Cyber and Information Security Risk Manager, Senior Vice President

This role is critical for safeguarding the bank's financial stability and sustained growth by expertly managing Cyber & Information Security risks. The position involves identifying, assessing, measuring, monitoring, and reporting on these risks, ensuring all operations align with the Markets defined risk appetite. This professional provides a comprehensive view of the cyber threat landscape, enabling proactive anticipation, assessment, and mitigation of potential security risks across the Markets Business.

What you’ll do:

• Proactively identify and assess evolving Cyber & Information Security risks across the business and technology landscape.
• Design and lead strategic initiatives to enhance cyber and information security controls and processes, ensuring alignment with risk appetite.
• Collaborate effectively with business unit leaders and diverse stakeholders to embed robust cyber risk management practices into business operations.
• Partner with 2nd line functions (e.g., Information Security Compliance, Operational Risk Management) to interpret and apply cyber risk requirements and policies accurately.
• Engage with 3rd line functions (e.g., Internal Audit, Compliance Assurance) to facilitate independent assessments, address findings, and drive resolution of cyber and information security issues.
• Maintain comprehensive oversight of cyber risk posture through continuous monitoring of metrics, activity, and corrective action plan execution.
• Prepare and present clear, concise updates on emerging cyber risks, control effectiveness, and strategic enhancements to senior management and governance committees.
• Ensure rigorous adherence to information security policies and regulatory requirements, including maintaining a robust Manager’s Control Assessment (MCA) for Cyber & Information Security.
• Serve as a primary liaison for all internal and external audit engagements related to Cyber & Information Security.
• Lead and mentor a team focused on cyber risk assessment, regulatory compliance, and efficient reporting and resolution of security-related matters.

What we’ll need from you:

• Significant progressive experience in Cyber & Information Security Risk Management, IT Risk, Security Compliance, or IT Audit, with significant experience in a financial services environment.
• Demonstrated expertise in identifying, assessing, measuring, monitoring, and reporting on complex cyber and information security risks.
• Proven track record of designing and leading initiatives to enhance security controls and processes.
• Extensive experience collaborating with and managing expectations of diverse stakeholders, including business unit leaders, technical teams, and 2nd and 3rd line functions (e.g., Information Security Compliance, Operational Risk, Internal Audit, Regulators).
• Strong understanding of evolving cyber threat landscapes, regulatory requirements (e.g., NIST, ISO 27001, GLBA), and industry best practices.
• Proficient in maintaining risk and control frameworks, including Manager’s Control Assessment (MCA), specifically for Cyber & Information Security risks.
• Exceptional communication and presentation skills, with the ability to articulate complex cyber risk concepts and their business impact to senior management and governance committees.
• Ability to act as a primary liaison for all audit and regulatory engagements pertaining to Cyber & Information Security.
• Strong leadership capabilities with experience in leading and mentoring risk management professionals.
• Bachelor's degree required; Master’s degree or relevant professional certifications (e.g., CISSP, CISM, CRISC) preferred.

What we can offer you:

• Generous holiday allowance starting at 27 days plus bank holidays; increasing with tenure.
• Discretional annual performance related bonus.
• Private medical insurance packages to suit your personal circumstances.
• Employee Assistance Program.
• Pension Plan.
• Paid Parental Leave.
• Special discounts for employees, family, and friends.
• Access to an array of learning and development resources.

Alongside these benefits, Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self every day. We aim to energize talent around the world to thrive. Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability, you may request reasonable accommodation for using our search tools or applying for this opportunity.