AVP- Business Risk & Control-Third-Party Risk Oversight- C12

Third Party Risk Oversight (TPRO) is part of the USPB COO organization which supports Citi Enterprise by creating and implementing methodologies including process & procedures to measure, monitor and escalate Third Party related key operational and other risks.  USPB COO - TPRO is a First Line of Defense Control function that aids in the assessment of risk evaluation for US Consumer Banking and Wealth Businesses.  The Third-Party Risk oversight function is responsible to identify, assess, evaluate, monitor, and report the key operational risks for governing the risks associated with Citi’s use of and reliance upon third parties.

The individual in this role will report to the Senior Vice President of Third-Party Risk Oversight team in India. The Third-Party Risk Oversight Analyst is a seasoned professional role and requires application of in-depth disciplinary knowledge and understanding and experience of risk identification, assessment, monitoring and reporting standards and methodology related to Operational risk and Third-Party Risk. The role requires the analyst to perform physical onsite reviews/ remote reviews of high, medium and low risk (as needed) third parties as per organizational and business policies and monitoring requirements. The role requires in-depth understanding of how review/ monitoring areas collectively integrate within the sub-function as well as coordinate and contribute to the objectives of the function and overall business. The analyst is required to evaluate moderately complex and variable issues with substantial potential impact, where development of an approach/taking of an action involves weighing various alternatives and balancing potentially conflicting situations using multiple sources of information. The role also requires good analytical skills in order to filter, prioritize and validate potentially complex and dynamic material from multiple sources. The role also requires strong communication and diplomacy skills and regularly assumes informal/formal leadership role within teams.

The Business Risk and Control Sr Analyst is a seasoned professional role. Applies in-depth disciplinary knowledge, contributing to the development of new techniques and the improvement of processes and workflow for the area or function. Integrates subject matter and industry expertise within a defined area. Requires in-depth understanding of how areas collectively integrate within the sub-function as well as coordinate and contribute to the objectives of the function and overall business. Evaluates moderately complex and variable issues with substantial potential impact, where development of an approach/taking of an action involves weighing various alternatives and balancing potentially conflicting situations using multiple sources of information. Requires good analytical skills in order to filter, prioritize and validate potentially complex and dynamic material from multiple sources. Strong communication and diplomacy skills are required. Regularly assumes informal/formal leadership role within teams. Involved in coaching and training of new recruits. Significant impact in terms of project size, geography, etc. by influencing decisions through advice, counsel and/or facilitating services to others in area of specialization. Work and performance of all teams in the area are directly affected by the performance of the individual.

Responsibilities:

• Help coordinate governance and the facilitation of the execution of the Manager Control Assessment (MCA, i.e.. Risk & Control Self-Assessment) as required by the MCA Standard including the assessment and appropriate approval of risk associated with business changes. 
• Assist in contributing to the quality, completeness, and accuracy of the implementation of the Control Framework, including Risk Control Policy, Control Standard, Issue Management Policy, Lesson Learned Policy and Control Inventory.
• Provide support in the identification of issue root cause, partnering with control and process owners to recommendations holistic corrective actions and improvements, provide check and challenge to ensure appropriate escalation in according with Issue Management and Escalation Policies.
• Support on the implementation of the Lessons Learned Policy, including monitoring of control breaches and dissemination and learnings across other business units for process improvement to limit the occurrence of similar future events and where similar risk exposure might exist.
• Influence decisions on the review and challenge process, within the FLUs, on the effective design and management of controls to mitigate risks as required by the Control Standards, including implementation and operation, conducting the control monitoring, handling deficiencies, and escalating issues for resolution. 
• Perform analysis to support with the timeliness, accuracy and completeness of the MCA through controls prior to the execution of a process (QC).
• Influence decisions to support adherence to the MCA Standard through controls after the execution of a process (QA).
• Support and contribute to Operational and Compliance Risk in accordance with established Policy requirements.
• Work with the team to identify, assess, escalate, and manage risk exposures across Risk Categories (Operational Compliance, Strategic, Reputational, etc), including material, emerging and concentration risks in accordance with enterprise Policies and the establishment of Key Indicators to monitor risk exposures.
• Perform analysis to support Risk Appetite and monitor / assess exposures against this in accordance with enterprise requirements (if applicable).
• Provide support to identify, assess, record and response to Operational and Compliance Risk events, ensuring these are captured accurately, timely and in accordance with requirements.
• Perform analysis to support that adequate governance and training is in place to support management of Risk profiles.
• Perform analysis on the risks associated with New Activities and changes to the Business, ensuring these are well understood and adequately controlled (if applicable).
• Support on operational risk scenario analysis and stress testing for Operational Risk Capital requirements.
• Perform analysis to support risk and control assessments or coordination for programs within various risk stripes and ensure sufficient subject matter expertise exists to enable management of these risks within the Business (e.g. third party, fraud, sanctions etc) (if applicable).
• Support to ensure risk and control responsibilities and accountabilities are embedded within FLUs, including contributing to training and leading by example.
• Be involved with the implementation of standards and procedures that conform to enterprise requirements and support sound operational and compliance risk management.
• Apply knowledge of the business, products or services to identify and implement control points and processes throughout the business.
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behaviour, conduct and business practices, and escalating, managing and reporting control issues with transparency.

