26942361 Technology Business Risk Group Manager (Information Security)

Citi Information Security Office (CISO) Technology Business Risk Group Manager candidate will work with their staff to support the APAC Citi Information Security Office (CISO) group, helping the team the associated risks for the CISO processes, domains, and product.  While the support will be focused on the APAC group, this position will help influence global CISO Risk and Control processes.  This will be done through designing, implementing, and monitoring of risk and control framework.  Person will be required to work with SMEs on Internal and external Audits; drive compliance of processes, Infrastructure, and applications with Citi Policies; ensure the teams follow the issue management standards and contribute to an Effective Management Control Assessment.

Responsibilities:

• Be responsible for managing and supporting multiple risk and control programs for the organization including working with the global CISO Risk team to define the strategy, approach, processes, quality, tools and reporting that provide APAC risk management consistency and excellence within CISO.

• Accountable for management of complex/critical/large professional disciplinary areas, including leading and directing a team of professionals.

• Generally accountable for delivery of a full range of services to one or more businesses/ geographic regions.

• Ensure that emerging risks identified are socialized with key stakeholders and mitigation strategies are in place.

• Identify areas of engagement based on level of investment, inherent risk, complexity of change and other risk factors

• Execute Risk Control coverage strategy, ensure appropriate risk mitigation actions are in place and escalate to senior management as appropriate

• Provide supervision of Risk Control team's efforts and assist with prioritizing and addressing roadblocks encountered

• Identify and assign key metrics (e.g. KRI/KPIs) to support effective monitoring and management of operational risk including controls assurance and ensure issues identified and corrective actions are raised to address gaps.

• Provide strong oversight of CAP (Corrective Action Plan) remediation activities both for audit and control issues including quality completion of Risk Exception documentation and annual renewals. Support the assigned technology platform re ensuring the remediation of corrective actions relating to both self-identified and audit issues are completed on time and with the appropriate level of quality and adherence to IBAM.

• Support assigned technology platform during internal and external audits. Assist in all interactions with audit including deliverables management, audit fieldwork, business monitoring and meetings.

• Leverage reporting to identify trends, themes and areas requiring improved controls

• Drive Manager's Control Assessment monitoring, quarterly approvals and improvements required

• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.

• Complete all tasks in connection with the organization’s activity but not detailed in the current job description, assigned by the direct manager, supervisor, or the functional head.

Ideal Background

• 10+ years’ experience in Risk and people management

• Demonstrable Information Security Risk knowledge based on working in real-world environments & situations.

• Excellent communication skills required in order to negotiate internally, often at a senior level. Some external communication may be necessary.

• Full management responsibility of a team or multiple teams.

• Prior experience dealing with regulators and auditors

Education:

• Bachelor’s/University degree or equivalent experience, potentially Master’s degree

• Relevant professional qualifications with Risk / Security management.