Citi Group Cyber Risk Head Services 

United States, New Jersey 

757713238

The Services Cyber Risk Manager manages a team of Cyber Risk analysts supporting the identification, assessment, and remediation of cyber risks for Services globally. The Cyber Risk Manager for Services will have a lateral and vertical view of risk, end-to-end process mapping and cross-function visibility of product, operations and technology. This role requires someone with extensive knowledge of risk methodologies and the application of risk mitigation techniques. The incumbent will be required to influence without formal authority, explain detailed and complex scenarios to technical and non-technical stakeholders and ‘own’ outcomes to drive them to a successful conclusion. The incumbent will also have extensive knowledge and experience across the cyber disciplines including controls, incident management, emerging risk, technical architecture, and process orientation.

Responsibilities:

• Team Management
• Building and developing an effective team structure
• Setting meaningful and achievable team goals
• Assigning and tracking projects effectively
• Excellent communication skills
• Act as a Trusted Security Advisor to business and technology teams, guiding them on understanding and addressing cyber risk.
• Develop relationships with the business, technology, second line, third line, and other CISO teams.
• Articulate risk and impact to stakeholders (at all levels of the organization) in a clear and succinct manner.
• Evaluate CISO programs escalations, security incidents, key metrics, and other sources to prepare guidance for stakeholders on risk remediation and reduction prioritization.
• Review results of cyber security risk appetite non-compliance, understand the gaps identified, their root causes, impacts and provide guidance to responsible stakeholders, as well as insights on key themes and remediation plans to CISO and related governance organizations.
• Partner with BFT-ISO leadership to identify and dimension cyber risk, presenting status and actions.
• Partner with other BFT-ISO leaders, as well as second line of defense to drive security compliance and awareness.
• Develop expertise of Citi’s cyber security standards and partner with business/technology teams to help them understand the “so what” and prioritize risk reduction efforts.
• Oversight of issues identified and excellent understanding of impacts to the Services Business.
• Articulate how risk scoring is determined and be able to articulate why a risk is high, medium, or low.
• Determine if compensating/mitigating controls are sufficient to reduce risk score
• Determine if severity should be increased when risks are aggregated.
• Challenge issue owners and the organization on predicted to achieve appropriate risk reduction.
• Define, develop and present risk-based reporting to senior leaders, stakeholders, including business, technology, second line of defense, and other BFT-ISO teams.
• Client / Vendor Support
• Partner with Enterprise CISO Programs to ensure third party risks are effectively captured, dimensioned and addressed to align to Citi’s risk appetite.
• Understand regulatory and country-specific requirements for cyber security impacting the business and support audit requests working in partnership with CISO Governance, Controls and Policy.

Qualifications:

• 10-15 years of relevant experience.
• Understanding of security frameworks and risk methodologies, specifically the Cyber Risk Institute (CRI) Profile.
• Understanding of policy compliance and how it relates to risk. Developing strategies to address any potential gaps between policy and current risk.
• Extensive knowledge of information security risk assessment methodologies, tools, and industry standards.
• Excellent leadership, analytical, and problem-solving skills
• Excellent communication and interpersonal skills.
• CRISC, CISA, CISM, CISSP, CEH preferred.
• At least intermediate-level proficiency in Microsoft Office tools

Critical Competencies:

• Expert knowledge of the Services business models and their associated risks.
• Ability to articulate complex concepts to all levels of the organization.
• Ability to work at both a strategic and tactical level, focusing on the broader picture while driving execution.
• Experience in managing a team to achieve multiple (sometimes competing) priorities.
• Ability to manage multiple initiatives simultaneously, determine prioritization, and work under minimal supervision.
• Awareness of latest risk management developments in the wider environment.
• Capability to flourish in a global, diverse, and hybrid (office and virtual) work environment.
• Project management skills, ability to organize and prioritize activities, and report on those activities at an executive level.
• Strong risk analysis and problem-solving skills.
• Knowledge of regulatory, and compliance requirements in the financial services industry.

Anticipated Posting Close Date:

View the " " poster. View the .

View the .

View the