Responsibilities:
- Help contribute to governance and the facilitation of the execution of the Manager Control Assessment (MCA, i.e. Risk & Control Self-Assessment) as required by the MCA Standard including the assessment and appropriate approval of risk associated with business changes.
- Support teams in the quality, completeness, and accuracy of the implementation of the Control Framework, including Risk Control Policy, Control Standard, Issue Management Policy, Lesson Learned Policy and Control Inventory.
- Assist in performing a detailed analysis on the identification of issue root cause, partnering with control and process owners to recommendations holistic corrective actions and improvements, provide check and challenge to ensure appropriate escalation in according with Issue Management and Escalation Policies.
- Help contribute to the Lessons Learned Policy, including monitoring of control breaches and dissemination and learnings across other business units for process improvement to limit the occurrence of similar future events and where similar risk exposure might exist.
- Support the review and challenge process, within the FLUs, on the effective design and management of controls to mitigate risks as required by the Control Standards, including implementation and operation, conducting the control monitoring, handling deficiencies, and escalating issues for resolution.
- Help contribute to the timeliness, accuracy and completeness of the MCA through controls prior to the execution of a process (QC).
- Assist in the monitoring of the adherence to the MCA Standard through controls after the execution of a process (QA).
- Support in dealing with Operational and Compliance Risk in accordance with established Policy requirements.
- Assist in performing a detailed analysis to identify, assess, escalate, and manage risk exposures across Risk Categories (Operational Compliance, Strategic, Reputational, etc), including material, emerging and concentration risks in accordance with enterprise Policies and the establishment of Key Indicators to monitor risk exposures.
- Assist in supporting Risk Appetite and monitor / assess exposures against this in accordance with enterprise requirements (if applicable).
- Be part of the process to identify, assess, record and response to Operational and Compliance Risk events, ensuring these are captured accurately, timely and in accordance with requirements.
- Help ensure that adequate governance and training are in place to support management of Risk profiles.
- Contribute to the risks associated with New Activities and changes to the Business, ensuring these are well understood and adequately controlled (if applicable).
- Support operational risk scenario analysis and stress testing for Operational Risk Capital requirements.
- Support with risk and control assessments or coordination for programs within various risk stripes and ensure sufficient subject matter expertise exists to enable management of these risks within the Business (e.g. third party, fraud, sanctions etc) (if applicable).
- Coordinate risk and control responsibilities and ensure accountabilities are embedded within FLUs, including providing training and leading by example.
- Support with standards and procedures that conform to enterprise requirements and support sound operational and compliance risk management.
- Apply knowledge of the business, products or services to identify and implement control points and processes throughout the business.
- Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behaviour, conduct and business practices, and escalating, managing and reporting control issues with transparency.
Qualifications:
- 6-10 years of experience.
- MS Excel, MS Access, SAS, SQL, Visual Basic a plus. 5+ years’ experience in financial services.
- Consistently demonstrates clear and concise written and verbal communication skills
- Effective organizational influencing skills required.
- Third party vendor management preferred. Demonstrated ability to lead global team efforts
- Excellent problem-solving skills Ability to comprehend the big pictures with high attention to critical details
- Demonstrated ability to develop and implement strategy and process improvement initiatives.
Education:
- Bachelor's/University degree, Master's degree preferred.
Job Summary
The CSIS Information Risk manager reports directly to the CSIS Global Head of Information Risk Management and responsibilities include managing Information security, Electronic Communications and Data Privacy programs and engages with other managers across Citi (Information Security, Records Management, Data Privacy, CTI, Legal, Operational Risk Management and other global functions professionals). Engagement requires involvement to ensure proper corporate programs execution and compliance levels. As part of this role, it is required to execute functional strategies for a large/complex country, cluster of countries, or business requiring coordination and integration across units. The position requires a broad and comprehensive understanding of the different policies, systems, theories, and practices relevant to the Information Risk Management programs. The position requires a thorough understanding of the strategic direction of Citi and CSIS to effectively collaborate with other programs staff to contribute and supply insights that enhance the business strategy. This position also requires a thorough understanding of industry knowledge, trends and best practices that can be applied to the function and programs.
Responsibilities:
- Help contribute to governance and the facilitation of the execution of the CSIS Information Risk Management programs.
- Provide support to reach the needed quality, completeness, and accuracy of the implementation of the Information Risk Management programs.
- Provide guidance and assistance on the identification, assessment, management, and mitigation of current and emerging (inherent and residual) risk exposures associated with CSIS Information Risk Management activities and operations.
- Coordinate with CSIS functional programs representatives to perform a detailed analysis on issue root cause, generate controls recommendations, holistic corrective actions, and improvements. Provide check and challenge to ensure appropriate escalation in according with Issue Management and Escalation Policies.
- Support compliance with applicable Information Risk Management laws, rules, and regulations, adhering to Policy, applying sound ethical judgment, conducting business practices, escalating, managing remediation and reporting control issues with transparency.
- Consult with corporate partners such as the Information Security Office (CSIS GISO, BISO), Data Privacy Office, Operational Risk Management Office, CSIS Data Governance Officer, to ensure proper adoption of policy mandates and compliance levels.
- Provide support and consultancy to all CSIS programs employees on any matters within the information risk management scope.
- Assist on the creation of methodologies, procedures, and governance of the overall CSIS Information Risk Management programs to properly guide our employees on the implementation of the associated policies.
- Aid in the design and implementation of Information Risk Management indicators related to Key Operative Risks (KOR), Key Risk Indicators (KRIs) in alignment with Citi’s top risks taxonomies and appetite.
Qualifications:
- Demonstrated ability to apply knowledge of regulatory/compliance risk and other applicable US and international regulations, particularly as they relate to Information Risk Management.
- Demonstrated understanding of cybersecurity risk, mitigation, and solutions to resolve threats using industry leading technical controls and tools.
- Demonstrated understanding of technologies, their purpose, security requirements and data protection needs.
- Project Management and organizational skills.
- Ability to manage confidential information.
- Effective organizational influencing skills across cultures.
- Proven ability to work in high-pressure, challenging environment with a strong sense of urgency.
- Strong problem-solving skills and ability to understand the big picture with attention to detail.
- Consistently demonstrate clear and concise written and verbal communication skills
- Bachelor's degree/University degree
- Master's degree preferred.
- CISSP, CISM, CRISC, CISA preferred.
Risk ManagementFull timeTampa Florida United States$103,920.00 - $155,880.00
Anticipated Posting Close Date:
Aug 16, 2024View the " " poster. View the .
View the .
View the