The primary objective of this role is to provide Risk Control and log review services to Country Technology Teams and to support Regional Risk and Control Managers in implementing and monitoring risk mitigation activities within the Country Technology Teams.

Responsibilities:

• Lead the identification, assessment, and monitoring of technology risks, including operational, cyber security, data privacy, and third-party technology risks.
• Oversee the design and implementation of technology controls, ensuring their effectiveness and efficiency in mitigating identified risks.
• Manage and coordinate all internal and external technology audits, regulatory examinations, and compliance reviews, acting as a primary liaison between auditors/regulators and technology teams.
• Provide expert guidance and support to technology managers and teams on risk management best practices, control implementation, and regulatory compliance.
• Manage the tracking and remediation of all technology-related audit findings, risk issues, and control deficiencies, ensuring timely and effective resolution.
• Manage communication with local regulators and auditors regarding technology-related topics, providing clear and concise responses and necessary documentation.
• Collaborate with other risk functions (e.g., Operational Risk, Information Security) to ensure an integrated approach to enterprise-wide risk management.
• Works closely with regional control teams on risk and control subjects. Joins weekly risk and control meetings regarding Turkey Technology related subject.
• Acts as a technology liaison for cyber security related cases, ensuring communication between technology representatives and the Citi Cyber Security Team.
• Manages the Local Log Review process and the team.
• Manages and coordinates application assessment committee processes and meetings. Prepares and sends letters to local regulators to get permission to use a new regional critical application.
• Assists all banks' units and joins regional calls to explain local regulatory requirements before starting to use a new regional critical application.
• Ensures that people management related tasks are executed in accordance with Citi policies and procedures, complying with statutory regulations and laws (e.g., recruitment, work orders, managing performance, etc.).
• Ensures the managed department has the required quantity and quality workforce in place. Team members are informed and trained to execute their jobs as required. Capacity planning and ensuring that staff levels are sufficient to meet business needs.
• Takes ownership of the managed team and implements Citi people management practices to ensure excellent employee experience in the course of the entire employee lifecycle (e.g., regular team and individual dialogues, development opportunities, "Voice of employee" actions, etc.).
• Completes all tasks in connection with the organization's activity but not detailed in the current job description, charged by the direct manager, supervisor, or functional head.

Qualifications:

• 10+ years of progressive experience in technology risk management, IT audit, information security, or IT governance, with a significant portion in the banking sector.
• In-depth knowledge of banking industry-specific regulations and compliance requirements.
• Strong understanding of IT control frameworks (e.g., COBIT, ITIL, NIST) and information security standards (e.g., ISO 27001).
• Professional certifications such as CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), or CISM (Certified Information Security Manager) are highly preferred.
• Exceptional analytical and problem-solving skills, with the ability to identify complex risks and develop pragmatic mitigation strategies.
• Excellent written and verbal communication skills in English, with the ability to articulate complex technical and risk concepts to both technical and non-technical stakeholders, including senior leadership and regulators.
• Demonstrated ability to build and maintain effective working relationships with internal teams, external auditors, and regulatory authorities.
• Strong leadership capabilities, with experience in managing and motivating high-performing teams.
• Ability to thrive in a fast-paced, highly regulated, and dynamic environment.
• Familiarity with SDLC (software development life cycle), databases, operating systems, application controls, encryption, development tools and processes.
• Strong follow-up skills.
• Strong negotiation skills.
• Delivery focused.
• Exhibits good attention to detail.
• Ability to work on several initiatives concurrently.
• Ability to cope with changes in priorities.

Education:

• Bachelor’s/University degree, Master’s degree preferred

------------------------------------------------------

Job Family Group:

Technology

------------------------------------------------------

Job Family:

Technology Management

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Please see the requirements listed above.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

 

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.