Citi ORM Technology Head in Mexico
Primary Location: Mexico,Distrito Federal,México
Education: Bachelor's Degree
Job Function: Operations
Shift: Day Job
Employee Status: Regular
Travel Time: No
Job ID: 17057445
Operational Risk Management (“Operational Risk”) proactively assists the businesses, Operations & Technology, and the independent risk and control groups in enhancing the effectiveness managing operational risks across products, business lines and regions. This specific role of Technology Risk Analyst involves focus on the processes by which Citi Technology Operational Entities provide technology services and products. It includes independent assessment of the comprehensiveness and effectiveness of those processes, the inherent operational risks in technology process execution, the complete suite of control components in the information technology realm, and the acceptability of residual risk.
Lead independent challenge of technology risk management capabilities in the Region. Lead independent assessment of comprehensiveness and effectiveness of processes by which Citi Technology provides technology services and products. Independently assess inherent operational risks in technology process execution, the suite of control components in the IT realm, and the acceptability of residual risk. Work proactively with technologists and control specialists to analyze technology measures and risk metrics; recommend remediation solutions.
Identify, evaluate, assess, and advise on risks within Citi’s Technology Operations.
The candidate will be responsible for assessing the quality of technology risk management processes and corresponding metrics data in global consumer, institutional banking, technology services, and/or corporate support environments and will proactively work with applications development groups and infrastructure support groups to collect and analyze technology measures and risk metrics. The candidate will identify gaps, inconsistencies and other integrity issues in technology measures and risk metrics, and recommend solutions that remediate data integrity issues.
The candidate will use metrics to both verify and validate technology control measures in the context of business processes, applications, and infrastructure. These include, but are not limited to, access and content management, authentication, repudiation, internet and cellular distribution systems, cybercrime detection and countermeasures, encryption, information retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management.
The candidate will be expected to identify and measure both inherent and residual risk to business process based on business use of technology and associated technology service delivery capability.
The candidate will be expected to evaluate the design of process flows to help technology managers understand the impact of control weaknesses to regional business process.
The candidate will be expected to evaluate the extent to which technology managers can demonstrate they are in compliance with internal and external technology control standards, as well as regulatory and audit requirements.
The candidate will be expected to advise on continuous monitoring and control test methods, and recommend technology metrics in support of decisions concerning technology control objectives.
Qualifications & Experience:
The Technology Controls Specialist will be an acknowledged thought leader in technology risk with a minimum of 10 years of hands-on technical experience in IT management, controls and/or information security within globally complex, dispersed and diverse organizations.
The ideal candidate will have in-depth, detailed knowledge of Technology Management, Operations and Information Security practices, both poor and best. Prior experiences in previous roles may include but are not limited to companies with global technology infrastructure such as Internet service providers, global manufacturing firms, or global financial services firms.
More specific proven experience, knowledge and skills that are desirable for a candidate in the Technology Risk Analyst role are outlined below:
Experience with enterprise technology architecture as a holistic structure that includes people, process, and technology components combined to achieve business goals for automation.
Experience with technology infrastructure components such as network topology, data storage devices, virtual machine monitors, directory services, database management systems, messaging services, and middleware.
Knowledge of security architecture patterns such as Demilitarized Zones, Policy Enforcement Tools, Tripwires, Segregation of Duties for Change Control, Federated Identity, and Toxic Combinations.
Practical experience as a team member in a project or program wherein technology control metrics were devised, delivered, and/or analyzed.
Knowledge of full system, software, and security development lifecycle, including abuse and misuse cases development and testing.
Working familiarity with data warehousing and big data environments.
Working familiarity with network, operating system, and application security fundamentals.
Experience with automated monitoring tools and incident tracking tools to effectively communicate and manage incidents, defects and data quality issues.
Strong analytical and problem-solving skills
Fluent in English
Bachelor's degree or Engineering; Master's degree is a plus
+ + 10 years of experience with enterprise technology architecture as a holistic structure that includes people, process, and technology components combined to achieve business goals for automation.
+ + 10 years of Knowledge of full system, software, and security development lifecycle, including abuse and misuse cases development and testing.
+ + 10 years of working familiarity with network, operating system, and application security fundamentals.
+ + 10 years of experience with automated monitoring tools and incident tracking tools to effectively communicate and manage incidents, defects and data quality issues
A robust understanding of financial products and processes across all of Citibanamex’ s businesses or understanding a bank as a whole organization, its main purposes, dependencies and environment. The below knowledge will be advantageous:
Regulatory and Compliance Risk
Leadership, Management Behavioral Competencies
Strong Leadership Skills:
Provides leadership in risk identification, key risk indicator identification, and risk mitigation strategies in the domain of technology management.
Engages technology managers to identify key technology control indicators and maintain effective and efficient continuous control monitoring processes.
Excellent Communication Skills:
Both verbal and written.
Ability to interact with and influence people/groups of widely varying disciplines and backgrounds.
Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership.
Experienced in using active listening techniques on a consistent basis.
Strong Presentation skills :
Comfortable with public speaking across various forums and be able to effectively and logically communicate when ideas are being challenged in an open forum.
Comfortable interacting directly with senior technology managers including in a high stress environment.
Understands the perspective of regulators and has the ability to shape messages and content to respond to a changing variety of regulatory standards.
Client Relationships/Business Partnerships:
Strong planning, organization and time management experience that is strategically oriented, an innovative thinker, and a demonstrated and decisive decision maker.
Able to collaboratively manage initiatives that span multiple geographic locations and time zones.
Navigates organizational complexity; demonstrates organizational savvy.
Builds partnerships across functions and regions; collaborates well with others.
Networks regularly and builds relationships across Risk disciplines and with businesses, operations and technology
The role is regional, and the incumbent must be capable of working on shared global issues with others in different regions and time zones.
The incumbent will be expected to travel to any part of the Region, and may occasionally be required to remain “on-site” for several days.
The successful candidate will need to be a hands-on, self-starter, and able to manage tasks/timelines for self and others.