Operational Risk - Cyber Risk DevSecOps SVP
OverviewThe Operational Risk Management (ORM) Group at Citi is the firms reliable second set of eyes. Our mission is to drive comprehensive and consistent practices designed to identify, measure, monitor, report and manage operational risks while promoting the implementation of actions to address root causes, which may lead to unintended operational losses. The ORM TCRO (Tech and Cyber Risk Office) team provides the specialist subject matter experts to challenge the enterprise infrastructure, Operations and Technology entities across the firm. We are the technology and cyber conscious of the bank. In line with the ORM framework, we aim to ensure that the internal controls that are designed to mitigate technology and cyber risks are managed, mitigated and aligned with our risk appetite. Responsibilities:The Enterprise Tech/Cyber Architecture and Engineering Risk group within TCRO is responsible to influence, challenge, and provide oversight to Enterprise Tech and Cyber Architecture and Engineering/The Operational Risk - Cyber Risk SVP is part of the Second Line function providing oversight including influencing and challenging the First Line and the businesses on risks with Cyber Risk including Secure SDLC, API Security, IAM, DevSecOps, and cyber risk assessments. Oversight areas includes, but is not limited to, governance, identification of risks, developing remediation strategies, and influencing the strategy and execution of the program. This position will be actively working with the ORM Business and Regional teams to provide subject matter expertise and align the oversight and challenge activities with the components of the operational risk management framework.Primary Objective The objective of the Operational Risk - Cyber Risk SVP is to reduce operational losses while enabling the objectives of the program at Citi, through challenge, influence, and advisory on initiatives in firm regarding Secure SDLC, DevSecOps, API security.The role will be responsible for building engagement with key stakeholders, anticipating, challenging, and mitigating risks that could affect business objectives. * Review of cyber programs and solutions for the associated risks and controls to challenge their appropriateness and effectiveness.* Review, influence, and challenge Secure SDLC standards, principles, execution, and metrics.* Provide technical advisory and oversight with respect to the development and execution of the First Line application security offerings.* Review the enterprise Information Security standards and procedures to provide oversight, influence, and challenge on their effectiveness, alignment to industry standards.* Influence and challenge existing and evolving/emerging enterprise cyber risks* Conduct risk reviews to identify cyber risks including but not limited to Secure SDLC, DevSecOps; determine effectiveness of enterprise cyber standards, measured view of risks and controls.* Engagement across enterprise cyber teams including infrastructure, cloud security, IAM, to oversee alignment of roadmaps and plans.* Provide thought leadership on cyber engineering and architecture, and best practices* Maintain and apply a broad and current industry perspective on cyber trends/opportunities, leading practices, and our position/capability/performance relative to direct competitors and parallel industries/organizations. Qualifications:The candidate will have over 10 years of experience in technology/cyber risk, risk assessments, metrics, enterprise cyber services, risks and controls within globally complex, dispersed and diverse organizations. More specific experience, knowledge and skills are outlined below: * Extensive experience in conducting cyber risk reviews* Strong knowledge/experience in application security assessment tools* Evaluating DevSecOps programs to embed security* Assessing or implementing Secure SDLC programs* Knowledge/experience in API Security* Understanding of industry standards including NIST, CRI etc.* Strong experience leading operational risk reviews including identification of potential issues, and coordination with various teams including leadershipCompetencies:* Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership.* Strong presentation skills: able to use data to tell a clear, compelling story* Strong analytical and problem-solving skills.* Comfortable interacting directly with technology executive leadership, including in a high stress environment.* Builds partnerships across functions and regions; collaborates well with others. Job Family Group: Risk Management Job Family:Operational Risk Time Type:Full time Citi is an equal opportunity and affirmative action employer.Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at CitiView the "EEO is the Law" poster. View the EEO is the Law Supplement.View the EEO Policy Statement.View the Pay Transparency Posting Effective November 1, 2021, Citi requires that all successful applicants for positions located in the United States or Puerto Rico be fully vaccinated against COVID-19 as a condition of employment and provide proof of such vaccination prior to commencement of employment.