Qualifications:

• 8+ years of experience.
• Experience with work-flow systems
• Excellent project management and organizational skills.
• Outstanding relationship building and relationship management skills
• Consistently demonstrates clear and concise written and verbal communication skills
• Proficient in Microsoft Office with an emphasis on MS Excel
• Self-motivated and detail oriented

Education:

Bachelor's/University degree or equivalent experience.

Key Responsibilities:

• Perform Onsite/ remote Reviews of Third Parties in India and outside India (as needed) to ensure that controls are working as intended, control effectiveness of Third Parties is evaluated per Third Party Risk Oversight Onsite review procedures, Organizational policies and standards and industry best practices.
• Proactively work with Business Activity Owner (BAO) and related parties, as needed to ensure Third party risk management standards are completed, Operational risks are effectively managed and any gaps arising out of monitoring activities are discussed, evaluated and reported as per Organizational/ TPRO standards, policies & procedures and guidelines.
• Critically evaluate, participate and partner with concerned stakeholders within Citi to identify, monitor and suggest changes, as needed, in applicable compliance & regulatory obligations for Third Parties so that accurate list of compliance obligations is being monitored for such Third Parties.
• Effectively challenge the status quo of control environment of third parties and performs related review & monitoring activities.
• Act as a lead to evaluate, document, and escalate potential gaps/ findings arising of gap validation exercise and ensure those gaps/ findings are covered & actioned up on as part of Corrective action plan (CAP) and remediation efforts, when applicable.
• Create MIS, dashboard reporting to Senior Management team on a regular basis including reporting of gap validation results as part of MCA monitoring program (to ensure that USPB level results are consolidated, and controls are working as designed).
• Participate in the application of operational risk policies, technology and tools, and governance processes to create lasting solutions for minimizing losses from failed internal processes, inadequate controls, and emerging risks.
• Contribute to risk assessments and drives actions to address the root causes that persistently lead to operational risk losses by challenging both historical and proposed practices.
• Coordinate audits, examinations, and deliverable requirements from internal and external reviewers by supporting coordinating activities.
• Ensure project completion, special assignments, and other ad hoc activities as required.
• Has the ability to operate with a limited level of direct supervision and can exercise independence of judgement and autonomy.
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency.
• Perform any other activities needed to support the needs of TPRO and / or Citi as may be needed by Management.
• Travel requirement - 25%+

Additional Responsibilities Include:

• Gain thorough knowledge and understanding of Citi Third Party Risk Management program requirements.
• As appropriate, interact with larger TPO community, BAOs, and/or ESC category leads for sharing of best practices and coordination of services.
• Draft and present succinct executive briefs; prepare and present high-level metrics to applicable Citi senior management and stakeholders when needed.
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.
• Validate remediation of issues or gaps identified as part of ongoing monitoring.
• Perform quality validation check, implement lessons learnt framework (taking into consideration observations, recommendations, peer review findings, CAPs etc.) for Onsite reviews (Onshore + Offshore) to further strengthen TPRO overall review process.

Qualifications:

• 8+ years relevant experience (Risk Control Assessments, Third Party Risk Reviews, Operational Risk processes)
• Excellent verbal and written communication skills
• Excellent Interpersonal skills and ability to work well in a team environment collaborating across diverse groups
• Demonstrated understanding of operational risk and gap identification with an ability to multi-task and manage multiple projects simultaneously
• Ability to present a compelling case to influence others where appropriate

Education:

• Bachelor’s/University degree is required, CA/CS Qualifications preferred
• Certification of Risk and Control framework, standards and Operational risk methodology preferred.

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi”) invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View the "EEO is the Law" poster. View the EEO is the Law Supplement.

View the EEO Policy Statement.

View the Pay Transparency Posting