Operational Risk Management (ORM) is an enterprise-level independent risk management function responsible for enterprise-wide oversight and aggregation of operational risk. Its mandate covers all business lines (US Personal Banking, Global Wealth Management, Markets, Services, Banking, Global Functions & EO&T) spanning all geographies. The ORM function oversees the design and implementation of the non-financial risk management framework. Key objectives of the data risk management framework include:

• Operating model, staffing, and culture
• Operational risk appetite
• Control objectives and standards
• Operational risk and control assessments and reporting
• Strategic decision-making
• The effective execution of Citi's Enterprise Data transformation

Because Citi's Enterprise Data transformation cuts across the enterprise and is multi-disciplinary in nature, ORM's oversight for data risk management at Citi relies upon a “Hub and Spoke” approach, incorporating the second line of defense (2LOD) Business/Region/LV Global Op Risk Officers and other relevant independent risk functions. These teams work collectively to dispense appropriate risk oversight responsibilities, ensuring well-coordinated risk assessments, risk identification, measurement/monitoring, and timely remediation of key gaps. Furthermore, the ORM Data Risk team delivers an enterprise-level aggregation of risk oversight outcomes to assess the firm's progress toward the Data Transformation target state.

The Data Risk Officer role will serve as a subject matter expert on data risk appetite planning, metric reviews, and analysis, leading the review and challenge of firm-wide efforts to manage data risk and the monitoring of data risk reduction activities. This role will have a central role in the ingestion and synthesis of firm-wide 2LOD challenge activity on data risk into the Data Risk Appetite Assessment process.

Key Responsibilities:

• Support the primary oversight of the firm's Data Risk Appetite, including assessment of factors of risk, assessing and monitoring "path-to-green" efforts, and managing metrics that measure risk and associated analysis.
• Work collaboratively with 1LOD teams to support the definition of clear "path-to-green" strategies and assist in driving the execution of agreed plans.
• Contribute to identifying and executing independent second-line risk assessments, in coordination with other ORM teams where needed (e.g., contributing to challenges of specific risk appetite metrics) to meet internal commitments, leveraging the hub-and-spoke model.
• Participate in internal knowledge sharing initiatives related to Data Risk Appetite efforts.
• Help ensure that this multidisciplinary and cross-cutting risk area is well understood and that the implications of firm-wide remediation efforts are understood in terms of "path-to-green" efforts.
• Assist in the negotiation and remediation of identified risk and control concerns.
• Prepare materials for escalation of significant or unaddressed risk issues and control environment concerns to appropriate governance forums and Risk leadership.
• As needed, support the primary interface to key stakeholders such as regulators, senior management, and the Board, as it relates to 2LOD assessment/point of view for the Risk Category.
• Appropriately assess risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency, as well as effectively supervise the activity of teams and create accountability with those who fail to maintain these standards

Qualifications:

• Experience: 7-10 years of direct experience in a non-financial risk (data, technology, or reporting risk) or relevant 1LOD function within a financial services organization.
• Risk Management Knowledge: Experience in assessing risk appetite for non-financial risks aligned with regulatory expectations. Proficient in risk assessment principles and supervisory expectations in terms of the quantity and quality of operational risk management.
• Data Fundamentals: Demonstrable understanding of Data Management fundamentals, including Data architecture, Data principles, and a deep appreciation of intersectionality and interdependency with enterprise Technology and systems architecture.
• Analytical Skills: Strong technical problem-solving and analytical skills to include design and execution of risk and control assessments. Further, an ability to identify conflicts, discrepancies, and other issues, and contribute to bringing together the right team to solve them. Deep expertise with risk metrics, including prominent roles in design, delivery, sustainability of metric delivery and/or auditing/challenging metrics.
• Communication & Collaboration: Well-developed listening skills and a strong ability to communicate and engage effectively, both orally and in writing. Ability to constructively challenge others at all levels and across boundaries to deliver better results. Experience in working with internal relationships and partnering with a range of stakeholders (e.g., business, functions) to support change management efforts.
• Continuous Improvement: Continuous improvement mind-set to solve for root causes, assess the impact of actions, and adjust as needed; simplify and standardize at every opportunity.
• Operational Risk: Well-versed in executing risk management monitoring routines, tracking identification to resolution. Experience applying operational risk management frameworks in a global organization.

Education:

• Bachelor's degree in Computer Science, Data Science, Information Technology, Business, or a related field
• Master's degree preferred

Job Family Group:

Risk Management

Job Family:

Operational Risk

Time Type:

Full time

Primary Location:

Tampa Florida United States:

Primary Location Full Time Salary Range:

$130,880.00 - $196,320.00
In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

Most Relevant Skills:

Analytical Thinking, Control Monitoring, Credible Challenge, Governance, Issue Management, Operational Risk, Policy and Procedure, Policy and Regulation, Risk Controls and Monitors, Risk Identification and Assessment.

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

Anticipated Posting Close Date:

Mar 06, 2026

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.