• Competitive
  • Singapore
  • Permanent, Full time
  • Citibank NA
  • 25 Apr 18

GF - ASPAC ORM Technology Risk Director

GF - ASPAC ORM Technology Risk Director

  • Primary Location: Singapore,Singapore,Singapore
  • Other Location: India
  • Education: Bachelor's Degree
  • Job Function: Risk Management
  • Schedule: Full-time
  • Shift: Day Job
  • Employee Status: Regular
  • Travel Time: Yes, 10 % of the Time
  • Job ID: 18004528


Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.

Operational Risk Management's (ORM) mission is to create lasting solutions for minimizing losses from failed internal processes, inadequate controls, emerging risks and to drive actions to address the root causes that persistently lead to operational risk losses. The objective is to reduce operational losses for Citi through preventive actions and solutions to effectively manage and mitigate significant operational risks and vulnerabilities that may arise within Systems and Technology processes.
  • The ASPAC ORM Technology Risk Director will have oversight responsibility for the technology risk management framework supporting the ASPAC region.  Jointly reporting into the Global Head of ORM Technology and the ORM head of ASPAC/JAPAN, within ASPAC/Japan the candidate will work with second line partners to independently assess inherent operational risks in Citi's technology process execution, the suite of control components in the IT realm, and the acceptability of residual risk. Lead independent risk assessment with respect to comprehensiveness and effectiveness of processes by which Citi Technology provides technology services and products. The Technology Risk Director will work proactively with Citi's technologists and technology control specialists to analyze emerging technologies before they are deployed into Citi.
Working with colleagues in Risk, as well as technology, business and other control functions, within ASPAC, the Technology Director is part of the Global ORM-T team and is expected to contribute to:
  • Governance and Oversight of technology risk that impacts the region
  • Oversight of regional Key Technology Operational Risks and related indicators and thresholds
  • Provide oversight on Local regulatory requirements on Technology Risk
  • Challenge of business and technology Risk Self Assessments
  • Challenge of business technology Scenario Analysis
  • Perform internal and external event reviews applicable to the region
  • Issue management and oversight and escalation
  • Drive technology risk focus toward a comprehensive set of underlying risks, cyber, process management, fraud, physical access, and other categories -
  • Participate in local Business Risk and Control Committees (BRCCs) and New Product Approval committees at the business level and identify and communicate material technology risks, significant differences in risk opinion from the first line, and significant first line non-adherences to the technology risk management framework
  • The candidate will be expected to evaluate the design of process flows to help technology and business managers understand the impact of control weaknesses to their technology service delivery capability.
  • The candidate will review and challenge whether non-Technology Operating Entities business/regional entities appropriately consider significant technology risk in their Management Control Assessments (MCAs).
  • The candidate will be expected to evaluate the extent to which technology managers can demonstrate they are in compliance with internal and external technology control standards, as well as regulatory and audit requirements.
  • The candidate will be expected to advise on continuous monitoring and control test methods, and recommend technology metrics in support of decisions concerning technology control objectives.
  • The candidate is charged with independent assessment of the business dependency on technology as well as independent oversight of Technology Operational Risk Management.
Business technology dependency assessment includes, but is not limited to:
  • Identification of gaps, inconsistencies and other integrity issues in business technology risk management capabilities, and recommend solutions that remediate issues
  • Assessing the effectiveness of the technology risk governance model implemented within ASPAC and driving escalation, prioritization and control improvement discussions as needed.
Technology Operational Risk Management Oversight includes, but is not limited to:
  • Review and challenge of regional key risk indicators, thresholds and first line response to breaches (e.g., escalation and resolution) associated with the Technology Risk Appetite statement.
  • MCA Effectiveness Challenge for Technology Operational Entities within the ASPAC Region
  • Support the Independent Senior Operational Risk Managers and Supervise staff that support the Operational Risk Management Technology Framework, performing activities such as:
  • Participating in Executive Risk and Control Forums that focus on operational risk management as well as Information Security issues.
  • Evaluate the extent to which technology managers can demonstrate they are in compliance with internal and external technology control standards, as well as regulatory and audit requirements.


