Cyber Security Controls Testing Leader – C13
The Global Functions Control Testing Utility is responsible for the testing of controls that are designed and executed by the Citi’s Global Functions teams such as Finance, HR, Operations, Technology, COO & ESPA as well as the CBNA Legal Vehicle.
This position reports to the Cyber Security Controls Testing Head, within the Global Functions Technology Control Testing Utility; and is an execution-oriented individual contributor position accountable for end-to-end Cyber Security & Information Security controls monitoring – i.e., operational controls performance assurance/testing – which includes design, execution, results reporting, and insight sharing related to the above scope of controls monitoring/testing.
The Cyber Security Controls Testing leader is a subject matter expert on overall controls monitoring, with an excellent level of understanding of control testing and who closely follows latest trends in Cyber Security & Information Security controls testing and adapts them for application within their own job and covered businesses and functions.
Excellent communication skills required to negotiate internally, often at a senior level. Developed communication and diplomacy skills are required to guide, influence and convince others, particularly colleagues in other areas and occasional external customers. Accountable for significant controls testing results and advice regarding the controls execution. Necessitates a degree of responsibility over technical strategy.
Responsibilities:
- Supports the Cyber Security Controls Testing Utility by acting on assessing control design, designing control testing tools, developing control testing procedures, ensure control testing transitions, dispositioning exceptions, and developing insights.
- Carries key responsibility for Control Design Assessment (CDA) by executing CDA checklist/procedures for controls and recording results in Citi Risk & Control (CRC).
- Owns significant portions of control testing design activity, which includes writing control testing tool descriptions, and completing control testing and QUEST setup.
- Develops control testing procedures in Confluence and is responsible for obtaining necessary signoffs from covered businesses and functions.
- Performs a uniquely significant role on training Central Execution team overseas on all designed control testing tools and established control testing procedures.
- Has the ultimate decision on controls testing outlier disputes, holds the responsibility to raise concerns through IMPACT Concerns or QUEST Observation Logs based on the Business.
- Creates materials for Operational Risk Forums (ORF) and senior meetings as needed and investigates causes for results that are deviating from trends and escalate situations that pose excessive risk(s).
- Develops and drives quality-checking routines to ensure compliance with all relevant policies, operating guides, and owned control testing.
- Supports team members on topics ranging from control testing design to performance management and control testing platforms basics.
- Helps drive continuous improvements in accuracy, efficiency, timeliness, and quality of MCA control design assessment and controls testing.
- Maintains relationships and drives accountability with partners and stakeholders to drive control testing's success in support of the business's strategy.
- Appropriately assesses risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.
- Support other relevant work efforts of the department where needed and as directed by their manager.
Qualifications:
- 5+ years relevant experience, 3+ years in Risk & Controls roles.
- Subject matter expert on controls design, execution and/or control testing.
- Excellent understanding of MCA (Managers Control Assessment) frameworks and processes.
- Advanced skills in MS Word, MS Excel, MS PowerPoint, and MS SharePoint.
- In-depth experience of Cyber Security & Information Security Controls as well as strong exposure to Risk and Control as well as Controls Design, Monitoring and Testing.
- Effective communication, written and presentation skills.
- Strong people and relationship management skills with the ability to influence others and foster a sense of collaboration.
- Independent thinker and able to perform a credible challenge of businesses/functions.
- Ability to work effectively on virtual teams, including across different geographies and time zones preferred.
- Relevant certification related to Cyber Security & Information Security as well as Risk & Control would be preferred.
Travel Requirement:
Education:
- Bachelor’s/University degree, Master’s degree preferred.
Primary Locations:
- Irving, Tampa, Jacksonville, Florence.
