Privacy and Responsible Information Management Sr. Officer, SVP

Serves as a Privacy and Responsible Information Compliance Risk Officer for Independent Compliance Risk Management (PRIM ICRM) including records management, responsible for establishing internal strategies, policies, procedures, processes, and programs to prevent violations of law, rule, or regulation and design and deliver a risk management framework that maintains risk levels within the firm's risk appetite and protect the franchise. In addition, engages with the ICRM product and function coverage teams, to partner to develop and apply CRM program solutions that meet business and customer needs in a manner consistent with the PRIM ICRM and Citi program framework. Foster proactive engagement and collaboration with key stakeholders across Citi. Responsibilities: Designing, developing, delivering and maintaining best-in-class Compliance program, policies and practices for PRIM ICRM including GEN AI advisory, data localization, data disclosure, impact assessments and records management. Participate in trade industry and advocacy forums relevant to PRIM risks to help influence regulatory policy changes. Engaging with key stakeholders to identify opportunities for Citi processes and systems/ applications connectivity, simplification, integration, and consistent reporting to facilitate timely identification and ongoing mitigation of PRIM risks. Foster and maintain strong stakeholder relationships and proactive engagement across businesses and functions and across global ICRM. Regularly reviewing and updating privacy and records management policies aligned with relevant data protection laws (e.g., GDPR, CCPA) to reflect changing regulations and organizational needs. Act as the primary point of contact for PFICRM regarding privacy and records management matters. Conducting relevant compliance risk assessments. Preparing reports to disseminate pertinent information to PFICRM and lines of business to oversee privacy and records management risks. Conducting monitoring to identify potential privacy and records management risks and non-compliance issues. Providing credible challenge of existing control environment across businesses and functions aligned with relevant privacy laws (e.g., GDPR, CCPA). Developing and/or enhancing current reporting metrics to demonstrate the oversight of compliance and risks aligned to relevant privacy laws (e.g., GDPR, CCPA). Translating PRIM ICRM firm principles, strategy and goals across Citi’s businesses and global functions and geographies in a succinct and clear manner; provide direction and guidance on the PRIM ICRM programs. Serves as a subject matter expert on PRIM risks and programs. Identifying and assessing Citi’s key PRIM risks. Ensuring PRIM risks within Citi are effectively identified, measured, monitored, and controlled, consistent with the bank’s risk appetite statement and all policies and processes established within the risk governance framework. Monitoring adherence to Citi’s PRIM risk policies and regulations and measuring PRIM risk through a robust control framework and ensuring that reviews are conducted consistently across each entity on a regular basis to confirm that controls identified are operating effectively. Performing complex analyses of comparative data, preparing and presenting country and global reports related to compliance risk assessments, and monitoring of compliance related issues as and if required. Partnering, collaborating and working with other areas within Citi, as necessary to enable consistent approach to identifying and managing PRIM risk. Keeping abreast of regulatory changes, new regulations and internal policy changes in order to further identify new key risk areas pertaining to PRIM. Appropriately assess PRIM risk across Citi when business decisions are made, demonstrating consideration for the firm's reputation and safeguarding Citigroup, its clients and assets, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues with transparency. Additional duties as assigned.