Cross-disciplinary Controls Intermediate Analyst

The Data Privacy Sr Analyst is responsible for providing governance and oversight, operational risk management and controls leadership across the respective business for all activities associated with Privacy.  This individual will have responsibility for covering all privacy related capabilities and requirements including: compliance with the Citi Global Privacy Policy, identification and management of operational risks associated with Privacy and working across the business to ensure that effective controls and monitoring are in place to reduce risk.  This role will ensure that the business is compliant with the Global Privacy Policy, Standards, and Procedures and the applicable laws rules, and regulatory requirements.

Responsibilities:

• Complete the Privacy Impact Assessment (PIA) process and controls required for all initiatives, new products and services
• Assess, evaluate, and validate controls through processes and tools such as the MCA and KRIs as appropriate for data privacy risk
• Support the product heads, function heads, COOs and In Business Risk team on gap analysis and the implementation of global policy requirements and regional standards, and on the assessment of the legal and regulatory requirements with Country Legal and Compliance as well as the development of local procedures as related to data privacy
• Support periodic reviews of the Business’s data privacy processes and control and validate changes as a result of such reviews
• Track and review deviations and risk acceptances when raised and at the time of renewal to assess the need for deviations and ascertain that the business has implemented and documented effective compensating controls
• Follow Escalation Policy and procedures to ensure effective escalation and socialization of material risk events and issues across businesses for any Data Privacy related items
• Escalate material risk events and issues appropriately
• Assist business in creation of Issues/CAPs related to Data Privacy as needed (issues and CAPs owned by Product/Region business owner). Track and escalate as necessary
• Support the Business and Functions on reviews and audits on Data Privacy.  Support the business on reviewing and responding to findings by reviewers
• Work with Global In-Business Regulatory head on all reviews and audits to ensure appropriate preparation, pre-review assessments and post-review remediation
• Coordinate and support the Business in the implementation of global, regional and local Data Privacy, regulatory and risk and control projects
• Ensure high quality execution for Data Privacy programs for any Citi initiated programs, in coordination with Global Risk and Control and In Business Regulatory Engagement Head
• Perform training on risk and control concepts, processes, tools, and on effective issue self-identification and testing.  Customize global and regional training programs to cater for product specific or local requirements and/or additional nuances

Qualifications:

• 5-8 years of relevant experience in privacy, regulatory operations, legal, compliance, or data governance within global financial institutions or enterprise settings.
• Demonstrates Data Privacy, Data Privacy Operations, Information Security or Cyber related risk management or minimum two years in an Internal Audit, Risk Management, or Control Management related role
• Working knowledge of Data Privacy Compliance laws, rules, regulations, risks, and appropriate controls.  Additionally, familiarity with privacy related technology considerations such as cookies, mobile devices, biometrics and geolocation data is desired
• Strong project management skills 
• Optimizes work processes by knowing the most effective and efficient processes to get things done, with a focus on continuous improvement 
• Ability to anticipate and balance the needs of multiple stakeholders, while monitoring tight deadlines or unexpected requirement changes 
• Ability to communicate effectively  
• Risk-based thinking and analytical mindset
• Ability to build rapport and work closely with stakeholders
• Up-to-date understanding of key Data Privacy risk and control concepts, tools and trends
• Proficient in the use of basic Microsoft applications (Word, Excel, PowerPoint)

Education

• Bachelor's/University degree or equivalent experience

The IMPaCT Team combines the Cross Border Data Clearance function, the Enterprise Data Office, Privacy, and Records and Information Management. The Enterprise CBDC (Data Transfers Office) drives the build-out and implementation of Citi's enterprise-wide data transfer framework and implements the transfers operating model.

We are seeking an experienced AVP to support the cross-border data transfer clearance process for a major business segment within Citi. This role requires a solid understanding of regulatory requirements, data transfer processes, and control frameworks. The AVP will contribute to the implementation of Citi's enterprise data transfer framework, providing subject matter expertise, supporting business partners, and ensuring timely and compliant execution across multiple jurisdictions and stakeholder groups. This role is specifically within the Data Transfers Office.

• Operational Support: Assist in the implementation and operationalization of new regulatory changes, contributing to data security initiatives to ensure compliance with data security standards.
• Contribute to Data Enablement Strategy: Provide support in the execution of the transformational data enablement strategy, including assisting with the development of consolidated, multi-domain assessment frameworks to streamline risk evaluations and facilitate workflow integration.
• Assist in Target State Process Model Development: Support the design and implementation of the target state operational model for the Data Transfers Office, contributing to efforts to drive consistency and reduce risk in DTO processes.
• Aid Process Simplification & Communication: Contribute to the simplification, standardization, and clarification of work processes, including assisting in the creation of content including documenting process flows, business guidance, communications.
• Team Collaboration: Work collaboratively with a team responsible for execution, coordination, and control adherence, contributing to a culture of excellence and continuous improvement.
• Process Implementation: Assist in the implementation of a scalable and efficient operating model aligned with Citi’s global data transfer framework, contributing to process optimization.
• Cross-Functional Collaboration: Collaborate with legal, compliance, technology, and business teams to support seamless delivery and achieve common goals.
• Data Analysis & Reporting: Conduct quantitative and qualitative analysis to evaluate process performance, identify areas for improvement, and contribute to data-driven recommendations.
• Content Support: Contribute to the creation of high-quality content, including playbooks, guidance documents, and FAQs, that simplifies and scales process knowledge across the organization.
• Communication & Reporting: Assist in communicating regulatory and process information to subject matter experts (SMEs).
• Risk Management & Mitigation: Support the review and challenge of execution quality, escalate risks, and contribute to the development of effective remediation strategies.

Other Qualifications & Experience:

• Teamwork: Proven ability to work effectively within cross-functional teams across multiple time zones in complex, matrixed organizations.
• Regulatory Knowledge: Solid working knowledge of international privacy laws and cross-border regulatory requirements, including GDPR, CCPA, and other relevant regulations.
• Technical Proficiency: Familiarity with automation tools, workflow platforms, and data analysis techniques.
• Risk & Control Understanding: Understanding of risk and control frameworks, including process oversight and the implementation of effective controls.
• Communication Skills: Strong communication skills, with the ability to convey information clearly and concisely.
• Proficiency in MS Excel and PowerPoint and office tools.
• CIPP/CIPM/CIPT/CISA certifications an added advantage

The ideal candidate will possess the following attributes:

• Adaptability: Adapts to fast-paced environments and shifting priorities.
• Problem-Solving: Demonstrates effective problem-solving skills and a focus on structured solutions.
• Collaboration: Collaborates effectively with diverse, cross-functional global teams and control partners.
• Industry Knowledge: Brings a good understanding of financial services business models, operations, and enabling technology platforms.
• Analytical Skills: Possesses strong analytical and interpersonal skills.
• Communication Skills: Communicates clearly and confidently—able to articulate the story behind the data and translate complex issues into actionable insights.

------------------------------------------------------

Job Family Group:

Data Governance

------------------------------------------------------

Job Family:

Data Privacy & Data Transfers

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Constructive Debate, Data Governance, Data Management, Internal Controls, Laws and Regulations, Management Reporting, Policy and Procedure, Program Management, Regulatory Management, Risk Controls and Monitors.

------------------------------------------------------

Other Relevant Skills

Analytical Thinking, Business Acumen, Communication, Controls Assessment, Controls Lifecycle, Escalation Management, Issue Management, Risk Management, Stakeholder Management.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

 

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.