The Business Risk and Control Officer is a strategic professional who stays abreast of developments within own field and contributes to directional strategy by considering their application in own job and the business. Recognized technical authority for an area within the business. Requires basic commercial awareness. There are typically multiple people within the business that provide the same level of subject matter expertise. Developed communication and diplomacy skills are required in order to guide, influence and convince others, in particular colleagues in other areas and occasional external customers. Significant impact on the area through complex deliverables. Provides advice and counsel related to the technology or operations of the business. Work impacts an entire area, which eventually affects the overall performance and effectiveness of the sub-function/job family
Responsibilities:
- Help contribute to governance andthe facilitation of the execution of the Manager Control Assessment (MCA,i.e. Risk & Control Self-Assessment) as required by the MCA Standard including the assessment andappropriate approval of risk associated with business changes.
- Support teams in the quality, completeness, and accuracy of the implementation of the Control Framework, including Risk Control Policy, Control Standard, Issue Management Policy, Lesson Learned Policy and Control Inventory.
- Assist in performing a detailed analysis on the identification of issue root cause, partnering with control and processowners to recommendations holistic corrective actions and improvements, provide check andchallenge to ensure appropriate escalation in according with Issue Management and Escalation Policies.
- Help contribute to the Lessons Learned Policy, including monitoring of control breaches anddissemination and learnings across other business units for process improvement to limit theoccurrence of similar future events and where similar risk exposure might exist.
- Support the review and challenge process, within the FLUs, on the effective design and management ofcontrols to mitigate risks as required by the Control Standards, including implementation andoperation, conducting the control monitoring, handling deficiencies, and escalating issues forresolution.
- Help contribute to the timeliness, accuracy and completeness of the MCA through controls prior to theexecution of a process (QC).
- Assist in the monitoring of the adherence to the MCA Standard through controls after the execution of a process (QA).
- Support in dealing with Operational and Compliance Risk in accordance with established Policy requirements.
- Assist in performing a detailed analysis to identify, assess, escalate, and manage risk exposures across Risk Categories (Operational Compliance, Strategic, Reputational, etc), including material, emerging and concentration risks in accordance with enterprise Policies and the establishment of Key Indicators to monitor risk exposures.
- Assist in supporting Risk Appetite and monitor / assess exposures against this in accordance with enterprise requirements (if applicable).
- Be part of the process to identify, assess, record and response to Operational and Compliance Risk events, ensuring these are captured accurately, timely and in accordance with requirements.
- Help ensure that adequate governance and training are in place to support management of Risk profiles.
- Contribute to the risks associated with New Activities and changes to the Business, ensuring these are well understood and adequately controlled (if applicable).
- Support operational risk scenario analysis and stress testing for Operational Risk Capital requirements.
- Support with risk and control assessments or coordination for programs within various risk stripes and ensure sufficient subject matter expertise exists to enable management of these risks within the Business (e.g. third party, fraud, sanctions etc) (if applicable).
- Coordinate risk and control responsibilities and ensure accountabilities are embedded within FLUs, including providing training and leading by example.
- Support with standards and procedures that conform to enterprise requirements and support sound operational and compliance risk management.
- Apply knowledge of the business, products or services to identify and implement control points and processes throughout the business.
- Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behaviour, conduct and business practices, and escalating, managing and reporting control issues with transparency.
Qualifications:
- 6-10 years of experience.
- MS Excel, MS Access, SAS, SQL, Visual Basic a plus. 5+ years’ experience in financial services.
- Consistently demonstrates clear and concise written and verbal communication skills
- Effective organizational influencing skills required.
- Third party vendor management preferred. Demonstrated ability to lead global team efforts
- Excellent problem-solving skills Ability to comprehend the big pictures with high attention to critical details
- Demonstrated ability to develop and implement strategy and process improvement initiatives.
Education:
- Bachelor's/University degree, Master's degree preferred.
------------------------------------------------------
Job Family Group:
Risk Management
------------------------------------------------------
Job Family:
Business Risk & Control
------------------------------------------------------
Time Type:
Full time
------------------------------------------------------
Primary Location:
Jacksonville Florida United States
------------------------------------------------------
Primary Location Full Time Salary Range:
$103,920.00 - $155,880.00
In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.
------------------------------------------------------
Anticipated Posting Close Date:
Nov 06, 2024
------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.
View the "EEO is the Law" poster. View the EEO is the Law Supplement.
View the EEO Policy Statement.
View the Pay Transparency Posting