The Role
The role will leverage cyber risk subject matter expertise, business experience, data analysis techniques, current events, and industry trends and best practices to inform the prioritization of risks and the second-line’s approach for associated challenge and influence activities. This position actively works with our ORM and Compliance partners and other stakeholders to provide support to our oversight and challenge activities with the components of our operational and compliance risk management frameworks.
What you will do
- Supports the review of compliance and cyber policies and procedures, technology and tools, and governance processes to provide credible challenge for minimizing losses from cyber risks
- Assesses cyber risks and evaluates actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices
- Supports independent assurance activities to assess areas of concern including substantive and controls testing
- Supports the monitoring, evaluation, and challenge of Key Risks and associated Key Risk Indicators triggers and thresholds
- Reviews potential risks associated with program/project delivery on a technical level
- Participates in various second line of defence cyber assessments including risk assessments, control assessments, compliance assessments, maturity assessments etc
- Assesses cyber risks associated with new initiatives and programs being proposed for implementation
- Embrace the challenge of the design, adequacy and strength of the control environment associated to technology and cyber and recommends actions to ensure the operational risk profile is in line with the cyber risk appetite
- Support ad-hoc activities for the TCCORO organization, including but not limited to: researching and drafting materials for presentations of deep dives into selected topics, coordinating deliverables related to audits and examinations, and maintaining associated data for executive reporting
- Helps to appropriately assess risk when business decisions are made, demonstrating knowledge for the firm's reputation and safeguarding Citigroup, its clients, and assets, by driving compliance with applicable laws, rules, and regulations, adhering to Policy, and applying sound ethical judgment
What we need from you
- Proven track record of success operating in a similar role – across technology, risk & compliance
- Strong knowledge and understanding of cyber-relevant laws, rules and regulations
- Sound understanding of cyber risks and controls across various information system architecture and engineering domains including data protection, identity and access management, vulnerability management, network security, endpoint security, logging and monitoring, incident management, and third-party management
- Expertise across vulnerability management, resilience and supply chain risks as they relate to cyber risk
- Previous exposure to cyber risk assessments, compliance assessments and enterprise technology services within globally complex organisations would be preferred
- Experience with adversary emulation and vulnerability management would be advantageous
- Knowledge and understanding of industry standard risk management frameworks (including ISO27001, COBIT, TOGAF and CRI for example), and an in-depth understanding of cyber risk mitigation strategies
- Excellent verbal and written communication skills are essential
- Must be a self-starter, flexible, innovative, and adaptive
- Proficient in MS Office applications (Excel, Word, PowerPoint)
- Bachelor’s/University degree or equivalent experience required
- Relevant certifications (in CISM, CRISC, CISSP, CISA) is a distinct advantage
By joining Citi Solutions Center Poland, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive base salary (which is annually reviewed) and enjoy a whole host of additional benefits such as:
- Private Medical Care Program
- Life Insurance Program
- Pension Plan contribution (PPE Program)
- Employee Assistance Program
- Paid Parental Leave Program (maternity and paternity leave)
- Sport Card
- Holidays Allowance
- Sport and team recreation activities
- Special offers and discounts for employees
- Access to an array of learning and development resources
- A discretional annual performance related bonus
- A chance to make a difference with various affinity networks and charity initiatives
Sounds like Citi has everything you need? Then apply to discover the true extent of your capabilities.
Time Type:
Full timeView the " " poster. View the .
View the .
View the