Citi Group Senior Vice President - Cyber Risk Service Delivery 

Luxembourg 

381625145

will have combined responsibilities for managing cyber risk, service delivery, and strategic portfolio management for the Citi Wealth and Legacy Franchise organization within the Business, Functions & Technology (BFT) Information Security Office (ISO). This role will drive cybersecurity compliance, oversee risk management strategies, and deliver high-quality service outcomes as an execution lead supporting the Wealth and Legacy Franchise business Head of Cyber. While serving as a trusted partner to business and technology teams, you will be partnering with stakeholders across the organization to influence and implement strategic initiatives.

Cyber Risk Management

• Partner with stakeholders in CISO, business, technology, and all three lines of defense to drive security compliance and awareness.

• Understand the spirit as well as the language in security policies, standards, and procedures. Use that information to guide action in line with CISO requirements.

• Summarize, analyze, and present risk-based monthly reporting to senior leadership teams, business forums, key stakeholders and CISO, including running reports, performing analysis, articulating the context of the risk and actions required.

• Serve as a subject matter expert and trusted security partner on cyber risks, regulatory reporting, and audit requirements, supporting requests and providing guidance to application managers, customer-facing business partners, and executive leadership.

• Perform detailed review of non-standard information security terms in third-party agreements to articulate the non-standard terms, the impact, level of risk being accepted, and guide the organization in making an informed risk-based decision. Identify if systemic challenges exist with specific third parties.

• Perform analysis on third-party and application security noncompliance, vulnerabilities, and key metrics to provide actionable recommendations to stakeholders.

• Conduct independent review of high-risk items (new software, risk acceptances), ensuring actionable risk-based insights and solutions.

• Understanding of key security programs (e.g., vulnerability management, identity and access management, data loss protection, etc.) and ability to leverage data to articulate both inherent and residual risk to drive risk-based guidance and remediation.

• Act as a subject matter expert for risk scoring determination and guide the organization on why something is scored a certain way (high, medium, low).

• Oversee determination if compensating/mitigating controls are sufficient to reduce risk score and can articulate the impact.

• Lead annual risk workshops involving stakeholders from CISO and related groups, aligned with industry best practices. Identify risk scenarios using the MIRE ATT&CK Framework, calculate scoring, and present to executive leadership to drive risk-based action.

Service Delivery Management

• Serve as advisor and trusted partner to the Head of Cyber for Wealth and Legacy Franchise.

• Represent the Head of Cyber in internal and external meetings, ensuring consistent communication and alignment. Support Head of Cyber in meetings by taking notes and assuming responsibility for completion of action items.

• Manage the cyber portfolio for the Wealth and Legacy Franchise businesses, establishing and maintaining monthly portfolio reviews and tracking.

• Provide support to the Head of Cyber in the development of performance goals, metrics, and reports for CISO leadership teams.

• Coordinate annual investment planning requests (budget).

• Strong presentation skills and materials – creating and telling “the story”.

Strategic Planning and Execution

• Provide oversight for the timely completion of projects and initiatives under the Head of Cyber’s responsibility.

• Identify opportunities to improve service performance and streamline operations.

• Support transformation efforts, including organization design, service delivery enhancements and compliance initiatives.

• Provides input to Head of Cyber to improve service performance and processes to streamline operations.

• New project or pilot coordination as needed and liaison to project management functions.

Stakeholder Engagement and Communication

• Build and maintain strong relationships with business, technology, three lines of defense, and CISO teams across the organization.

• Serve as the liaison between Head of Cyber and other executives, clients, and stakeholders to ensure consistent communication and ensuring involvement or decision-making at the proper time.

• Articulate risks and their impact to stakeholders in a clear, actionable manner.

• Develop executive-level reporting on key topics.

• Provide regular updates on cyber risk status through meetings, presentations, and reports.

Qualifications:

• 10+ years of experience, including 5+ years in a senior security role with project management.

• Strong understanding of IT security frameworks (e.g. NIST SP-800, PCI, ISO 27001, CIRI Profile).

• Proficient in Microsoft Office (Excel: pivot tables, VLOOKUPs, macros; PowerPoint: design, animations, data visualization).

• Strong ability to influence change and build productive relationships.”

• Experienced in interpreting and applying security policies, standards, and procedures.”

• Preferred Certifications: CRISC, CISM, CISA, or CISSP.

Critical Competencies:

• Exceptional communication and leadership skills.

• Strong executive presence with the ability to influence action.

• Operates effectively at both strategic and tactical levels, balancing vision with execution. ​

• Exhibits exceptional capability in managing multiple concurrent initiatives, adeptly determining prioritization, and efficiently guides teammates on achieving objectives.

• Possesses advanced project management skills, organizing and prioritizing activities effectively and reporting progress and outcomes comprehensively to executive leadership.

• Knowledgeable in current and emerging cybersecurity risks and trends.

• Strategic thinker who can perform risk analysis and problem-solve, providing guidance on the identification, assessment, and mitigation of potential risks.

• Self-starter who takes ownership, identifies gaps, and collaborates effectively under tight deadlines.

• Thrives in a global, diverse, and hybrid work environment, leveraging cultural and geographical diversity to drive innovation and collaboration.

Bachelor’s degree in a related security field (Master’s preferred).

Anticipated Posting Close Date:

View the " " poster. View the .

View the .

View the