Associate Vice President - Technology Risk & Controls
An AVP - Technology Risk & Controls is required to assist in implementing and maintaining a cohesive, effective, efficient, coordinated, and consolidated controls governance model in support of ICG Technology. Working closely with a dynamic business in a large and diverse environment, you will be:
●Responsible for establishing strong working relationships with Application Development, Information Security, Continuity of Business, as well as other Business/Operations/Infrastructure Risk Management teams.
●Provide assistance to application owners/management team to ensure Risk and Control issues and initiatives are addressed timely though a pro-active oriented mindset and matured enough in handling assigned activities and with the concerned stakeholders
●Review escalations of dashboard deviations (Project Quality Control, Issue and CAP management, End of Vendor Support, Production Access Control, Vulnerability assessments, SDLC documentation compliance, Engagement Form submission, FID management, CoB tests of applications, entitlement reviews - EERS, DB compliance exceptions in FortiDB, SSH trust public key exceptions, Citi SSO, Export license, Employee Due Diligence reviews, Third Party management, and Cross Border Data Clearance) after evaluating preliminary assessments.
●Manage technology components of Internal and External audits. Assist development teams in responding to audit requests, perform review of work for completeness and accuracy as needed.
● Actively identify control deficiencies through technology self-assessment testing, risk and control initiatives, and BAU meetings/discussions. Monitor progress of corrective action plans. ● Work with the Risk and Control teams to analyze the latest program and project scorecards, preparing execute summary reports for IT management.
● Perform Managers Control Assessment (MCA) testing of IT General Controls. Analyze test results and open corrective action plans as needed. Identify emerging risks and prepare Quarterly Risk Assessment (QRA) documents to summarize overall MCA results.
● Be the coordinator of Issue management, Quality Control, Bi-weekly risk committee, Business risk committees, ISRP-SCO certifications, Technology Risk Assessment, and Regulatory Matrix subjects. Prepares executive and specialized reports accordingly.
● Work with SMEs of various Technology related processes to create documents for Senior Technology Managers focused on audit and regulatory readiness.
● Collaborate with the CoB Coordinator to address supporting actions of Technology teams. ● Facilitate compliance with Citi policies, standards, and regulations.
● Perform and report on trend analysis; find opportunities for process improvements.
● Identify the need for and develops new and improved procedures and process control manuals. Proven success in a team environment. Understand technical solutions and their implications. Effective leadership and strong influence/negotiation skills.
● Schedule, host and drive meetings with multiple levels of management requiring strong communication, influence skills, and diplomacy
Knowledge / Experience:
● Experience performing IT Business Analysis, Project Management, or similar work required.
● Minimum of 7-8 years of experience in Audit, Operational Risk Management, Compliance, Information Security or Risk Management. Awareness and execution of the Risk and Control Self-Assessment (RCSA), Managers Control Assessment (MCA), or other technology self-assessment processes is an advantage.
● Knowledge of service management (ITIL) with previous working experience in process improvements is an advantage. ●
● Previous experience performing Internal and/or External Audit coordination is an advantage.
● Previous experience in Production Support and Application Development roles is an advantage.
● Industry certifications, such as CISA, CISSP, CRISC, and PMP would be an advantage.
● Bachelor's Degree Required.
● Excellent interpersonal, written, and verbal communication skills.
● Be able to handle pressure and prioritize within tight deadlines while maintaining total accuracy.
● Ability to influence others and quickly earn the confidence of others.
● High level of attention to detail.
● Self starter and able to work in a diverse, global environment. Ability to analyze large amounts of data, decipher items meaningful to the development unit covered, and determine corresponding risk.
● Ability to work as part of a team and also independently under own supervision. Possess the ability to develop and maintain good working relationships with various levels of management.
● Ability to coordinate/manage initiatives from end-to-end with minor supervision.
● Strong knowledge of Microsoft Office with Excel, Outlook, and PowerPoint skills.
● Strong affinity to manage Control practices demonstrating a pragmatic risk-based approach.
●Formulates and defines system scope and objectives for complex projects through research and fact-finding combined with an understanding of applicable business systems and industry standards.
● Consults with users and clients to resolve issues/problems through in-depth evaluation of business processes, systems and industry standards; takes personal responsibility in recommending solutions or resolving issues.
● Considers the business implications of the application of technology to the current business environment; identifies and communicates risks and impacts.
● Provides understanding of business analysis concepts and principles and a basic knowledge of concepts and principles in other technology areas.
● Applies comprehensive understanding of how multiple areas collectively integrate to contribute towards achieving business objectives.
● Provides evaluative discernment based on analysis of factual information in complicated and unique situations.
● Appreciates differences in style or perspective and uses differences to contribute to decisions or actions and organizational success.
● Communicates accurate and meaningful verbal and written information to the right people at the right time; listens and asks questions to ensure clarity and challenges effectively. Job Family Group:
Risk Management Job Family:
Operational Risk Time Type:
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi
View the " EEO is the Law
" poster. View the EEO is the Law Supplement
View the EEO Policy Statement
View the Pay Transparency Posting