Operational Risk - Cyber Risk Security Architecture SVP
Location: New York
Posted on: November 26, 2022
The Operational Risk Management (ORM) Group at Citi is the firms
reliable second set of eyes. Our mission is to drive comprehensive
and consistent practices designed to identify, measure, monitor,
report and manage operational risks while promoting the
implementation of actions to address root causes, which may lead to
unintended operational losses. The ORM TCRO (Tech and Cyber Risk
Office) team provides the specialist subject matter experts to
challenge the technology and cyber risk entities across the firm.
We are the technology and cyber conscience of the bank. In line
with the ORM framework, we aim to ensure that the internal controls
that are designed to mitigate technology and cyber risks are
managed, mitigated and aligned with our risk appetite.
The Enterprise Tech/Cyber Architecture and Engineering Risk group
within TCRO is responsible to influence, challenge, and provide
oversight to Enterprise Tech and Cyber Architecture and
The Operational Risk - Cyber Risk SVP is part of the Second Line
function providing oversight including influencing and challenging
the First Line and the businesses on cyber related risks. Oversight
areas include, but are not limited to, governance, identification
of risks, developing remediation strategies, and influencing the
strategy and execution of the program. This position will be
actively working with the ORM Business and Regional teams to
provide subject matter expertise and align the oversight and
challenge activities with the components of the operational risk
The objective of the Operational Risk - Cyber Risk SVP is to reduce
operational losses while enabling the objectives of the program at
Citi, through challenge, influence, and advisory on initiatives in
firm regarding cyber security.
The role will be responsible for building engagement with key
stakeholders, anticipating, challenging, and mitigating risks that
could affect business objectives.
Review of cyber programs and solutions for the associated risks and
controls to challenge their appropriateness and effectiveness.
Review, influence, and challenge Security Architecture standards,
principles, execution, and metrics.
Provide technical advisory and oversight with respect to the
development and execution of the First Line security
Review the enterprise Information Security standards and procedures
to provide oversight, influence, and challenge on their
effectiveness, alignment to industry standards.
Influence and challenge existing and evolving/emerging enterprise
Conduct risk reviews to identify cyber risks including but not
limited to security architecture; determine effectiveness of
enterprise cyber standards, measured view of risks and
Engagement across broader cyber functions to oversee alignment of
roadmaps and plans.
Provide thought leadership on cyber engineering and architecture,
and best practices
Maintain and apply a broad and current industry perspective on
cyber trends/opportunities, leading practices, and our
position/capability/performance relative to direct competitors and
The candidate will have over 10 years of experience in
technology/cyber risk, risk assessments, metrics, enterprise cyber
services, risks and controls within globally complex, dispersed and
More specific experience, knowledge and skills are outlined
Extensive experience in conducting cyber risk reviews
Strong knowledge/experience in security architecture standards and
Evaluating security architecture programs to embed security
Assessing or implementing security architecture programs
Understanding of industry standards including NIST, CRI, MITRE,
Understanding of security architecture frameworks including SABSA,
Threat Modelling methodologies or frameworks including STRIDE,
MITRE, OWASP etc.
Strong experience leading operational risk reviews including
identification of potential issues, and coordination with various
teams including leadership
--- Ability and confidence to exercise influence over a wide range
of individuals at all levels of technical & business
--- Strong presentation skills: able to use data to tell a clear,
--- Strong analytical and problem-solving skills.
--- Comfortable interacting directly with technology executive
leadership, including in a high stress environment.
--- Builds partnerships across functions and regions; collaborates
well with others.
Job Family Group:
Risk Management -
New York New York United States
Primary Location Salary Range:
$164,310.00 - $246,460.00
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to
their race, color, religion, sex, sexual orientation, gender
identity, national origin, disability, or status as a protected
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified
interested applicants to apply for career opportunities. If you are
a person with a disability and need a reasonable accommodation to
use our search tools and/or apply for a career opportunity review
Accessibility at Citi .
View the " EEO is the Law " poster. View the EEO is the Law
View the EEO Policy Statement .
View the Pay Transparency Posting
Effective November 1, 2021, Citi requires that all successful
applicants for positions located in the United States or Puerto
Rico be fully vaccinated against COVID-19 as a condition of
employment and provide proof of such vaccination prior to
commencement of employment.
Keywords: Citi, New York , Operational Risk - Cyber Risk Security Architecture SVP, Other , New York, New York
Didn't find what you're looking for? Search again!