Operational Risk - Cyber Risk DevSecOps SVP
Posted on: November 26, 2022
The Operational Risk Management (ORM) Group at Citi is the firms
reliable second set of eyes. Our mission is to drive comprehensive
and consistent practices designed to identify, measure, monitor,
report and manage operational risks while promoting the
implementation of actions to address root causes, which may lead to
unintended operational losses. The ORM TCRO (Tech and Cyber Risk
Office) team provides the specialist subject matter experts to
challenge the enterprise infrastructure, Operations and Technology
entities across the firm. We are the technology and cyber conscious
of the bank. In line with the ORM framework, we aim to ensure that
the internal controls that are designed to mitigate technology and
cyber risks are managed, mitigated and aligned with our risk
The Enterprise Tech/Cyber Architecture and Engineering Risk group
within TCRO is responsible to influence, challenge, and provide
oversight to Enterprise Tech and Cyber Architecture and
The Operational Risk - Cyber Risk SVP is part of the Second Line
function providing oversight including influencing and challenging
the First Line and the businesses on risks with Cyber Risk
including Secure SDLC, API Security, IAM, DevSecOps, and cyber risk
assessments. Oversight areas includes, but is not limited to,
governance, identification of risks, developing remediation
strategies, and influencing the strategy and execution of the
program. This position will be actively working with the ORM
Business and Regional teams to provide subject matter expertise and
align the oversight and challenge activities with the components of
the operational risk management framework.
The objective of the Operational Risk - Cyber Risk SVP is to reduce
operational losses while enabling the objectives of the program at
Citi, through challenge, influence, and advisory on initiatives in
firm regarding Secure SDLC, DevSecOps, API security.
The role will be responsible for building engagement with key
stakeholders, anticipating, challenging, and mitigating risks that
could affect business objectives.
Review of cyber programs and solutions for the associated risks and
controls to challenge their appropriateness and effectiveness.
Review, influence, and challenge Secure SDLC standards, principles,
execution, and metrics.
Provide technical advisory and oversight with respect to the
development and execution of the First Line application security
Review the enterprise Information Security standards and procedures
to provide oversight, influence, and challenge on their
effectiveness, alignment to industry standards.
Influence and challenge existing and evolving/emerging enterprise
Conduct risk reviews to identify cyber risks including but not
limited to Secure SDLC, DevSecOps; determine effectiveness of
enterprise cyber standards, measured view of risks and
Engagement across enterprise cyber teams including infrastructure,
cloud security, IAM, to oversee alignment of roadmaps and
Provide thought leadership on cyber engineering and architecture,
and best practices
Maintain and apply a broad and current industry perspective on
cyber trends/opportunities, leading practices, and our
position/capability/performance relative to direct competitors and
The candidate will have over 10 years of experience in
technology/cyber risk, risk assessments, metrics, enterprise cyber
services, risks and controls within globally complex, dispersed and
More specific experience, knowledge and skills are outlined
--- Extensive experience in conducting cyber risk reviews
--- Strong knowledge/experience in application security assessment
--- Evaluating DevSecOps programs to embed security
--- Assessing or implementing Secure SDLC programs
--- Knowledge/experience in API Security
--- Understanding of industry standards including NIST, CRI
--- Strong experience leading operational risk reviews including
identification of potential issues, and coordination with various
teams including leadership
--- Ability and confidence to exercise influence over a wide range
of individuals at all levels of technical & business
--- Strong presentation skills: able to use data to tell a clear,
--- Strong analytical and problem-solving skills.
--- Comfortable interacting directly with technology executive
leadership, including in a high stress environment.
--- Builds partnerships across functions and regions; collaborates
well with others.
Job Family Group:
Risk Management -
New York New York United States
Primary Location Salary Range:
$164,310.00 - $246,460.00
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to
their race, color, religion, sex, sexual orientation, gender
identity, national origin, disability, or status as a protected
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified
interested applicants to apply for career opportunities. If you are
a person with a disability and need a reasonable accommodation to
use our search tools and/or apply for a career opportunity review
Accessibility at Citi .
View the " EEO is the Law " poster. View the EEO is the Law
View the EEO Policy Statement .
View the Pay Transparency Posting
Effective November 1, 2021, Citi requires that all successful
applicants for positions located in the United States or Puerto
Rico be fully vaccinated against COVID-19 as a condition of
employment and provide proof of such vaccination prior to
commencement of employment.
Keywords: Citi, Brandon , Operational Risk - Cyber Risk DevSecOps SVP, Other , Zephyrhills, Florida
Didn't find what you're looking for? Search again!