Operational Risk Management (ORM) is an enterprise-level independent risk management function responsible for enterprise-wide oversight and aggregation of operational risk. Its mandate covers all business lines (US Personal Banking, Global Wealth Management, Markets, Services, Banking, Global Functions & EO&T) spanning all geographies. The ORM function oversees the design and implementation of the non-financial risk management framework. Key objectives of the data risk management framework include:

• Operating model, staffing, and culture
• Operational risk appetite
• Control objectives and standards
• Operational risk and control assessments and reporting
• Strategic decision-making
• The effective execution of Citi’s Enterprise Data transformation

Because Citi’s Enterprise Data transformation cuts across the enterprise and is multi-disciplinary in nature, ORM’s oversight for data risk management at Citi relies upon a “Hub and Spoke” approach, incorporating the second line of defense (2LOD) Business/Region/LV Global Op Risk Officers and other relevant independent risk functions. These teams work collectively to dispense appropriate risk oversight responsibilities, ensuring well-coordinated risk assessments, risk identification, measurement/monitoring, and timely remediation of key gaps. Furthermore, the ORM Data Risk team delivers an enterprise-level aggregation of risk oversight outcomes to assess the firm’s progress toward the Data Transformation target state.
The Head of Data Risk Appetite Oversight and Analysis role will oversee a group of data risk officers accountable for reviewing and challenging firm-wide efforts to manage data risk appetite expectations and the variety of monitoring efforts for the day-to-day delivery of data risk reduction activities. In addition, this role will be charged with ingesting and synthesizing firm-wide 2LOD challenge activity on data risk into the Data Risk Appetite Assessment process and generating requirements for additional assessment activity.

QUALIFICATIONS:

• 10+ years of direct experience as a senior Non-Financial Risk professional (data, technology, or reporting risk) or relevant 1LOD function in a large financial services organization.
• 8-10+ years’ managerial experience
• Extensive experience with risk metrics, including providing oversight of design, delivery, and sustainability.
• Well-versed in executing risk management monitoring routines, tracking identification to resolution.
• Extensive experience applying operational risk management frameworks in a global organization.
• Strong track record in leading teams to deliver technical risk and control assessments and negotiate outcomes at scale.
• Demonstrable understanding of Data fundamentals, including Data architecture, Data principles, and a deep appreciation of intersectionality and interdependency with enterprise Technology and systems architecture.
• Deep knowledge of financial and risk data, along with an understanding of regulatory, compliance, risk management, and financial management concerns.
• Subject matter expertise in operational risk management as applied to Data risk.

Education:

• Bachelor’s degree in Computer Science, Data Science, Information Technology, Business, or a related field.
• Master’s degree preferred

-

MOST RELEVANT SKILLS

Analytical Thinking, Control Monitoring, Credible Challenge, Governance, Issue Management, Operational Risk, Policy and Procedure, Policy and Regulation, Risk Controls and Monitors, Risk Identification and Assessment.
-

OTHER RELEVANT SKILLS

For complementary skills, please see above and/or contact the recruiter.
-

KEY RESPONSIBILITIES:

• Lead primary oversight of the firm’s Data Risk Appetite, including assessment of factors of risk, assessing and monitoring path-to-green efforts, management of metrics that measure risk, and all associated analysis.
• Work with 1LOD to define clear path-to-green and drive execution of agreed plans.
• Be accountable for identifying and executing independent second-line risk assessments in coordination with other ORM teams where needed (e.g., leading challenges of specific risk appetite metrics) to meet internal commitments, leveraging the hub-and-spoke model.
• Champion internal knowledge sharing for Data Risk Appetite efforts. Ensure that this multidisciplinary and cross-cutting risk area is well understood and that the implications of firm-wide remediation efforts are understood in terms of path-to-green efforts.
• Negotiate and remediate resulting risk and control concerns identified.
• Escalate significant or unaddressed risk issues and control environment concerns to appropriate governance forums and Risk leadership.
• As needed, serve as the primary interface to key stakeholders such as regulators, senior management, and the Board, as it relates to 2LOD assessment/point of view for the Risk Category.

Operational Risk Management (ORM) is an enterprise-level independent risk management function responsible for enterprise-wide oversight and aggregation of operational risk. Its mandate covers all business lines (US Personal Banking, Global Wealth Management, Markets, Services, Banking, Global Functions & EO&T) spanning all geographies. The ORM function oversees the design and implementation of the non-financial risk management framework. Key objectives of the data risk management framework include:

• Operating model, staffing, and culture
• Operational risk appetite
• Control objectives and standards
• Operational risk and control assessments and reporting
• Strategic decision-making
• The effective execution of Citi’s Enterprise Data transformatio