Citi Cyber Security Service Management (Business Activity Owner and Third Party Risk Management) Lead Analyst (VP) in Irving, Texas

  • Primary Location: United States,Texas,Irving

  • Other Location: United States,Delaware,New Castle

  • Education: Bachelor's Degree

  • Job Function: Technology

  • Schedule: Full-time

  • Shift: Day Job

  • Employee Status: Regular

  • Travel Time: No

  • Job ID: 18036270


The Cyber Security & Networks (CS&N) organization is responsible for the management of critical security & network infrastructure, services, and monitoring across the enterprise on a global level. Services offered span areas across Infrastructure Defense/Perimeter Security Services (PSO/STI IS); Security Event Monitoring Services/Security Operations Center (SOC/SECM); Core & Distributed Authentication Services (SSO); Host & Application Protection Services (HASI); Vulnerability Assessment (VA/Ethical Hacking), Network Operations, and Network & Security Build/Solutioning. The Cyber Security & Networks Business Operations & Shared Services organization aims at allowing Cyber Security & Networks to maintain its focus on strategic initiatives and key programs related to improving the experience of customers and employees, increased productivity, and strengthened controls.

Cyber Security & Networks Service Management

CS&N Service Management provides support for security and networks services through end-to-end business relationship management of all Citi business sectors, engineering, 3rd party vendors, and senior business and technology executive management. The organization serves to provide one point of contact to customers & stakeholders and oversight of management processes & systems, while allowing the operational functions to focus on core responsibilities. The domains include Infrastructure Defense; Security Event Monitoring & the Security Operations Center; Network & Security Build Services; Network Operations; Authentication & Host Security; Vulnerability Assessments & Ethical Hacking; Mobile Application Gateway; & Global System Log Review.

Business Activity Owner and Third Party Risk Management

The Business Activity Owner and Third Party Risk Management Support analyst is responsible for the centralized management of Telecom, Network, and Security supplier onboarding and risk assessment activities for the CS&N organization, inclusive of 125+ security & network product & services vendor relationships.

Key Responsibilities :

• Initiate the on-boarding of new suppliers including risk management oversight, technology taxonomy, and purchasing profiles

• Manage the Third Party Risk activities associated with new vendor or renewal purchases

o Participate in strategic meetings with vendors to align technology strategies related to product roadmaps and consolidation efforts

o Attend quarterly business reviews for strategic partners

o Serve as a point of escalation for business relationship management

o Maintain vendor profiles e.g. account manager contacts, address changes, acquisitions

• Manage the supplier and third party risk activities for 100+ suppliers; central point of contact for tracking and completing TP-RAPs

• Coordinate the closure of any supplier Due Diligence gaps with Third Party Utility (TPU team), vendor, Operations and Service Management, including items such as:

o Financial Risk assessment

o Sanctions Screening

o Regulatory and Compliance applicability

o Cross Border applicability

o Architecture and VA review

• Track and complete supplier on-going monitoring activities.

• Manage consistency in vendor records between CASP and TPRAP.

• Collaborate with CATE and Operational product owners to define and submit supplier Exit Plans.

• Accountability for end-to-end supplier management processes.

• MIS Reporting for Senior Management; status updates on supplier activities.

• Work with engineering and operations leads as well as Service Management to plan supplier record maintenance and third party risk activities for the year.

• Relationship Management: Act as central point of contact for all Citi business sectors, engineering, and senior executive business and technology management to coordinate and/or in support of (but not limited to) strategic planning, client/business interactions and escalations, technology implementations and migrations, issue resolutions, incident/problem management representation. Provide a “white glove” type service to critical customers.

• Incident Management: Provide response coordination during production incidents and represent organization on various business forums related to the restoration, resolution, and root cause analysis of incidents.

• Client and Technology On-boarding: Oversee the end to end life cycle of technology implementation (purchasing to client follow ups) and client on-boarding onto new and existing security solutions with emphasis on time to market.

• Project Management: Design and drive large, complex projects to meet client, IS, and regulatory requirements.

• Process Management: Responsible for the engineering/re-engineering and oversight of operational and business processes and documentation while developing measurement and improvement processes to continuously drive service maturity.

• Change Management Coordination: Measuring and improving upon time to market of business requests and changes.

• Financial and Vendor Management: General oversight of the P&L budget and contracts.

• Risk, Controls and Compliance: Serve as representative to internal audit, external auditors and regulatory examiners on behalf of the area as well as responsible for oversight of the internal control environment.

About Citi :

Citi, the leading global bank, has approximately 200 million customer accounts and does business in more than 160 countries and jurisdictions. Citi provides consumers, corporations, governments and institutions with a broad range of financial products and services, including consumer banking and credit, corporate and investment banking, securities brokerage, transaction services, and wealth management. Our core activities are safeguarding assets, lending money, making payments and accessing the capital markets on behalf of our clients.

Citi’s Mission and Value Proposition explains what we do and Citi Leadership Standards explain how we do it. Our mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress. We strive to earn and maintain our clients’ and the public’s trust by constantly adhering to the highest ethical standards and making a positive impact on the communities we serve. Our Leadership Standards is a common set of skills and expected behaviors that illustrate how our employees should work every day to be successful and strengthens our ability to execute against our strategic priorities.

Diversity is a key business imperative and a source of strength at Citi. We serve clients from every walk of life, every background and every origin. Our goal is to have our workforce reflect this same diversity at all levels. Citi has made it a priority to foster a culture where the best people want to work, where individuals are promoted based on merit, where we value and demand respect for others and where opportunities to develop to are widely available to all.


• Bachelor’s Degree is required (Computer Engineering/Science or other technology related field), MBA is a plus

• 5+ years of relevant work experience

• Experience in a Business Analysis, Technology Operations, Client Management and/or Project Management role is required.

• General knowledge/experience in the following Information Security (IS) technology frameworks is required (in-depth knowledge is a plus):

  • ITIL Service Management and/or COBIT Frameworks

  • Application & host security

  • Networks

  • Network security products

  • Common architectures that deliver high performance and resilient solutions (such as systematic trading environments)