Director, Regional Citi Global Wealth (CGW) MCA & Controls Architecture & In-Business Regulatory Ris

Job Purpose:

Citi Global Wealth Management (CGW) is an integration of Citi Private Bank and the Consumer Wealth organization into a single platform enabling Citi to serve its clients across the wealth spectrum and capitalize on Citi's industry leading capabilities to support the goal of CGW, which is to be the leading wealth management provider globally. As we embark on this journey, it is imperative to have a strong Risk & Control framework, supporting this goal through an independent but integral Internal Control organization.

This role is responsible for leading the Manager's Control Assessment (MCA) governance and oversight function, acting as the Regional CGW Business Segment Operational Risk Manager (SORM) working closely with Global Operational Risk Management (ORM).

The incumbent will also serve as the In-Business Regulatory Risk Management (IBRRM) Lead and assume the role of the Asia CGW In-Business Privacy Officer (IBPO) responsible at establishing a robust framework that enables effective regulatory and privacy risk and control management by the CGW businesses and functions to comprehensively identify and mitigate regulatory risks at every point in the end-to-end process to operate within the approved risk appetite

Key Responsibilities:

MCA Governance and Oversight

• Coordinate with the CGW businesses in Asia and functions on the overall MCA and Annual Risk Assessment (ARA) processes for the CGW businesses and functions, and work with the Regional businesses in reviewing the ARA performed based on the analysis of internally and externally raised risks and issues (management-raised issues, Compliance review issues, Audit observations, Regulatory issues etc)

• Actively strengthen the controls environment and participating in enhancements to the MCA program being driven via the enterprise transformation plans through:

• Aligning MCA vision and strategy based on scope, design principles and outcomes (Blueprint) through participation in workshops, as required.
• Contributing to the MCA components as a part of Working Groups in terms of AU scoping, Risk & Control Identification and Assessments, MCA architecture based on Legal entities and re-design of supporting Infrastructure and Governance.
• Aligning MCA elements to Enterprise level new taxonomies across Activities, Risks and Controls including related enterprise and CGW level procedures, eg: control standards.
  • Participating in Key Controls standardization including content, design, and testing as per new standards and procedures, including control automation in MCA.
  • Facilitating the implementation strategy for Key Indicators (KIs) within MCA control performance assessment process.
  • Enhancing approach to map issues and Operational Risk Events into MCA with the objective of driving optimal residual risk assessments.
  • Contributing to redesign of inherent and residual risk rating & aggregation methodology.

• Strengthen existing governance and oversight of MCA - engagement with global, regional, and business teams on:
  • Maintaining oversight and governance on MCA operational rhythm for all businesses.
  • Collaborating with Global CGW Risk and Control Team and CGW Businesses to implement strong Standard MCA Profile (SMP) and Enterprise MCA Profile (EMP) change management process.
  • Reviewing MCA Data Quality reports from Global CGW Risk and Control MCA team and working with CGW Businesses for remediation.
  • Reviewing the mapping of ARCMs to Digital Monitoring Tools (DMTs) for high-risk processes in partnership with stakeholders.
  • Continuing to rationalize Local ARCM with country teams.
  • Reviewing MCA Architectural completeness and appropriateness.
  • Working with the Regional SMEs and Global CGW Risk and Control team to align Regional SMPs with Global SMPs based on the global and regional plan and timeline.
  • Work closely with ICRM and CGW Risk and Control Business teams to implement the mapping and integration of rules and regulations into the MCA
  • Lead the deployment of the Global and Regional Standard MCA Profiles across the region with an appropriate change management process
  • Perform a quality review of the ARCMs, MCA results and corrective actions arising from identified exceptions for the Regional CGW Businesses and functions for quality assurance and completeness
  • Analyze MCA issues, trends, Key Operating Risks (KORs) and Key Indicators (KIs) and work with the Regional and Business process owners to develop action plans to remediate the weaknesses and share best practices.
  • Support the region and functions on gap analysis and the implementation of global policy requirements and regional standards and incorporate the updates in Regional Controls Procedures Manual as required.

Segment Operational Risk Manager (SORM)

• Maintain and update the APCB Operational Risk Management (AP ORM) Procedures in compliance with Global Operational Risk Management (ORM) requirements
• Review and monitor operational losses, perform trend analysis and root cause analysis for significant events
• Review and Analyze the Quarterly Key Operational Risks (KOR)/ Key Indicators (KI) results, highlight breaches and work with the regional and business process owners to develop action plans to remediate the weaknesses.
• Perform annual review on KOR/KI with the process owners based on the operational loss trends and Business Environment and Internal Control Factors (BEICF) in compliance with Global ORM requirements, including review and analysis of control and internal audit issues for the year
• Leading the annual scenario analysis in the region in coordination with Global ORM

