• Competitive
  • New York, NY, USA
  • Permanent, Full time
  • Citi-US
  • 2019-07-17

Audit Director - Cyber & Information Security

Audit Director - Cyber & Information Security

  • Primary Location: United States,New York,New York
  • Education: Bachelor's Degree
  • Job Function: Audit
  • Schedule: Full-time
  • Shift: Day Job
  • Employee Status: Regular
  • Travel Time: Yes, 10 % of the Time
  • Job ID: 19029992


Description

About Citi:


Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.

Citi's Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients' and the public's trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.

Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop are widely available to all.

Internal Audit is a global organization of over 1000 professionals covering Citi's global businesses and service to clients and customers in over 180 countries. Citi's Internal Audit division provides independent assessments of the company's governance, risk management and internal control environment for key stakeholders including the Board of Directors, senior management and Citi's numerous regulators globally. Internal Audit is a change agent within Citi aimed to enhance the control culture of Citigroup worldwide and thereby support senior management decision making around the globe.

Job Purpose: 

This role provides the Internal Audit organization with strategic direction in the establishment of risk-based auditing and reporting methodologies, and organizational design of the IS audit function to ensure quality and independent assurance which is consistent and aligned with Citigroup and Citibank business objectives, and for a sub set of a product line/function entity ensures the timely delivery of high quality, value added assurance and audit reports which meet the requirements of the Boards of Citigroup and Citibank, their affiliates and of Citi's respective regulators, globally.

This role is specifically responsible for the management of risk assessment and audit delivery for global information security (IS) processes at Citi and includes IS Governance, IS Operations, and Cyber Security Programs. In addition, the role will own or support audits of core security infrastructure and integrated IS aspects for IT, product or function audits. This encompasses providing objective, risk based, independent assurance with respect to the design and operating effectiveness of controls associated with Information Security that support critical business systems and processes across the group

Key Responsibilities:

• Works with the Chief Auditor for Cyber and IS to define the strategic direction of Citi's global cyber and information security internal auditing program, which is to be consistent and aligned with Citigroup and Citibank business objectives.
• Uses excellent communication, leadership and strong management skills to influence a wide range of internal audiences including respective product, function, or regional executive management partners and external audiences including regulators and external auditors. Frequently engages in both internal and external negotiations which will have a major impact on the function, and possibly on the organization as a whole.
• Responsible for the delivery of high quality, value-added, multiple concurrent IS audits that are complete, insightful, timely, concise, cost effective, and are in accordance with IA standards, Citi policies, and local regulations. 
• Ensures timely delivery of comprehensive regulatory and internal audit issue validation, and where determined appropriate, issue validation on other remediation actions, including issues arising from the external auditors, consultants and other parties.
• Contributes towards the delivery of high impact reports of IA's contributions to executive management, regulators, and Citigroup and Citibank boards' sub-committees, developing trend analyses and thematic reporting.
• Manages multiple teams of professionals. Recruits staff, develops talent, builds effective teams, and manages a budget. Identifies internal talent and fills key positions, attracts talent with required expertise to meet the risk profile of the business, builds deep bench strength and develops appropriate succession plans.
• Possesses a broad and comprehensive experience in auditing general and application controls across a variety of technologies and platforms using IS industry best practices and standards, including the NIST Cybersecurity and Risk Management Frameworks. Applies a broad and comprehensive understanding of high risk IS/cyber areas including identity and access management, data protection, encryption, firewall security, intrusion detection and prevention systems, and insider threat. 
• Delivers learning and development programs and is a recognized leader in training and developing others. 
• Develops approaches to promote knowledge sharing and promulgate management best practices across Internal Audit and both Citibank and Citigroup.
• Ensures IA meets/exceeds the requirements and expectations of Citibank's and Citigroup's regulators.
• Works closely and collegially within IA and with line management and control functions to ensure efficient and effective provision of independent audit assurance. 
• Possesses strong project management and interpersonal skills, makes sound decisions, exhibiting initiative and intuitive thinking, political astuteness, and sensitivity to cultural diversity. 
• Collaborates across businesses and functions to improve the identification, quantification, measurement, management, reporting and controls in governance, risk management and internal control environments

Qualifications

• BA/BS or equivalent. Related certifications (CISSP, CISA, CISM, CPA/CITP or similar) are desired.

• Demonstrated director-level experience in designing and delivering IS and cybersecurity audit programs to large businesses or governmental entities.

• Specific subject matter expertise in auditing general and application controls across a variety of technologies and platforms and demonstrated experience in auditing using the NIST Cybersecurity and Risk Management Frameworks. 
• Demonstrated experience in delivering high quality, value-added, multiple concurrent IS audits that are complete, insightful, timely, concise, cost effective, and are in accordance with IA standards, laws, and local regulations.
• Demonstrated experience in developing an IS audit strategy that reflects the organization's risk profile, regulatory/legal requirements, current threat trends, and IS industry best practices. 
• Knowledge and experience in developing and executing IS risk assessments that align to organization strategies and business objectives.
• Demonstrated experience in managing professionals across multiple projects; recruiting, developing, and building effective teams; and developing appropriate succession plans.
• Effective negotiation skills, a proactive and 'no surprises' approach in communicating issues and strength in sustaining independent views. 
• Articulate and effective communicator, both orally and in writing, with an energetic, charismatic and approachable style, well-developed listening skills, and a strong ability to engage a variety of stakeholders, including senior officials, security professionals, regulators, and business executives, on a variety of technical audit matters that is audience-appropriate, risk-based, and actionable.