Global Head of Cyber Risk and Compliance

About The Position

Requirements

• Over 20 years of hands-on technical experience in complex IT management, Information Security, and Emerging Technologies with globally complex, dispersed and diverse organizations.
• In-depth, detailed knowledge of good infrastructure, cloud, and Emerging Technology Management inclusive of Artificial Intelligence, Operations and Information Security practices in the financial industry.
• 20+ years' experience in technology risk and/or cyber risk management in the banking/financial services industry, or related field, with at least 5+ years in 2nd or 3rd line senior leadership positions.
• Subject matter expert in technology risk and/or cyber risk management principles and practices across various information system architecture and engineering domains.
• Proven experience in managing complex risk portfolios and developing strategic risk management frameworks for large organizations.
• Robust understanding of operational risk management frameworks, industry standards, regulatory requirements, and risk mitigation practices.
• Experience managing and overseeing large remediation and transformation programs to achieve intended results.
• Extensive experience in effective written and verbal communication with executive audiences including Boards.
• Experienced risk challenger who balances risks vs. rewards aligned with corporate risk culture.
• Understanding of Citi products and services and downstream impacts of technology risk and/or cyber risk strategy.
• Capability to manage all aspects of these standards: Technology Architecture components common across the Financial Industry, Information Systems Audit and Control Association’s (ISACA) COBIT Standard, Information Technology Infrastructure Library (ITIL), ISACA’s Certified in Risk and Information Systems Control (CRISC) Job Practice Domains, Project management
• Strong Leadership Skills: Provides leadership in risk identification, key risk indicator identification, and risk mitigation strategies in the domain of technology management. Engages business and technology managers to identify key control indicators and maintain effective and efficient continuous control monitoring processes.
• Strong analytical and problem-solving skills.
• Excellent Communication Skills: Both verbal and written. Ability to interact with and influence people/groups of widely varying disciplines and backgrounds. Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership. Experienced in using active listening techniques on a consistent basis.
• Strong Presentation skills: Comfortable with public speaking across various forums and be able to effectively and logically communicate when ideas are being challenged in an open forum. Comfortable interacting directly with technology executive leadership, including in a high stress environment. Understands the perspective of regulators and has the ability to shape messages and content to respond to a changing variety of regulatory standards.
• Client Relationships/Business Partnerships: Strong planning, organization and time management experience that is strategically oriented, an innovative thinker, and a demonstrated and decisive decision maker. Collaboratively manage initiatives that span multiple geographic locations and time zones. Navigates organizational complexity; demonstrates organizational acumen. Builds partnerships across functions and regions; collaborates well with others. Networks regularly and builds relationships across Risk disciplines and with businesses, operations and technology
• The role is global, and the incumbent must be proactive and capable of leading solutions to global issues with others in different regions and time zones.
• The successful candidate will need to be a hands-on, self-starter, and able to manage tasks/timelines for self and others
• Bachelor's/University degree

Nice To Haves

• Master's degree preferred
• Professional certifications in either technology risk and/or cyber risk preferred, including: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ERM, CET, ISO27001, COBIT, TOGAF, or CRI
• In-depth, working knowledge of banking technologies, fraud, cybercrime detection and countermeasures, encryption, data retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management.
• Prior experience in previous roles should include companies with global technology infrastructure in global financial services firms.

Responsibilities

• Oversight and challenge of the cybersecurity incident response programs.
• Oversight of the security operations center (SOC) and cybersecurity fusion center (CSFC).
• Oversight of cybersecurity penetration testing and red-team operations.
• Oversight of the Chief Information Security Office (CISO), including the review of the effectiveness of the controls, standards and programs across the enterprise.
• Implementation of guidance for overseeing Emerging Technology and Operational Risks, in compliance with OCC Heightened Standards.
• Able to present and lead discussions with key Regulators, internal and external auditors, as well the Board of Directors and the Risk and Audit sub-committees.
• Governance and Oversight of security risks impacting the business and technology
• Support in the development of Cyber Policy and Standards
• Oversight of Key Operational Risks and related indicators and thresholds
• Challenge of Cyber Risk Self Assessments
• Challenge of Business and Technology Scenario Analysis
• Issue management, oversight and escalation
• Advise on best practices leveraging expertise and industry insights

Benefits

• medical, dental & vision coverage
• 401(k)
• life, accident, and disability insurance
• wellness programs
• paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays