Job Description

Serves as a senior compliance risk officer for Independent Compliance Risk Management (ICRM) responsible for establishing internal strategies, policies, procedures, processes, and programs to prevent violations of law, rule, or regulation and design and deliver a risk management framework that maintains risk levels within the firm's risk appetite and protect the franchise. In addition, engages with the ICRM product and function coverage teams, in order to partner to develop and apply CRM program solutions that meet business and customer needs in a manner consistent with the Citi program framework. Key Activities include: . Designing, developing, delivering and maintaining best-in-class Compliance, programs, policies and practices for ICRM. . Translating ICRM strategy and goals across Citi's clients, products and geographies in a succinct and clear manner; provide direction and guidance on the programs. Serves as a subject matter expert on Citi's Compliance programs. . Providing... oversight and guidance over the assessment of complex issues, structuring potential solutions and driving effective resolution with other stakeholders. . Identifying and assessing Citi's key compliance risks. Ensuring compliance risks within Citi are effectively identified, measured, monitored, and controlled, consistent with the bank's risk appetite statement and all policies and processes established within the risk governance framework. . Monitoring adherence to Citi's Compliance Risk Policies and measuring compliance risk through a robust control framework and ensuring that reviews are conducted consistently across each entity on a regular basis to confirm that controls identified are operating effectively. . Performing complex analyses of comparative data, preparing and presenting regional and global reports related to compliance risk assessments, and monitoring of compliance related issues. . Partnering, collaborating and working with other areas within Citi, as necessary. . Keeping abreast of regulatory changes, new regulations and internal policy changes in order to further identify new key risk areas. . Additional duties as assigned, including: o Acting as the Middle East Data Protection Officer (covering countries including the UAE including DIFC and ADGM, Qatar, Bahrain, Jordan and Oman) with lead responsibility for advising and monitoring data protection requirements, and escalating matters as appropriate to the EMEA Chief Privacy Officer, the Middle East and North Africa and UAE Hub Regional Compliance Officers and relevant governance forums; o Facilitating and monitoring compliance with and providing clear, practical advice on local data protection, privacy and banking confidentiality laws to Citi branches and subsidiaries across the Middle East; o Managing and assisting with the implementation of the global privacy program, including policies, standards and procedures, tools, monitoring, metrics and reporting; providing recommendations on operationalizing solutions across the Middle East and sharing leading practices with other DPOs and business stakeholders; o Acting as a point of contact between Citi Legal Entities in the Middle East and the local privacy regulators, sharing information and co-operating with the regulators and any other relevant authority on matters relating to privacy and joining forums organized by external bodies, where appropriate; conducting periodic assessments where required locally, such as the annual DPO Controller Assessment o Advising Country Senior Management and staff on data processing requirements provided under local laws and facilitating capacity building and training to staff involved in data processing operations; o Promoting privacy by design working with local Product, Function and technology teams, and reviewing and advising on local data protection impact assessments, where necessary; developing an understanding of local data processing activities, data flows and associated privacy risks. o Monitoring and advising on individual rights requests and enquiries made by data subjects on matters in relation to privacy, including complaints or grievances; o Advising on privacy-related considerations and requirements during the investigation of security incidents including advising on notifications to local privacy regulators; o Advising on the implementation of new data protection, privacy and banking confidentiality laws in Citi Legal Entities across the Middle East, working closely with first line In-Business Privacy Officers, local Product and Function teams and Country Legal and Compliance. Education level and/or relevant experience(s): Required: Bachelor's degree; experience in compliance, legal or other control-related function in the financial services firm, regulatory organization, or legal/consulting firm, or a combination thereof; knowledge of the local privacy laws and regulations in the Middle East; experience in advising on and implementing practical solutions for privacy/compliance issues Preferred: Advanced degree (e.g. JD, MBA) a plus Knowledge and skills Required: . Expertise of Compliance laws, rules, regulations, risks and typologies, specifically privacy and data protection laws, rules and regulations in the Middle East; . Excellent written, verbal and analytical skills . Must be a self-starter, flexible, innovative and adaptive; . Highly motivated, strong attention to detail, team oriented, organized . Strong presentation skills with the ability to articulate complex problems and solutions through concise and clear messaging . Ability to work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization; to influence and lead people across cultures at a senior level . Experience in managing regulatory exams and relationships with examiners, auditors, etc. . Awareness of regulatory requirements including local and US privacy laws, international and industry standards . Advanced knowledge in area of focus (privacy and data protection generally) . Ability to promote a data protection and privacy compliant culture within the organization . Understanding of data security and information technology . Written and spoken English language skills (professional proficiency) Preferred: . Knowledge and experience in understanding personal data processing activities and managing areas relevant to privacy and data protection (e.g. information security; data governance; third party risk management) . Knowledge of IT systems in financial services organizations . Written and spoken French language skills (professional proficiency) Other: IAPP CIPP, CIPM, CIPT or other Data Protection Officer certification (existing or pending) CISSP and CIPM and other Information Security-related certifications are a plus Job Family Group: Compliance and Control Job Family: Compliance Risk Management Time Type: Full time Citi is an equal opportunity and affirmative action employer. Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi . View the " EEO is the Law " poster. View the EEO is the Law Supplement . View the EEO Policy Statement . View the Pay Transparency Posting

Benefits

Skills Required