Operational Risk Head of Data Risk Center of Excellence

Operational Risk Management (ORM) is an enterprise-level independent risk management function responsible for enterprise-wide oversight and aggregation of operational risk. Its mandate covers all business lines (US Personal Banking, Global Wealth Management, Markets, Services, Banking, Global Functions & EO&T) spanning all geographies.

The ORM function oversees the design and implementation of the non-financial risk management framework. Key objectives of the risk management framework for Data Risk are:

• Operating model, staffing, and culture
• Operational risk appetite
• Control objectives and standards
• Operational risk and control assessments and reporting
• Strategic decision-making
• The effective execution of Citi's Enterprise Data transformation.

Because Citi's Enterprise Data transformation cuts across the enterprise and is multi-disciplinary in nature, ORM's oversight for data risk management at Citi relies upon a “Hub and Spoke” approach, incorporating the second line of defense (2

LOD) Business/Region/LV Global Op Risk Officers and other relevant independent risk functions. These teams work collectively to dispense appropriate risk oversight responsibilities, ensuring well-coordinated risk assessments, risk identification, measurement/monitoring, and timely remediation of key gaps. Furthermore, the ORM Data Risk team delivers an enterprise-level aggregation of risk oversight outcomes to assess the firm’s progress toward the Data Transformation target state.

The Head of Data Risk Center of Excellence, C16, will oversee a distributed group of data risk leaders and risk officers conducting risk assessments of data remediation efforts across Citi, as well as a shared services function providing data risk SME framework activities (new products, scenarios) for all businesses and functions globally. This role will also be accountable for ensuring adequate coverage of data remediation efforts to meet regulatory commitments.

• Control objectives and standards: Ensure Enterprise Control Standard and controls design requirements are clearly articulated and implemented consistently across Business and Function coverage teams.
• Strategic decision making: Oversee that Data Risk Management practices, insights and tools are consistently embedded inday-to-day business processes and strategic decision-making of Business and Function coverage teams to enable proactive issue identification and comprehensive remediation.
• Transformation: In addition to overseeing the compliance against ORM frameworks, Data Risk Management has the added complexity of overseeing the effective execution of the Enterprise Data transformation. This transformation cuts across the enterprise and is multi-disciplinary in nature. In light of this, a “Hub and Spoke” approach is being adopted as ORM’s oversight operating model. Under this approach, this role will face off with 1
  
  LoD enterprise data roles and will work closely with Business/Region/LV Global Op Risk Officers and other relevant independent risk functions in dispensing the appropriate key second Line of defense (2
  
  LOD) risk oversight responsibilities to ensure well- coordinated risk assessments, risk identification, measurement/monitoring and timely remediation of key gaps, including appropriate enterprise-level aggregation aligned with defined target state of Data Transformation.
• To execute these requirements this individual will lead Data Risk SWAT teams in the identification and execution of independent second-line risk assessments in coordination with other ORM teams (e.g., leading use case challenges) leveraging the hub-and-spoke model.
• Ensure the Data Risk concepts and skills are transferred to the ORM coverage teams as part of the SWAT team embedding.
• Lead a program management/coordination function, ensuring that coordination efforts needed in the hub-and-spoke approach are delivered (e.g., group-wide work intake & planning, execution monitoring).
• Negotiate and remediate resulting risk and control concerns identified.
• Operate a shared services function delivering data risk SME framework activities, supporting business/function risk management functions firm-wide.
• Escalat…