Cyber and Information Security Risk Manager, Senior Vice President

Overview

Are you looking for a career move that will put you at the heart of a global financial institution? Bring your skills in risk identification, project management and communication to Citi’s Business Disruption Risk Team. By joining Citi, you will become part of a global organisation whose mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress.

This role is critical for safeguarding the bank's financial stability and sustained growth by expertly managing Cyber & Information Security risks. The position involves identifying, assessing, measuring, monitoring, and reporting on these risks, ensuring all operations align with the Markets defined risk appetite. This professional provides a comprehensive view of the cyber threat landscape, enabling proactive anticipation, assessment, and mitigation of potential security risks across the Markets Business.

• Proactively identify and assess evolving Cyber & Information Security risks across the business and technology landscape.
• Design and lead strategic initiatives to enhance cyber and information security controls and processes, ensuring alignment with risk appetite.
• Collaborate effectively with business unit leaders and diverse stakeholders to embed robust cyber risk management practices into business operations.
• Partner with 2nd line functions (e.g., Information Security Compliance, Operational Risk Management) to interpret and apply cyber risk requirements and policies accurately.
• Engage with 3rd line functions (e.g., Internal Audit, Compliance Assurance) to facilitate independent assessments, address findings, and drive resolution of cyber and information security issues.
• Maintain comprehensive oversight of cyber risk posture through continuous monitoring of metrics, activity, and corrective action plan execution.
• Prepare and present clear, concise updates on emerging cyber risks, control effectiveness, and strategic enhancements to senior management and governance committees.
• Ensure rigorous adherence to information security policies and regulatory requirements, including maintaining a robust Manager’s Control Assessment (MCA) for Cyber & Information Security.
• Serve as a primary liaison for all internal and external audit engagements related to Cyber & Information Security.
• Lead and mentor a team focused on cyber risk assessment, regulatory compliance, and efficient reporting and resolution of security-related matters.

• 10+ years of progressive experience in Cyber & Information Security Risk Management, IT Risk, Security Compliance, or IT Audit, with significant experience in a financial services environment.
• Demonstrated expertise in identifying, assessing, measuring, monitoring, and reporting on complex cyber and information security risks.
• Proven track record of designing and leading initiatives to enhance security controls and processes.
• Extensive experience collaborating with and managing expectations of diverse stakeholders, including business unit leaders, technical teams, and 2nd and 3rd line functions (e.g., Information Security Compliance, Operational Risk, Internal Audit, Regulators).
• Strong understanding of evolving cyber threat landscapes, regulatory requirements (e.g., NIST, ISO 27001, GLBA), and industry best practices.
• Proficient in maintaining risk and control frameworks, including Manager’s Control Assessment (MCA), specifically for Cyber & Information Security risks.
• Exceptional communication and presentation skills, with the ability to articulate complex cyber risk concepts and their business impact to senior management and governance committees.
• Ability to act as a primary liaison for all audit and regulatory engagements pertaining to Cyber & Information Security.
• Strong leadership capabilities with experience in leading and mentoring risk management professionals.
• Bachelor's degree required;
  Master's degree or relevant professional certifications (e.g., CISSP, CISM, CRISC) preferred.

This role offers the opportunity to build in-depth knowledge of the cyber threat landscape…