Role Summary:

The Director for the Data Transfer Office is one of the key leadership roles supporting the execution of Citi's enterprise data transfer and data use compliance framework. Reporting directly to the Head of Transfer Office within IMPaCT (Information Management, Privacy and Cross border transfers), this role is responsible for defining and implementing scalable, efficient processes to manage end to end clearance activities in line with data privacy, bank secrecy, data localization and outsourcing requirements from 95 countries. It requires an exceptional blend of understanding technology, Risk, and controls in financial services - including AI usage and governance integration, to embedded controls within digital workflows. The director will lead high -performing teams, drive cross- functional coordination, and partner closely with country compliance, legal, businesses and technology heads. This position plays a vital role in strengthening Citi's global data transfer framework, its implementation and governance.

Key Responsibilities:

• Lead and manage execution of the cross-border data transfer lifecycle, ensuring compliance with privacy, data outsourcing, localization, and sovereignty requirements.
• Design and optimize regulatory processes, embedding legal and control requirements into simplified, reusable, and scalable workflows.
• Conduct process maturity assessments and define future-state execution models aligned with enterprise data policy.
• Act as a strategic thought partner to senior stakeholders in risk, compliance, technology, and business to embed data transfer governance.
• Serve as escalation point for complex or high-risk data transfer cases requiring legal interpretation or senior stakeholder alignment.
• Build and lead a high-performing team of governance professionals, fostering a culture of accountability, innovation, and responsible data and AI use.
• Drive end-to-end simplification, redesigning complex approval and documentation paths while maintaining risk integrity.
• Lead large-scale transformation efforts, applying automation, AI, and analytics to improve operational efficiency and control transparency.
  • Specifically address the intersection of generative AI and data protection frameworks.
  • Implement practical tools and case studies for responsible data use in AI processes.
  • Incorporate global regulatory perspectives and strategies, in AI data processing/ responsible data use context.
• Build, govern and maintain the Data Transfer Register to ensure accuracy, completeness, and audit traceability.
• Collaborate with product and UX partners to implement intuitive, automation-friendly workflows that support policy adherence.
• Create and deliver clear, scalable process guidance—playbooks, templates, training materials—to support global adoption.
• Represent the function in audits, challenge forums, and regulatory reviews, defending execution rigor and driving continuous enhancement.
• Partner with stakeholders and business leaders to influence action and desired strategy outcomes.
• Develop and implement a dynamic people strategy that empowers employees, drives organizational agility, and enables business objectives in a rapidly evolving environment.

Qualifications & Experience:

• 15+ years of experience in privacy, data outsourcing, cross-border transfer governance, and regulatory compliance execution within large global institutions.
• Proven ability in leading simplification programs at scale, transforming legacy processes into agile, compliant workflows.
• Demonstrated experience in consulting roles, with a strong track records of driving strategic change, stakeholder alignment and process optimization across complex, matrixed environments.
• Experience designing and implementing end-to-end regulatory frameworks and associated control environments.
• Strong product management credentials, with expertise in program delivery, stakeholder management, and data- driven decision-making.
• Deep understanding of technology disciplines, including metrics, analytics, and ability to drive enterprise change programs in a regulated environment.
• Strong understanding of global privacy laws (e.g., GDPR), data residency/localization requirements, and third-party data transfer frameworks.
• Demonstrated success in regulatory interaction, audit engagement, and stakeholder alignment across global teams.
• Background in process transformation, including automation, policy-driven execution models, and metrics-based decision-making.
• Track record of leading high-performing, cross-functional teams across geographies.
  • Experience in navigating the intersection of generative AI and data protection.
  • Proficiency in developing strategies for evolving data within global regulatory landscapes.

Education:

• Bachelor’s/University degree, potentially master’s degree and managerial experience

Ideal Candidate Profile: The ideal candidate is a strategic simplifier and technical executor with domain expertise in privacy and data outsourcing, and the discipline to transform regulatory operations at scale. They bring a consulting mindset, thrive in complex global environments, and deliver with urgency and precision. They are skilled in influencing senior stakeholders, challenging complexity, and operationalizing strategy into streamlined, defensible solutions.

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

------------------------------------------------------

Job Family Group:

Controls Governance & Oversight

------------------------------------------------------

Job Family:

Cross-disciplinary Controls

------------------------------------------------------

Time Type:

Full time

------------------------------------------------------

Most Relevant Skills

Analytical Thinking, Business Acumen, Communication, Constructive Debate, Controls Assessment, Controls Lifecycle, Escalation Management, Issue Management, Risk Management, Stakeholder Management.

------------------------------------------------------

Other Relevant Skills

For complementary skills, please see above and/or contact the recruiter.

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.