GRC Sr Specialist

 SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

The anticipated salary range for this role is between $90,000.00 and $135,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.

Role Description

SMBC is seeking a Governance Risk and Compliance (GRC) Sr Specialist who has a strong passion for information security risk management and is interested in building a career within a dynamic team at a fast growing and reputable bank. The GRC Sr Specialist will assist with various information security risk and control assessments but will mainly support the Bank’s Information Security Policy Governance program, which ensures that the Bank’s Information Security Policy Framework aligns to current cyber security regulations and industry best practices. They will also be given opportunities to participate in information security risk management projects and will play a key role in the expanding information security risk management practices at the Bank and its various subsidiaries. 

Role Objectives

SCOPE
•    Continuously enhance and streamline processes and technology in the information security risk management space. 
•    Interface with other risk departments of the Bank to collaborate on BAU activities and projects.
•    Understand information security controls and their associated risks, and articulate these to technology and business stakeholders, building risk and control awareness and maturity of users at all levels.

PRIMARY RESPONSIBILITIES
•    Thoroughly understand the Bank’s Information Security Policy Related Documents (PRDs) such as policies, standards and procedures in order to enhance them over time, to educate stakeholders when policies and standards change.
•    Coordinate the periodic reviews and overall approval processes for PRDs.
•    Support the monitoring of overall adherence against Information Security Policy requirements across the Bank. 
•    Assist in investigating and resolving cases where policy violations are identified for people, processes or technology.
•    Assist stakeholders with understanding security control requirements and identifying compensating controls where necessary.

Qualifications and Skills

CRITICAL JOB KNOWLEDGE AND CORE COMPETENCIES/SKILLS

•    Candidates will ideally have 3 to 5 years prior experience working in an information security role, and/or in developing policies and engaging relevant stakeholders to update content.
•    Have basic knowledge of information security controls, risks, and best practices in the banking industry.
•    Have basic knowledge of commonly used banking applications, operating systems, and databases.
•    Have basic knowledge of cloud-based applications and tools.
•    Have basic knowledge of cyber security regulations (e.g., NYS DFS Cybersecurity, GDPR, FCA) and information security best practices and industry frameworks (e.g., ISO27001, FFIEC, NIST).
•    Have strong verbal and written communication skills.
•    Ability to demonstrate a self-motivated and disciplined approach to learning and working.
•    Ability to work in a team environment and demonstrate leadership skills when needed.
•    Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple personal tasks, projects, and goals. 

Additional Requirements

SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.