Risk - Global Head of Cyber Security Risk - Md - London, United Kingdom - Citi

Citi

Verified Company

London, United Kingdom

1 week ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Responsibilities

Reporting into the Head of Enterprise Technology and Cyber Risk (ETCR), the Enterprise Technology & Cyber Risk - Operations Lead will have oversight responsibility for a significant portfolio of the Enterprise Operations & Technology (EO&T) organization.

The following highlight the coverage area responsibilities for this Managing Director position:

Oversight and challenge of the technology and cybersecurity incident response programs.
Oversight of the security operations center (SOC) and cybersecurity fusion center (CSFC).
Oversight of cybersecurity penetration testing and redteam operations.
Oversight of the Chief Information Security Office (CISO), including the review of the effectiveness of the controls, standards and programs across the enterprise.
Implementation of guidance for overseeing Emerging Technology and Operational Risks, in compliance with OCC Heightened Standards.
Able to present and lead discussions with key Regulators, internal and external auditors, as well the Board of Directors and the Risk and Audit subcommittees.

Building upon Citi's Operational Risk Management Framework, this Managing Director position will have responsibility to perform independent assessment of technology and other operational inherent risks in Citi's infrastructure and security programs and services, and reviewing the acceptability of residual risk.

Working with colleagues in Risk, as well as technology, business and other control functions, the Enterprise Technology & Cybersecurity Risk - Operations Lead will contribute to the following:

Governance and Oversight of business and technology risk
Support in the development of Policy and Standards
Oversight of Key Operational Risks and related indicators and thresholds
Challenge of business and technology Risk Self Assessments
Challenge of Business and Technology Scenario Analysis
Perform internal and external event reviews specific to the EO&T portfolio
Issue management, oversight and escalation
Advise on best practices leveraging expertise and industry insights

Qualifications:

Knowledge /Experience

The Enterprise Technology & Cyber Risk - Operations Lead will be an acknowledged thought leader in technology and security risk management with over 15 years of hands-on technical experience in complex IT management, Information Security, and Emerging Technologies with globally complex, dispersed and diverse organizations.

The ideal Managing Director will have in-depth, detailed knowledge of good infrastructure, cloud, and emerging Technology Management, Operations and Information Security practices in the financial industry.

This individual should have the following experience and skills:

Indepth knowledge of the incident response program, including forensic investigation, User and Entity Behavior Analytics (UEBA), Security Orchestration and Automation (SOAR) and other security incident and event management capabilities.
Indepth knowledge of complex digital investigations supporting data loss prevention and insider threat programs.
Indepth knowledge of computer and network forensics techniques and current cyber threat environment.
Knowledge of Information technology including network, servers, databases, and data center design and operations, cloud, mobile & IoT security
Strong analytical and problemsolving skills

Technology Skill set requirements will include capability to manage all aspects of these standards:

Technology Architecture components common across the Financial Industry
Information Systems Audit and Control Association's (ISACA) COBIT* Standard
Information Technology Infrastructure Library (ITIL)
ISACA's Certified in Risk and Information Systems Control (CRISC) Job Practice Domains
Masters in a technology related field.
Project management experiences is a plus.

Strong Leadership Skills:

Provides leadership in risk identification, key risk indicator identification, and risk mitigation strategies in the domain of technology management.
Engages business and technology managers to identify key control indicators and maintain effective and efficient continuous control monitoring processes.
Strong analytical and problemsolving skills

.

Excellent Communication Skills:

Both verbal and written.
Ability to interact with and influence people/groups of widely varying disciplines and backgrounds.
Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership.
Experienced in using active listening techniques on a consistent basis.

Strong Presentation skills:

Comfortable with public speaking across various forums and be able to effectively and logically communicate when ideas are being challenged in an open forum.
Comfortable interacting directly with technology executive leadership, including in a high stress environment.
Understands the perspective of regulators and has the ability