Application Security Manager-Executive Director

 SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

The anticipated salary range for this role is between $228,000.00 and $260,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.

Role Description

The Application Security Manager is responsible for creating, implementing, and operating a comprehensive Application Security Program across the America’s Division covering all aspects of application security and software assurance including threat modelling, security testing (manual, automated), source code review (manual, automated), penetration testing and issue remediation. You will collaborate with Software Development, Enterprise Architecture, IT Governance and Compliance teams to build a robust Application Security Program that protects sensitive financial data, mitigates risks, and ensures regulatory compliance and SDLC governance.  

Role Objectives

The role will include specific responsibilities such as: 
1.    Security Architecture Design
•    Research and stay abreast of the latest security threats.
•    Evaluate and recommend new and emerging application security products and technologies. 
•    Define application security architecture guidance.
•    Deliver next generation application security controls.
•    Create and maintain library of reference documentation with application standards, work instructions and training materials.

2.    Threat Modeling and Risk Assessment
•    Assist with the creation, adoption, and maturation of threat modeling and application security requirements functions and processes within the SDLC.
•    Review and evaluate the security impact of proposed changes to applications and software systems.

3.    Secure SDLC Implementation
•    Guide and perform security activities including penetration testing and vulnerability analysis, code review, static and dynamic testing, ethical hacking and manage resulting issues requiring remediation through completion.
•    Configuration of data sources for metrics reporting/tracking
•    Coordinate the maintenance of the application inventory and risk profiles with the enterprise asset inventory.

4.    Stakeholder Collaboration and Training
•    Socialize with application teams to ensure strong adoption. 
•    Develop communication plans for the enterprise security application program and integration of other functions.
•    Train and mentor software development teams in remediation of identified security weaknesses.

5.    Regulatory Compliance and Standard
•    Keep up to date on the latest regulations, advisories, alerts, and vulnerabilities that may impact the application security program and responding accordingly. 
•    Provide secure code programming guidance that is built on industry and academic best practices.

Qualifications and Skills

Education: Bachelor's degree or equivalent
Skills and Qualifications:
•    8 to 12 years of experience in a combination of information security and IT jobs related to application development and security in a highly regulated industry, preferably financial services.
•    Proven track record developing and implementing a comprehensive application security program including policies and procedures for both corporate and consumer banking environments.
•    Current knowledge of common information security management frameworks, such as NIST CSF, CRI Profile and NIST 800-218.
•    Knowledge of relevant legal and regulatory requirements related to information security in the financial services sector. Ability to translate those into practice to ensure compliance.
•    Secure software development lifecycle experience and adherence to industry benchmarks (OWASP top 10, SANS top 25) 
•    Understanding of modern programming languages 
•    Strong ability to articulate technical concepts to non-technical business owners and management and effectively communicate security issues to developers. 
•    Experience in secure application development in cloud environments and CICD (Continuous Integration Continuous Development) processes and tools
•    Strong technical skills, including knowledge of security technologies, network security, cloud security, and application security. 
•    Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
•    Excellent written and verbal communication skills and high level of personal integrity. 
 

Additional Requirements

D&I Commitment

Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.

SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.