Overview

This role serves as an Independent Second Line Enterprise Resilience Risk professional, supporting the effective design, implementation, and oversight of Citi's Enterprise Resilience Framework, which is owned and executed by the First Line of Defense.

Operating within the Operational Risk Management (ORM) Framework, this role provides independent risk input, guidance, and constructive challenge across enterprise resilience capabilities, including business disruption risk, technology and infrastructure resilience, third-party dependency resilience, and operational continuity preparedness.

Individuals in this role are responsible for assessing framework adherence, risk identification quality, control design and operating effectiveness, governance outcomes, and management decision-making related to resilience risk. The role contributes directly to enhancing Citi's ability to prepare for, withstand, recover from, and adapt to operational disruptions, protecting the firm's safety, soundness, and client obligations.

Responsibilities

Primary Responsibilities

• Serve as an Independent Second Line Enterprise Resilience Risk partner, providing oversight and challenge to the First Line's execution of the Enterprise Resilience Framework (ERF).
• Execute resilience risk oversight through the Operational Risk Management Framework, including risk identification, MCA assessment, issue management, and governance escalation.
• Support the development, maturation, and ongoing effectiveness assessment of enterprise-wide resilience capabilities, including business services, impact tolerances, disruption scenarios, and recovery strategies.
• Provide credible challenge to senior stakeholders on resilience risk decisions, framework changes, risk acceptance, and remediation prioritization.
• Prepare clear, executive-level risk summaries to inform senior management, risk committees, and regulatory discussions.
• Support regulatory interactions related to enterprise resilience, including preparation of materials, articulation of Second Line challenge, and follow-up on supervisory themes and findings.

Process & Risk Oversight

• Conduct independent Second Line reviews of Enterprise Resilience Framework implementation, assessing alignment to policy, standards, and applicable regulatory and supervisory expectations.
• Provide risk input and challenge on:
• Identification of important business services and critical activities
• Impact tolerance definition and assumptions
• Disruption scenario severity, plausibility, and coverage
• Mapping of people, technology, third parties, facilities, and data dependencies
• Recovery and remediation strategy sufficiency
• Assess resilience-related MCA control design and operating effectiveness, including sustainability, ownership clarity, and integration across risk types.
• Support resilience risk appetite and quarterly Risk Appetite Assessment (RAA) processes by:
• Aggregating qualitative and quantitative resilience risk inputs
• Assessing consistency between risk evidence, RAA factor mapping, and conclusions
• Providing an independent Second Line view of resilience risk posture
• Review and challenge resilience-related issues and corrective action plans (CAPs), including root cause quality, remediation realism, sequencing, and residual risk.
• Analyze operational loss events, incidents, near misses, testing outcomes, and scenario results to identify emerging or systemic resilience weaknesses.
• Support assessment of cross cutting dependency and concentration risk (e.g., single points of failure across technology, third parties, locations, or data).

Governance, Reporting & Escalation

• Contribute to enterprise resilience governance forums, providing independent risk perspectives, thematic insights, and escalation recommendations.
• Prepare executive materials ready for summarizing:
• Overall resilience risk posture
• Key vulnerabilities and single points of failure
• Thematic trends and systemic risks
• Recommended areas of management focus
• Identify emerging resilience risks, regulatory sensitivities, and execution gaps requiring heightened oversight or escalation.
• Track and manage assigned resilience framework initiatives or second line deliverables, ensuring transparency, prioritization, and timely execution.

Collaboration & Influence

• Partner closely with First Line Resilience, Technology, Business, and Infrastructure teams while maintaining Second Line independence.
• Collaborate with horizontal Risk SMEs (incl. but not limited to Technology Risk, Third-Party Risk, Cyber Risk, Compliance, Human Capital Risk, and Data Risk) to ensure comprehensive resilience risk coverage.
• Act as a trusted resilience risk advisor to stakeholders, balancing constructive challenge with pragmatic risk guidance.
• Partner with Compliance, Legal, and relevant Risk functions to support coordinated responses to resilience-related regulatory inquiries and examinations, as appropriate.
• Support resilience risk training, awareness, and capability building across ORM.

Qualifications

• Strong understanding of enterprise resilience concepts, including operational disruption, critical services, impact tolerance, dependency mapping, and recovery planning.
• Demonstrated ability to independently assess risk, challenge assumptions, and influence senior stakeholders across the lines of defense.
• Experience translating complex operational, technology, or dependency risks into clear, governance-ready insights.
• Comfort operating in evolving regulatory environments and time-bound deliverables.
• Strong written and verbal communication skills, with experience supporting senior management and risk committees.
• Strong experience in Operational Risk Management, Enterprise Resilience, Business Continuity, Technology Risk, or related risk disciplines.
• Demonstrated experience with:
• Risk and control assessments (MCA or equivalent)
• Risk appetite and RAA processes
• Issue management and remediation oversight
• Scenario based risk assessment and testing
• Ability to assess both control design and operating effectiveness, with attention to sustainability and execution risk.
• Proficiency in Microsoft PowerPoint and Excel, with experience preparing executive level materials.
• Strong organizational skills and ability to manage multiple priorities independently.

Education

• Bachelor's degree required.

Job Family Group:

Risk Management

Job Family:

Operational Risk

Time Type:

Full time

Primary Location:

Tampa Florida United States:

Primary Location Full Time Salary Range:

$103,920.00 - $155,880.00

In addition to salary, Citi’s offerings may also include, for eligible employees, discretionary and formulaic incentive and retention awards. Citi offers competitive employee benefits, including: medical, dental & vision coverage; 401(k); life, accident, and disability insurance; and wellness programs. Citi also offers paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays. For additional information regarding Citi employee benefits, please visit citibenefits.com. Available offerings may vary by jurisdiction, job level, and date of hire.

Most Relevant Skills

Analytical Thinking, Control Monitoring, Credible Challenge, Governance, Issue Management, Operational Risk, Policy and Procedure, Policy and Regulation, Risk Controls and Monitors, Risk Identification and Assessment.

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

Anticipated Posting Close Date:

Apr 17, 2026

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.