This role provides the Internal Audit organization with strategic direction in the establishment of risk-based auditing and reporting methodologies, and organizational design of the CoB audit function to ensure quality and independent assurance which is consistent and aligned with Citigroup and Citibank business objectives, and for a sub set of a product line/function entity ensures the timely delivery of high quality, value added assurance and audit reports which meet the requirements of the Boards of Citigroup and Citibank, their affiliates and of Citi's respective regulators, globally. This role is specifically responsible for the management of risk assessment and audit delivery for global Continuity of Business (CoB) and Operational & Technology Risks processes at Citi and includes CoB Governance and Operations, Operational Resiliency, Crisis Management, and the Risk Governance Framework Programs. In addition, the role will own or support audits of core CoB and Operational & Technology Risk IT, product or function audits. This encompasses providing objective, risk based, independent assurance with respect to the design and operating effectiveness of controls associated with CoB that support critical business systems and processes across the group
Works with the Chief Auditor for InfoSec/Continuity of Business (CoB) to define the strategic direction of Citi's global CoB internal auditing program, which is to be consistent and aligned with Citigroup and Citibank business objectives.
Uses excellent communication, leadership and strong management skills to influence a wide range of internal audiences including respective product, function, or regional executive management partners and external audiences including regulators and external auditors. Frequently engages in both internal and external negotiations which will have a major impact on the function, and possibly on the organization as a whole.
Responsible for the delivery of high quality, value-added, multiple concurrent CoB and Operational Technology/Risk audits that are complete, insightful, timely, concise, cost effective, and are in accordance with IA standards, Citi policies, and local regulations.
Ensures timely delivery of comprehensive regulatory and internal audit issue validation, and where determined appropriate, issue validation on other remediation actions, including issues arising from the external auditors, consultants and other parties.
Contributes towards the delivery of high impact reports of IA's contributions to executive management, regulators, and Citigroup and Citibank boards' sub-committees, developing trend analyses and thematic reporting.
Manages multiple teams of professionals. Recruits staff, develops talent, builds effective teams, and manages a budget. Identifies internal talent and fills key positions, attracts talent with required expertise to meet the risk profile of the business, builds deep bench strength and develops appropriate succession plans.
Possesses a broad and comprehensive experience in auditing general and application controls across a variety of technologies and platforms using CoB industry best practices and standards, including FFIEC Appendix J and the NIST Cybersecurity and Risk Management Frameworks. Applies a broad and comprehensive understanding of high risk CoB areas including continuity of business, disaster recovery, operational resiliency, and crisis management.
Delivers learning and development programs and is a recognized leader in training and developing others.
Develops approaches to promote knowledge sharing and promulgate management best practices across Internal Audit and both Citibank and Citigroup.
Ensures IA meets/exceeds the requirements and expectations of Citibank's and Citigroup's regulators.
Works closely and collegially within IA and with line management and control functions to ensure efficient and effective provision of independent audit assurance.
Possesses strong project management and interpersonal skills, makes sound decisions, exhibiting initiative and intuitive thinking, political astuteness, and sensitivity to cultural diversity.
Collaborates across businesses and functions to improve the identification, quantification, measurement, management, reporting and controls in governance, risk management and internal control environments
BA/BS or equivalent. Related certifications (CISSP, CISA, CISM, CPA/CITP or similar) are desired.
Demonstrated director-level experience in designing and delivering CoB audit programs to large businesses or governmental entities.
Specific subject matter expertise in auditing CoB controls across a variety of technologies and platforms and demonstrated experience in auditing using Appendix J of the FFIEC handbook and the NIST Cybersecurity and Risk Management Frameworks.
Demonstrated experience in delivering high quality, value-added, multiple concurrent CoB audits that are complete, insightful, timely, concise, cost effective, and are in accordance with IA standards, laws, and local regulations.
Demonstrated experience in developing a CoB audit strategy that reflects the organization's risk profile, regulatory/legal requirements, current threat trends, and CoB industry best practices.
Knowledge and experience in developing and executing CoB risk assessments that align to organization strategies and business objectives.
Demonstrated experience in managing professionals across multiple projects; recruiting, developing, and building effective teams; and developing appropriate succession plans.
Effective negotiation skills, a proactive and 'no surprises' approach in communicating issues and strength in sustaining independent views.
Articulate and effective communicator, both orally and in writing, with an energetic, charismatic and approachable style, well-developed listening skills, and a strong ability to engage a variety of stakeholders, including senior officials, security professionals, regulators, and business executives, on a variety of technical audit matters that is audience-appropriate, risk-based, and actionable.