In-Business Regulatory Risk Management Lead

• Actively collaborate with business leaders to identify, evaluate, and manage regulatory adherence risks arising from the definition of business strategy, development of new products and services, changes in regulations or internal policies, or from business-led changes. This involves promoting a culture of responsible business innovation with a strong emphasis on demonstrable regulatory adherence through key risk and controls monitoring.
• Provide subject matter expert support and guidance to business leaders and process owners on required regulatory obligations and contributing to the end-to-end development of controls and monitoring to ensure they are designed to adhere with applicable regulations. This includes active leadership and engagement during the scoring of inherent risk, and the performance of control and monitoring design assessments to ensure identified regulatory risk is well understood and addressed.
• Continuously evaluate and drive the maintenance of the regulatory inventory linkage to supporting controls in Citi's system of record so that management can effectively demonstrate adherence to applicable laws and regulations through the Manager's Control Assessment (MCA) program.
• Evaluate Regulation Risk Control performance assessed as part of the MCA Annual Risk Assessment review, to identify and escalate high residual risks and those breaching their defined risk appetite. Creating and publishing a 1st line state of regulatory adherence report for senior management and recommending corrective actions and improvements required to mitigate the identified risks.
• Proactively identify business opportunities to improve regulation risk management, prioritizing reviews to uncover root causes and unknown drivers of risk. Analyze data and findings to define and present clear, concise recommendations to business leaders to strengthen their ability to make impactful strategic decisions, policy and procedure improvements, and other business strategies.
• Institute a regionally consistent Regulatory Change Management process, including impact assessment, develop action plans, and identified enhancements to controls as a result of new or changes to existing regulations / rules, and monitoring the progress on Regulatory Change implementation
• Develop strong relationships with Business, Operations & Technology leadership and partners in 2nd and 3rd lines of defense and engage with them to reduce and mitigate regulation risk. Partnering with Business MCA Management Teams in the continuous enhancement of regulation controls and monitoring, including pursuing automation of controls and digitization of monitoring where appropriate.
• Provide subject matter expertise support and advisory during ORM Challenges, Compliance Assurance Testing, Internal Audits and Regulatory Exams. Working with business to self-identify issues potential compliance risks, to improve MCA completeness and enable better self-assessment. Guiding and directing the MCA Management Team and process owners across Business, Operations, and Technology on establishing permanent audit readiness activities that effectively demonstrate adherence to applicable regulatory obligations.
• Partner with Global CGW In-Business Regulatory Risk Management Team to assess breaches to Compliance Risk Appetite and ensure alignment with over-arching Global In-Business Regulatory Risk Management Program requirements. Identifying and measuring the key indicators utilized to monitor Compliance Risk exposure against the set Compliance Risk Appetite.
• Participate in global and regional workgroups/forums to ensure program changes and requirements are communicated in a timely and effective manner.
• Lead the analysis of resource requirements and deployment to meet Regulatory/Compliance focused in-business control impacts.
• Collaborate with ICRM Leads to ensure that Regional/Business CGW Risk and Control staff is trained and knowledgeable of Citi's Compliance and Control Framework and regulatory change management model.

In-Business Privacy Officer (IBPO)

• Ensure that Privacy regulatory requirements are appropriately cascaded, communicated and implemented within the relevant Business or Functions.
• Maintain an inventory of Privacy Notices and Privacy Choices, and Business Procedures for adherence to the Privacy and Confidentiality Standards.
• Represent Asia CGW to participate in monthly Global IBPO forum.
• Ensure General Data Protection Regulation (GDPR) for Extra-Territorial (ET) Markets guardrails are implemented appropriately, MCA and appropriate monitoring of population of customers with EU/EEA addresses are in place
• Partner closely with Global and CGW Business Risk & Control teams to dimension the impact and requirements of any other new extra-territorial Privacy regulations, e.g. CCPA.

Required Qualifications

• University graduate with at least 15 years of experience with strong strategic, analytical and product management skills
• Significant knowledge and expertise of Compliance laws, rules, regulations, risks and appropriate controls with strong ability to translate policy and regulatory requirements to procedures and controls standards
• Demonstrated ability to assess complex issues through root cause analysis and other analytical techniques; structure potential solutions; drive to resolution with senior stakeholders
• Good understanding of operational risk and control processes and procedures
• Openness to challenge and continuously challenging the status quo
• Strategic thinker with strong analytical skills and the ability to translate complex concepts in a concise manner
• Demonstrated leader capable of driving change
• Ability to set priorities and manage multiple projects simultaneously in a fast paced, highly matrix, dynamic environment
• Strong communication (written, verbal and interpersonal) skills
• Strong stakeholder management skills (e.g. written and verbal communication, influencing and negotiation)
• Excellent quantitative, analytical and problem solving skills with attention to details
• Proactive, self-motivated and proven ability to use own initiative and judgment and take lead to work with internal clients in a positive manner and help deliver solutions that benefit the business
• Proven ability to influence across products and functions and operate effectively at all levels in a collaborative manner
• Ability to work well as a team member and contribute to the team's and the organization's objectives
• Skilled with office documentation software/applications (MS Word, Excel and Power Point).

Job Family Group:
Risk Management

Job Family:
Business Risk & Controls

Time Type:
Full time

Citi is an equal opportunity and affirmative action employer.

Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi .

View the " EEO is the Law " poster. View the EEO is the Law Supplement .

View the EEO Policy Statement .

View the Pay Transparency Posting