January 19, 2023
|
|
Job Description:
OverviewThe Operational Risk Management (ORM) Group at Citi is
the firms reliable second set of eyes. Our mission is to drive
comprehensive and consistent practices designed to identify,
measure, monitor, report and manage operational risks while
promoting the implementation of actions to address root causes,
which may lead to unintended operational losses. The ORM TCRO (Tech
and Cyber Risk Office) team provides the specialist subject matter
experts to challenge the technology and cyber risk entities across
the firm. We are the technology and cyber conscience of the bank.
In line with the ORM framework, we aim to ensure that the internal
controls that are designed to mitigate technology and cyber risks
are managed, mitigated and aligned with our risk
appetite.Responsibilities:The Enterprise Tech/Cyber Architecture
and Engineering Risk group within TCRO is responsible to influence,
challenge, and provide oversight to Enterprise Tech and Cyber
Architecture and Engineering/The Operational Risk - Cyber Risk SVP
is part of the Second Line function providing oversight including
influencing and challenging the First Line and the businesses on
cyber related risks. Oversight areas include, but are not limited
to, governance, identification of risks, developing remediation
strategies, and influencing the strategy and execution of the
program. This position will be actively working with the ORM
Business and Regional teams to provide subject matter expertise and
align the oversight and challenge activities with the components of
the operational risk management framework.Primary Objective The
objective of the Operational Risk - Cyber Risk SVP is to reduce
operational losses while enabling the objectives of the program at
Citi, through challenge, influence, and advisory on initiatives in
firm regarding cyber security.The role will be responsible for
building engagement with key stakeholders, anticipating,
challenging, and mitigating risks that could affect business
objectives. Review of cyber programs and solutions for the
associated risks and controls to challenge their appropriateness
and effectiveness. Review, influence, and challenge Security
Architecture standards, principles, execution, and metrics. Provide
technical advisory and oversight with respect to the development
and execution of the First Line security architecture. Review the
enterprise Information Security standards and procedures to provide
oversight, influence, and challenge on their effectiveness,
alignment to industry standards. Influence and challenge existing
and evolving/emerging enterprise cyber risks Conduct risk reviews
to identify cyber risks including but not limited to security
architecture; determine effectiveness of enterprise cyber
standards, measured view of risks and controls. Engagement across
broader cyber functions to oversee alignment of roadmaps and plans.
Provide thought leadership on cyber engineering and architecture,
and best practices Maintain and apply a broad and current industry
perspective on cyber trends/opportunities, leading practices, and
our position/capability/performance relative to direct competitors
and parallel industries/organizations. Qualifications:The candidate
will have over 10 years of experience in technology/cyber risk,
risk assessments, metrics, enterprise cyber services, risks and
controls within globally complex, dispersed and diverse
organizations. More specific experience, knowledge and skills are
outlined below: Extensive experience in conducting cyber risk
reviews Strong knowledge/experience in security architecture
standards and frameworks Evaluating security architecture programs
to embed security Assessing or implementing security architecture
programs Understanding of industry standards including NIST, CRI,
MITRE, COBIT etc. Understanding of security architecture frameworks
including SABSA, TOGAF etc. Threat Modelling methodologies or
frameworks including STRIDE, MITRE, OWASP etc. Strong experience
leading operational risk reviews including identification of
potential issues, and coordination with various teams including
leadershipCompetencies:--- Ability and confidence to exercise
influence over a wide range of individuals at all levels of
technical & business leadership.--- Strong presentation skills:
able to use data to tell a clear, compelling story--- Strong
analytical and problem-solving skills.--- Comfortable interacting
directly with technology executive leadership, including in a high
stress environment.--- Builds partnerships across functions and
regions; collaborates well with others. - Job Family Group: Risk
Management - Job Family:Operational Risk Time Type: Full time
Primary Location: New York New York United States Primary Location
Salary Range: $164,310.00 - $246,460.00 Citi is an equal
opportunity and affirmative action employer.Qualified applicants
will receive consideration without regard to their race, color,
religion, sex, sexual orientation, gender identity, national
origin, disability, or status as a protected veteran.Citigroup Inc.
and its subsidiaries ("Citi") invite all qualified interested
applicants to apply for career opportunities. If you are a person
with a disability and need a reasonable accommodation to use our
search tools and/or apply for a career opportunity review
Accessibility at Citi .View the " EEO is the Law " poster. View the
EEO is the Law Supplement .View the EEO Policy Statement .View the
Pay Transparency Posting - Effective November 1, 2021, Citi
requires that all successful applicants for positions located in
the United States or Puerto Rico be fully vaccinated against
COVID-19 as a condition of employment and provide proof of such
vaccination prior to commencement of employment.
Keywords: Citi, Grapevine , Operational Risk - Cyber Risk Security Architecture SVP, Other , Grapevine, Texas
Click
here to apply!
|