Compliance Assurance Sr. Analyst, AVP (Hybrid)

Whether you’re at the start of your career or looking to discover your next adventure, your story begins here. At Citi, you’ll have the opportunity to expand your skills and make a difference at one of the world’s most global banks. We’re fully committed to supporting your growth and development from the start with extensive on-the-job training and exposure to senior leaders, as well as more traditional learning. You’ll also have the chance to give back and make a positive impact where we live and work through volunteerism. Shape your Career with Citi Citi’s Risk Management organization oversees risk-taking activities and assesses risks and issues independently of the front line units. We establish and maintain the enterprise risk management framework that ensures the ability to consistently identify, measure, monitor, control and report material aggregate risks. We’re currently looking for a high caliber professional to join our team as Assistant Vice President, Compliance Assurance Sr. Analyst - Hybrid (Internal Job Title: Cyber / Tech 2nd LOD Sr. Analyst based in Taguig, Philippines. Being part of our team means that we’ll provide you with the resources to meet your unique needs, empower you to make healthy decision and manage your financial well-being to help plan for your future. For instance: * Citi provides programs and services for your physical and mental well-being including access to telehealth options, health advocates, confidential counseling and more. Coverage varies by country. * We believe all parents deserve time to adjust to parenthood and bond with the newest members of their families. That’s why in early 2020 we began rolling out our expanded Paid Parental Leave Policy to include Citi employees around the world. * We empower our employees to manage their financial well-being and help them plan for the future. * Citi provides access to an array of learning and development resources to help broaden and deepen your skills and knowledge as your career progresses. * We have a variety of programs that help employees balance their work and life, including generous paid time off packages. * We offer our employees resources and tools to volunteer in the communities in which they live and work. In 2019, Citi employee volunteers contributed more than 1 million volunteer hours around the world. ## ## ## About the Team: Technology & Cyber Compliance and Operational Risk (TCCORO) The Technology & Cyber Compliance and Operational Risk Office (TCCORO) is a global, second-line defense function at the heart of Citi's risk management strategy. Our mission is to provide expert oversight and independent challenge for all technology and cyber risks across the firm—from enterprise-wide functions to specific business lines like Markets and Banking. We operate on a holistic, risk-based model guided by leading industry frameworks such as COBIT and the Cyber Risk Institute (CRI). Our work is organized across six core pillars: Regulatory Awareness, Assessment, Monitoring, Testing, Challenge & Approval, and Governance. As a team, we are driven by our strategic priorities to reduce risk, drive innovation, synergize with partners, and foster engagement among our people. ## The Role: Compliance Testing Officer – Cyber, Tech & EUC Risk We are looking for a proactive and detail-oriented professional to join our TCCORO team. In this role, you will be responsible for executing critical compliance testing and assurance activities, with a special focus on Cybersecurity, Technology controls, and End-User Computing (EUC). You will play a vital part in ensuring that Citi's technology landscape is secure, resilient, and compliant with both internal policies and external regulations. This role is crucial to the company as it fortifies against potential operational risks, thereby protecting our financial stability and reputation, and contributing towards overall business resilience and success. ## In this role, you’re expected to: ## ## Risk Assessment & Compliance Testing * Compliance Testing: Perform independent, full-scope, and targeted compliance tests on technology and cybersecurity controls to assess their design and operating effectiveness. * Risk Assessment: Conduct regular and comprehensive technology and cyber risk assessments, documenting findings and recommendations to reduce risk exposure. * EUC Risk Management: Assess and test risks associated with End-User Computing (EUC), and IT enabaled Smart Solution (ITeSS) focusing on its principles, cycles and overall governance. * Independent Evaluation: Independently evaluate technology and cyber risks within the business to ensure they are within the acceptable risk appetite, taking proactive measures to address areas of concern. ## ## Strategy & Collaboration * Stakeholder Engagement: Build and maintain effective engagement with the 1st Line of Defense, business partners, and other key stakeholders to understand their risk profiles, strategic priorities, and challenges. * Guidance & Mitigation: Provide expert guidance on technology and cyber risk mitigation strategies and control enhancements. * Process Improvement: Participate in initiatives to augment technology and cyber risk management practices. Support the development and implementation of enhanced procedures and methodologies. * Adherence: Ensure all technology and cyber risk management activities adhere to internal policies, external regulations, and industry standards. * Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency. ## ## Analysis & Reporting * Data Analysis: Analyze data to identify trends, emerging risks, and control gaps, providing timely recommendations to mitigate risk exposure. * Reporting: Provide consistent, high-quality reporting to senior management and stakeholders on the status of assessments, detailing current risks, findings, and potential areas of concern. ## ## As a successful candidate, you’d ideally have the following skills and exposure: * A minimum of 5 years of experience in a Technology Risk Management, Cyber Risk, Information Security, IT Audit, or a related controls-focused role. * Direct experience in performing compliance testing, assurance, or audits for technology and/or cybersecurity controls. * Strong understanding of the risks and controls related to End-User Computing (EUC) and associated data management. * Solid understanding of IT systems, networks, cloud services, security infrastructure, and system vulnerabilities. * Familiarity with regulatory requirements and enterprise risk management frameworks (e.g., COBIT, NIST, ISO 27001). * Demonstrated experience in the risk management lifecycle, including risk identification, assessment, mitigation, and reporting. * Excellent project management and organizational skills, with the ability to prioritize tasks and manage multiple initiatives effectively. * Strong analytical, problem-solving, and decision-making skills. ## ## A Plus for Your Application * Knowledge of how to apply Artificial Intelligence (AI), machine learning, or data analytics techniques to enhance risk assessment, automate testing, and improve compliance processes. ## ## The Ideal Candidate * Proactive & Accountable: You anticipate problems, identify solutions, and take personal accountability for managing and escalating risks. * Collaborative Partner: You engage key stakeholders early and often, building strong relationships and working effectively across cross-functional teams. * Change Catalyst: You are an enthusiastic early adopter of change, helping others see the benefits of new ideas and maintaining a positive outlook during uncertainty. * Curious & Innovative: You demonstrate and inspire curiosity, actively applying learnings from failures and seeking new ways to overcome challenges. * Person of Integrity: You do the right thing for clients and for Citi in all situations and can handle sensitive and confidential information with the highest level of professionalism. * Inclusive Mindset: You empathetically listen to and welcome diverse ideas and alternative views to improve outcomes. ## ## Education * Bachelor's/University degree or equivalent experience. Working at Citi is far more than just a job. A career with us means joining a family of more than 230,000 dedicated people from around the globe. At Citi, you’ll have the opportunity to grow your career, give back to your community and make a real impact. Take the next step in your career, apply for this role at Citi today https://jobs.citi.com/dei \------------------------------------------------------ ## Job Family Group: Risk Management \------------------------------------------------------ ## Job Family: Operational Risk \------------------------------------------------------ ## Time Type: Full time \------------------------------------------------------ ## Most Relevant Skills Analytical Thinking, Control Monitoring, Credible Challenge, Governance, Issue Management, Operational Risk, Policy and Procedure, Policy and Regulation, Risk Controls and Monitors, Risk Identification and Assessment. \------------------------------------------------------ ## Other Relevant Skills For complementary skills, please see above and/or contact the recruiter. \------------------------------------------------------ Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi. View Citi’s EEO Policy Statement and the Know Your Rights poster.