The ASPAC ORM Technology Risk Director will be a thought leader in in technology risk with over 15 years of hands-on technical experience in IT management, controls and/or information security within globally complex, dispersed and diverse organizations.
The ideal candidate will have in-depth, detailed knowledge of Technology Management, Operations and Information Security practices, both poor and best.
More specific proven experience, knowledge and skills that are desirable for a candidate in the Technology Risk Director  role are outlined below:
  • Experience with technology infrastructure components such as network topology, data storage devices, virtual machine monitors, directory services, database management systems, messaging services, and middleware..
  • Experience with SCRUM/Agile methodologies will be a plus.
  • Experience with enterprise technology architecture as a holistic structure that includes people, process, and technology components combined to achieve business goals for automation.
  • Experience with Mobile technology, application development and threats associated with Mobile Online Banking.
  • Practical experience as a team member in a project or program wherein technology control metrics were devised, delivered, and/or analyzed.
  • Knowledge of full system, software, and security development lifecycle, including abuse and misuse cases within development and testing.
  • Working familiarity with data warehousing and big data environments.
  • Working familiarity with network, operating system, and application security fundamentals.
  • Working familiarity Experience with automated monitoring tools and incident tracking tools to effectively communicate and manage incidents, defects and data quality issues.
More specific proven experience, knowledge and skills that are desirable for a candidate in the Technology Risk Analyst role are outlined below:
Technology Skill set requirements will include capability to manage all aspects of these standards:
  • Technology Architecture components common across the Financial Industry
  • Information Systems Audit and Control Association's (ISACA) COBIT* Standard
  • Information Technology Infrastructure Library (ITIL)
  • ISACA's Certified in Risk and Information Systems Control (CRISC) Job Practice Domains
  • The candidate will have both undergraduate and advanced degrees in a technology related field.
  • Leadership, Management Behavioral Competencies
Strong Leadership Skills:
  • Provides leadership in risk identification, key risk indicator identification, and risk mitigation strategies in the domain of technology management.
  • Has Awareness and knowledge of local and  regional regulatory requiements.
  • Engages technology managers to identify key technology control indicators and maintain effective and efficient continuous control monitoring processes.
  • Strong analytical and problem-solving skills.
Excellent Communication Skills:
  • Both verbal and written.
  • Ability to interact with and influence people/groups of widely varying disciplines and backgrounds.
  • Ability and confidence to exercise influence over a wide range of individuals at all levels of technical & business leadership.
  • Experienced in using active listening techniques on a consistent basis.
  • Strong Presentation skills:
  • Comfortable with public speaking across various forums and be able to effectively and logically communicate when ideas are being challenged in an open forum.
  • Comfortable interacting directly with technology executive leadership, including in a high stress environment.
  • Understands the perspective of regulators and has the ability to shape messages and content to respond to a changing variety of regulatory standards.
Client Relationships/Business Partnerships:
  • Understands the global regulatory approaches to technology risk management
  • Strong planning, organization and time management experience that is strategically oriented, an innovative thinker, and a demonstrated and decisive decision maker.
  • Able to collaboratively manage initiatives that span multiple geographic locations and time zones.
  • Navigates organizational complexity; demonstrates organizational savvy.
  • Builds partnerships across functions and regions; collaborates well with others.
  • Networks regularly and builds relationships across Risk disciplines and with businesses, operations and technology
  • The role is part of the Global ORM Technology Team, and the incumbent must be proactive, pramatic and practical.
  • The successful candidate will need to be a hands-on, self-starter, and able to manage tasks/timelines for self and others.
  • They must be capable of delivering solutions that meet global needs but still have a regional alignment with local businesses and regulatory practices.
Singapore Singapore Singapore SG