Job Description

This position can be 100% remote - work from home

Job Description

The Operational Risk Officer is a strategic professional who stays abreast of developments within own field and contributes to directional strategy by considering their application in own job and the business. This specific Operational Risk Officer role is responsible for conducting tactical cyber risk assessments associated with key indicator reporting largely by analyzing underlying and historic reporting. Developed communication and diplomacy skills are required in order to guide, influence and convince others, in particular colleagues in other areas and occasional external customers. Significant impact on the area through complex deliverables. Provides advice and counsel related to the technology or operations of the business. Work impacts an entire area, which eventually affects the overall performance and effectiveness of the sub-function/job family.

Responsibilities:

* Establishes and oversees the application of operational risk policies, technology and tools, and governance processes to create lasting solutions for minimizing losses from failed internal processes, inadequate controls, and emerging risks.
* Independently assess risks and drive actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices.
* Governance and oversight may include (not limited to) technology operational risk, risk for example.
* Serves as a subject matter expert for Issues Management (KPI/KRI/Corrective Action Plans)
* Resolves transactional level escalations coming from the vendor or internal partners
* Analyzes a multitude of scorecards/performance management tools in an attempt to mitigate exposure (risk/financial/regulatory)
* Monitors goals are met through performance, risk and relationship oversight of our extended supply chain
* Collaborates to resolve any issues which fall within the terms of the contract.
* Develops and maintains relationships across the business users and Lines of Defense to better understand and deliver customer requirements by responding to changes in the internal and external business environment
* Has the ability to operate with a limited level of direct supervision.
* Can exercise independence of judgement and autonomy.
* Acts as SME to senior stakeholders and /or other team members.
* Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.

Specific Role Responsibilities:

The Operational Risk Officer will identify, evaluate, assess, and advise on the adequacy of activity, risk, and control structures overall for Citi's Cyber and Information Security program, primarily by review and analysis of risk metric reporting.

This role will support oversight of Citi's Risk Appetite within the Cyber/Information Security domain and will include analysis and assessment of cyber risk based on set of data including key indicators and identified issues. The role requires demonstrated knowledge of cyber security controls as well as industry standard approaches to measuring associated risks.

Working with colleagues in Risk, as well as technology, business and other control functions, the Operational Risk Officer is expected to independently analyze and assess various sources to advance Risk Appetite Oversight. The candidate will be expected to assess underlying reporting associated with cyber/information security metrics and assess the associated risk.

. Primary responsibilities will include:

* Support production coordination of assigned Appetite Statements. Leverage subject matter expertise to review and challenge first line assessments of risk appetite alignment.
* Aggregate and analyze various sets of data and develop reporting based on that analysis.
* Support group-wide alignment with existing frameworks and operating models.
* Develop, Review and challenge of key risk indicators, thresholds and first line response to breaches (e.g., escalation and resolution) associated with relevant Appetite Statements.

The candidate is also expected to contribute to the following global ORM-T/C activities:

* Governance and Oversight of technology risk
* Support in the development of Policy and Standards
* Oversight of Key Technology Operational Risks and related indicators and thresholds
* Challenge of business and technology Risk Self Assessments
* Challenge of Business technology Scenario Analysis
* Issue management and oversight and escalation

Qualifications:

The Operational Risk Officer will be a subject matter expert in information security/cyber risk with over 6 years of information technology and information security experience. The ideal candidate will have in-depth, detailed knowledge of Cyber Risk Management, Operations and Information Security practices, both poor and best. The ideal candidate will have a blend of both tactical technical experience and work supporting strategic initiatives. Prior experience in global financial services firms preferred.

* The ideal candidate will also have working knowledge of Banking Technologies, cybercrime detection and countermeasures, encryption, information security support, application development, network and systems operation, testing and vendor management. Working familiarity with network, operating system, and application security fundamentals.
* In depth knowledge of the NIST Cyber Security Framework and the Financial Services Sector Profile in practice.
* Exposure to Technology Architecture components common across the Financial Industry, Information Technology Infrastructure Library (ITIL), ISACAs Certified in Risk and Information Systems Control (CRISC), and the various frameworks sourced to the National Institute for Standards and Technology (NIST) etc.
* Outstanding communication and influencing skills through all levels of the organization and with external partners. Exceptional relationship management and customer service skills; must be able to address and resolve conflict while maintaining relationships. Strong written communication skills with the ability to effectively communicate complex topics to a broad audience.
* Detailed oriented with analytical skills, as the role requires a large amount of data manipulation and presentation. Expert in Microsoft Office Tools to include SharePoint. Demonstrated experience in leveraging Excel for data analysis is preferred.
* The role is global, and the incumbent must be proactive and capable of leading solutions to global issues with others in different regions and time zones. The successful candidate will need to be a self-starter and able to manage tasks/timelines for self effectively.

Education:

* Bachelors/University degree, Masters degree preferred.
* Information Security and Information Technology professional certifications preferred (CISA, CISSP, CRISC, etc).

-------------------------------------------------

Job Family Group:

Risk Management

-------------------------------------------------

Job Family:

Operational Risk

------------------------------------------------------

Time Type:

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries (Citi) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the EEO is the Law poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting