Operational Risk Management (ORM) is an enterprise-level independent risk management function responsible for enterprise-wide oversight and aggregation of operational risk. Its mandate covers all business lines (US Personal Banking, Global Wealth Management, Markets, Services, Banking, Global Functions & EO&T) spanning all geographies.

The ORM function oversees the design and implementation of the non-financial risk management framework. Key objectives of the risk management framework for Data Risk are:

• Operating model, staffing, and culture
• Operational risk appetite
• Control objectives and standards
• Operational risk and control assessments and reporting
• Strategic decision-making
• The effective execution of Citi's Enterprise Data transformation.

Because Citi's Enterprise Data transformation cuts across the enterprise and is multi-disciplinary in nature, ORM's oversight for data risk management at Citi relies upon a “Hub and Spoke” approach, incorporating the second line of defense (2LOD) Business/Region/LV Global Op Risk Officers and other relevant independent risk functions. These teams work collectively to dispense appropriate risk oversight responsibilities, ensuring well-coordinated risk assessments, risk identification, measurement/monitoring, and timely remediation of key gaps. Furthermore, the ORM Data Risk team delivers an enterprise-level aggregation of risk oversight outcomes to assess the firm’s progress toward the Data Transformation target state.

The Head of Data Risk Center of Excellence, C16, will oversee a distributed group of data risk leaders and risk officers conducting risk assessments of data remediation efforts across Citi, as well as a shared services function providing data risk SME framework activities (new products, scenarios) for all businesses and functions globally. This role will also be accountable for ensuring adequate coverage of data remediation efforts to meet regulatory commitments.

Key Responsibilities

Control objectives and standards: Ensure Enterprise Control Standard and controls design requirements are clearly articulated and implemented consistently across Business and Function coverage teams

Strategic decision making: Oversee that Data Risk Management practices, insights and tools are consistently embedded in day-to-day business processes and strategic decision-making of Business and Function coverage teams to enable proactive issue identification and comprehensive remediation. 

Transformation: In addition to overseeing the compliance against ORM frameworks, Data Risk Management has the added complexity of overseeing the effective execution of the Enterprise Data transformation.  This transformation cuts across the enterprise and is multi-disciplinary in nature.  In light of this, a “Hub and Spoke” approach is being adopted as ORM’s oversight operating model. Under this approach, this role will face off with 1LoD enterprise data roles and will work closely with Business/Region/LV Global Op Risk Officers and other relevant independent risk functions in dispensing the appropriate  key second Line of defense (2LOD) risk oversight responsibilities to ensure well- coordinated risk assessments, risk identification, measurement/monitoring and timely remediation of key gaps, including appropriate enterprise-level aggregation aligned with defined target state of Data Transformation.

To execute these requirements this individual will lead Data Risk SWAT teams in the identification and execution of independent second-line risk assessments in coordination with other ORM teams (e.g., leading use case challenges) leveraging the hub-and-spoke model.

• Ensure the Data Risk concepts and skills are transferred to the ORM coverage teams as part of the SWAT team embedding.
• Lead a program management/coordination function, ensuring that coordination efforts needed in the hub-and-spoke approach are delivered (e.g., group-wide work intake & planning, execution monitoring).
• Negotiate and remediate resulting risk and control concerns identified.
• Operate a shared services function delivering data risk SME framework activities, supporting business/function risk management functions firm-wide.
• Escalate significant or unaddressed risk issues and control environment concerns to appropriate governance forums and Risk leadership.
• As needed, serve as the primary interface to key stakeholders such as regulators, senior management, and the Board, as it relates to 2LOD assessment/point of view for the Risk Category.

Management and Leadership Characteristics:

• Broad experience in risk management, including a successful track record of managing large, complex, enterprise-wide risk management programs at a large financial services organization.
• Demonstrated success in leading by influence in complex organizations.
• Strong leadership skills with a proven track record of working with a diverse range of skill sets and perspectives, recognizing that the power of Citi is the sum of its parts.
• Deep subject matter expertise in Non-Financial Risk Management with a proven risk and control track record in technology, data, and/or reporting risk.
• Business understanding of the products and services Citi offers and how risk management practices contribute to other work across Citi; understand downstream impacts of decisions made.
• Track record of managing internal relationships and partnering with a range of stakeholders (e.g., business, functions) in leading sustained change and change management efforts.
• Strong technical problem-solving skills and an ability to identify conflicts, discrepancies, and other issues, and bring together the right team to solve them.
• Well-developed listening skills and a strong ability to communicate and engage at the senior management level, both orally and in writing.
• Ability to constructively challenge others at all levels and across boundaries to deliver better results.
• Continuous improvement mind-set to solve for root causes, assess the impact of actions and adjust as needed; simplify and standardize at every opportunity.
• Regulatory engagement experience.

Education, Knowledge, and Experience Qualifications:

• 20+ years of direct experience as a senior Non-Financial Risk professional (e.g. data, technology, or reporting risk) or relevant 1LOD role in a large financial services organization.
• Extensive experience in overseeing highly visible, complex initiatives related to global data programs in a large-scale, distributed organization.
• Extensive experience applying operational risk management frameworks in a global organization.
• Strong track record in leading teams to deliver technical risk and control assessments and negotiate outcomes at scale.
• Demonstrable understanding of Data fundamentals, including Data architecture, Data principles, and a deep appreciation of intersectionality and interdependency with enterprise Technology and systems architecture.
• Strong working knowledge of scalable data platforms and cloud capabilities that are secure, resilient, and compliant with relevant regulations.
• Deep knowledge of financial and risk data, along with an understanding of regulatory, compliance, risk management, and financial management concerns.
• Subject matter expertise in operational risk management as applied to Data risk.
• Bachelor's degree in Computer Science, Data Science, Information Technology, Business, or a related field are preferred.

------------------------------------------------------

Job Family Group:

Risk Management

------------------------------------------------------

Job Family:

Operational Risk

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Primary Location:

Tampa Florida United States

------------------------------------------------------

Primary Location Full Time Salary Range:

$250,000.00 - $500,000.00

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

------------------------------------------------------

Most Relevant Skills

Analytical Thinking, Control Monitoring, Credible Challenge, Governance, Issue Management, Operational Risk, Policy and Procedure, Policy and Regulation, Risk Controls and Monitors, Risk Identification and Assessment.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Anticipated Posting Close Date:

Aug 20, 2025

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

 

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.