Job Description

Citi\'s Enterprise Infrastructure Operations & Technology organization (EIO&T) is driving an innovative Cloud First strategy that works to optimize the IT environment, reduce complexity, and implement high degrees of automation to enable more agile application delivery. We aim to give Citi businesses a competitive edge by leveraging cloud scale architectures and enabling new infrastructure economics. EIO&T operates as a technology company focused on implementing scalable and innovative next gen technology solutions that will shape the future of global banking.

Primary Responsibilities

• Identify risk, assess residual risk, and coordinate Corrective Action Plan (CAP) completion through collaboration with information security and engineering teams
• Negotiate with IA (Internal Audit; Third Line of Defense) and ORM (Operational Risk Management; Second Line of Defense), and with Policy Owners when more cloud-friendly policy changes need to be influenced
• Advise engineers on application of Policy across multiple concurrent technology domains such as compute, container, DB, middleware, etc.
• Research origins of Policy in Regulations collaboratively with ICRM (Independent Compliance Risk Management)
• Engage with and lead advocacy efforts with regulators in Asia and EMEA on Public Cloud in partnership with Government Affairs and Regulatory Engagement teams.
• Design processes for building and maintaining services in Public Cloud with control in mind
• Maintain continual assessment of Management Controls Assessment (MCA) Efficacy for Public Cloud
• Monitor exceptions to dispute policy and identify common root causes of exceptions.
• Leverage data to examine impacts to Customer Experience and Regulatory breaks.
• Appropriately assess risk and demonstrate consideration for the firm\'s reputation and safeguard Citigroup, its clients and assets, by:

• Driving compliance with applicable laws, rules and regulations
• Adhering to Policy
• Applying sound ethical judgment regarding personal behavior, conduct and business practices
• Escalating, managing and reporting control issues with transparency
• Influence Application Teams on best practices for MCA

Basic Qualifications

• Undergraduate degree in related field or equivalent experience
• 7+ years relevant work experience in Technology Risk & Controls in a large organization in a heavily regulated industry
• 3+ years relevant work experience in Public Cloud Technology (Amazon Web Services, Google Cloud Platform, Snowflake, MongoDB Atlas, Azure, etc.)
• MS Excel required. MS Access, SQL a plus.
• Consistent, clear, and concise written communication skills
• Ability to explain concepts consistently to stakeholders, including non-technical audiences
• Ability to firmly communicate the requirements and position of Policy that must be satisfied
• Ability to see the big picture with high attention to critical details
• Demonstrated ability to develop and implement strategy and process improvement initiatives
• Demonstrated ability to influence change and common-sense approaches to modern risk complexity
• Demonstrable interest in Public Cloud risk identification and mitigation
• Strong collaboration and interpersonal skills

Preferred Qualifications

• Experience working directly with regulators of the financial industry in Asia regionally, or Singapore locally.
• Risk certifications such as the CIA, CISSP, CISA, CRISC, CGEIT, CDPSE, etc.
• Certifications in Public Cloud such as AWS Certified Cloud Practitioner, or AWS Certified Security Specialty
• Experience working with NIST, COBIT, ITIL, CSA, and/or ISO risk and ITSM frameworks
• Experience in an influence management discipline such as project management or product management
• Familiarity with DevOps and SRE practices
• Experience with cloud infrastructure and data services (compute, storage, networking and others)

Job Family Group:
Risk Management


Job Family:
Business Risk & Control


Time Type:
Full time


Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .

View the " EEO is the Law " poster. View the EEO is the Law Supplement .

View the EEO Policy Statement .

View the Pay Transparency Posting

eFinancialCareers