About Citi:Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.Citi’s Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients’ and the public’s trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop are widely available to all.Job Purpose:This position is a critical role for the build out of the new second line Cyber Risk Management Function targeting the high level, high impact Cyber related threats to Citi's Franchise and Clients with the aim of enhancing the effectiveness of managing operational risks across products, business lines and regions. This will be a compact team assessing the comprehensiveness and effectiveness of Citi’s current first line Cyber defences. The Cyber Risk Assurance team serves as the authoritative body for providing independent assurance that the cyber threats faced by the firm have been properly understood, assessed and mitigated via first line information security defensive programs. The Cyber Risk Assurance Specialist is expected to plan, co-ordinate and conduct broad risk reviews according to a defined second line risk assurance framework. They will have the ability to understand complex business, IT and Information Security processes and be able to assess the implications of current and emerging cyber threats as well as recommend corrective action where needed.The Cyber Risk Assurance Specialist should be an experienced, credible, professional authority on Cyber Risk. This role is an ideal opportunity for a senior first line cyber security professional to take the next step in their career by leveraging their experience and skills to join a strategic, business-facing team of cyber professionals with a clear and global mandate to enhance the first line cyber defense of a top-tier systemically important organization.Key Responsibilities:
- Develop plans, coordinate and conduct in depth, independent assessments of first line business applications, systems and processes according to an established first line risk assurance methodology.
- Develop plans, coordinate and conduct high level credible challenge of first line Information Security applications, systems and processes according to an established second line risk assurance methodology.
- Identify potential cyberthreats, analyses the risks and developing standardized control recommendations.
- Analyze existing cyberrisk mitigation strategies /controls and developing assessments of their effectiveness.
- Develop recommendations of cyberrisk mitigating controls based on identified risks.
- Plan and schedule second-line defense assessments with the target stakeholders.
- Provide oversight responsibility for the quality and delivery schedule of independent assessments and/or credible challenges.
- Develop and build trust and credibility with first line stakeholders through an open, honest and professional engagement.
- Perform an analysis of both quantitative and qualitative data to identify key cyberrisk themes.
- Write detailed reports containing findings, observations and recommendations.
- Provide strategic input into the Cyber Risk Assurance framework and methodology to strengthen our independent assurance methodology.
- From time to time, represent Citi at external advocacy or information-sharing forums.
- Minimum 6 years of experience in IT Risk Management, Cyber Security, Information Security or related Audit function.
- Bachelor's degree in Computer Science, Business Administration, Mathematics, Science, Technology, Engineering or other professional field of study.
- Industry recognized Information Security certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) certifications, or other related certifications.
- Demonstrates considerable technical knowledge of Cyber Security, Data Protection, IT Risk or IT Audit/Compliance.
- A robust knowledge of emerging technologies, such as cloud, Internet of Things (IoT), data analytics / machine learning, block chain / digital currency / distributed leger technology is advantageous.
- Solid understanding of enterprise cybersecurity with experience of designing, operating or managing security solutions and controls within a complex global network.
- Considerable knowledge and understanding of common cybersecurity technology tools such as firewalls, IDPS, Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption and authentication.
- A robust understanding of IT and Information Security risk mitigation control processes such as vulnerability and threat management, patch management, penetration testing / red-teaming / cyber attack simulation.
- Knowledge of industry standards/regulations (ISO, NIST, PCI-DSS, PSD2, GDPR, NIS).
- Experience of managing cyber, IT or Information Security controls.
- Experience of overseeing or conducting independent risk assessments, business process or IT control auditing.
- Experience of working in a large multinational financial institution it advantageous.
- A broad understanding of global financial business activities such as Markets and Trading, Systematic/Algorithmic Trading, Transaction Services, Investment Banking and Consumer Banking.
- An understanding of global financial payment systems such as SWIFT is advantageous.
- Proven experience of interfacing with senior, C-level stakeholders.
- Proven experience of leading the planning and execution of projects in cybersecurity, risk management, compliance, IT audit or IT risk management.
- Execution and delivery focused; creating high quality reporting and analysis using appropriate business and technical language for the audience.
- Excellent communication and organisation skills.
- Demonstrable experience of managing conflict.
- Demonstrable political and organizational savvy.
- Aptitude and capability for conducting quantitative and qualitative analyses of large, complex IT systems and Business Processes.
- Thorough proficiency of MS Office Word, Excel & PowerPoint and generally highly IT proficient.
Job ID: 18012730