Resilience Risk 2nd LOD Lead Analyst, Vice President

About The Position

Requirements

• Strong understanding of enterprise resilience concepts, including operational disruption, critical services, impact tolerance, dependency mapping, and recovery planning.
• Demonstrated ability to independently assess risk, challenge assumptions, and influence senior stakeholders across the lines of defense.
• Experience translating complex operational, technology, or dependency risks into clear, governance-ready insights.
• Comfort operating in evolving regulatory environments and time-bound deliverables.
• Strong written and verbal communication skills, with experience supporting senior management and risk committees.
• Strong experience in Operational Risk Management, Enterprise Resilience, Business Continuity, Technology Risk, or related risk disciplines.
• Demonstrated experience with: Risk and control assessments (MCA or equivalent), Risk appetite and RAA processes, Issue management and remediation oversight, Scenario based risk assessment and testing
• Ability to assess both control design and operating effectiveness, with attention to sustainability and execution risk.
• Proficiency in Microsoft PowerPoint and Excel, with experience preparing executive level materials.
• Strong organizational skills and ability to manage multiple priorities independently.
• Bachelor's degree required.

Responsibilities

• Serve as an Independent Second Line Enterprise Resilience Risk partner, providing oversight and challenge to the First Line's execution of the Enterprise Resilience Framework (ERF).
• Execute resilience risk oversight through the Operational Risk Management Framework, including risk identification, MCA assessment, issue management, and governance escalation.
• Support the development, maturation, and ongoing effectiveness assessment of enterprise-wide resilience capabilities, including business services, impact tolerances, disruption scenarios, and recovery strategies.
• Provide credible challenge to senior stakeholders on resilience risk decisions, framework changes, risk acceptance, and remediation prioritization.
• Prepare clear, executive-level risk summaries to inform senior management, risk committees, and regulatory discussions.
• Support regulatory interactions related to enterprise resilience, including preparation of materials, articulation of Second Line challenge, and follow-up on supervisory themes and findings.
• Conduct independent Second Line reviews of Enterprise Resilience Framework implementation, assessing alignment to policy, standards, and applicable regulatory and supervisory expectations.
• Provide risk input and challenge on: Identification of important business services and critical activities Impact tolerance definition and assumptions Disruption scenario severity, plausibility, and coverage Mapping of people, technology, third parties, facilities, and data dependencies Recovery and remediation strategy sufficiency
• Assess resilience-related MCA control design and operating effectiveness, including sustainability, ownership clarity, and integration across risk types.
• Support resilience risk appetite and quarterly Risk Appetite Assessment (RAA) processes by: Aggregating qualitative and quantitative resilience risk inputs Assessing consistency between risk evidence, RAA factor mapping, and conclusions Providing an independent Second Line view of resilience risk posture
• Review and challenge resilience-related issues and corrective action plans (CAPs), including root cause quality, remediation realism, sequencing, and residual risk.
• Analyze operational loss events, incidents, near misses, testing outcomes, and scenario results to identify emerging or systemic resilience weaknesses.
• Support assessment of cross cutting dependency and concentration risk (e.g., single points of failure across technology, third parties, locations, or data).
• Contribute to enterprise resilience governance forums, providing independent risk perspectives, thematic insights, and escalation recommendations.
• Prepare executive materials ready for summarizing: Overall resilience risk posture, Key vulnerabilities and single points of failure, Thematic trends and systemic risks, Recommended areas of management focus
• Identify emerging resilience risks, regulatory sensitivities, and execution gaps requiring heightened oversight or escalation.
• Track and manage assigned resilience framework initiatives or second line deliverables, ensuring transparency, prioritization, and timely execution.
• Partner closely with First Line Resilience, Technology, Business, and Infrastructure teams while maintaining Second Line independence.
• Collaborate with horizontal Risk SMEs (incl. but not limited to Technology Risk, Third-Party Risk, Cyber Risk, Compliance, Human Capital Risk, and Data Risk) to ensure comprehensive resilience risk coverage.
• Act as a trusted resilience risk advisor to stakeholders, balancing constructive challenge with pragmatic risk guidance.
• Partner with Compliance, Legal, and relevant Risk functions to support coordinated responses to resilience-related regulatory inquiries and examinations, as appropriate.
• Support resilience risk training, awareness, and capability building across ORM.

Benefits

• In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards.
• Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs.
• Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays.
• For additional information regarding Citi employee benefits, please visit citibenefits.com.
• Available offerings may vary by jurisdiction, job level, and date of hire.