Citi Group AVP - Technology/Cyber Risk Sr Analyst 

Philippines, Taguig 

530193524

In this role, you are expected to:

• Supports the review of compliance andtechnology and cyberpolicies and procedures, technology and tools, and governance processes to provide credible challenge for minimizing losses fromtechnology and cyberrisks.
• Assessestechnology and cyberrisks and evaluates actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices.
• Supports independent assurance activities to assess areas of concern including substantive and controls testing.
• Supports the monitoring, evaluation, and challenge of Key Risks and associated Key Risk Indicators triggers and thresholds.
• Reviews potential risks associated with program/project delivery on a technical level.
• Participates in various second line of defensetechnology and cyberassessments including risk assessments, control assessments, maturity assessments etc.
• Assessestechnology and/or cyberrisks associated with new initiatives and programs being proposed for implementation.
• Supports the challenge of the design, adequacy and strength of the control environment associated to technology and cyber and recommends actions to ensure the operational risk profile is in line with thetechnology and cyberrisk appetite.
• Supports ad-hoc activities for the TCCORO organization, including but not limited to: researching and drafting materials for presentations of deep dives into selected topics, coordinating deliverables related to audits and examinations, and maintaining associated data for executive reporting.
• Helps to appropriately assess risk when business decisions are made, demonstrating knowledge for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules, and regulations, adhering to Policy, and applying sound ethical judgment.

Ideally, you would have the following qualifications:

• 5-8 years of experience
• Experience in assessing, reviewing or auditing IT governance, IT risk management, IT general controls and application controls, including end user computing (EUC), covering relevant technology or cyber regulations
• Experience intechnology and cyberrisk assessments, metrics, enterprise technology services, risks, and controls within globally complex, dispersed and diverse organizations.
• Understanding oftechnology and cyberrisks and controls across various information system architecture and engineering domains including: data protection, identity and access management, vulnerability management, network security, endpoint security, logging and monitoring, incident management, and third-party management; preferred expertise in EUC.
• Knowledge and understanding of industry standard risk management frameworks (including ISO27001, COBIT, TOGAF and CRI for example), and an in-depth understanding oftechnology and cyberrisk mitigation strategies.
• Excellent written and verbal communication skills.
• Must be a self-starter, flexible, innovative, and adaptive.
• Strong interpersonal skills with the ability to work collaboratively and with people at all levels of the organization.
• Ability to work collaboratively with regional and global partners in other functional units; and to navigate a complex organization.
• Excellent project management and organizational skills and capability to handle multiple projects at one time.
• Proficient in MS Office applications (Excel, Word, PowerPoint).

Education:

• Bachelor’s/University degree or equivalent experience
• Relevant certifications (in CISM, CRISC, CISSP, CISA, or PMP) a plus

Time Type:

View the " " poster. View the .

View the .

View the