GRC Manager (Associate)

 SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

The anticipated salary range for this role is between $90,000.00 and $135,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.

Role Description

SMBC is seeking an Audit & Regulatory Management (ARM) Manager who is highly interested in building his/her career as part of a dynamic team, the Audit & Regulatory Management (ARM) team, that specializes in the management of audit and regulatory requirements for the Information Security team at JRI-A.  
The ARM Manager will be a hands-on manager who can independently and successfully execute the ARM process in the coordination & facilitation of audit request and issue management. The ARM Manager will assume the lead role on an audit / multiple sections of a larger audit throughout the year; They will be the lead point of contact and will be responsible for the co-ordination & facilitation of the audit / section from start to finish, ensuring the process is efficient and well-coordinated. The ARM Manager will actively manage all audit requests, ensuring right artifacts are gathered and audit requests are tracked and responded to on time and be responsible for all related ARM activities associated with the audit / sections / issues for which they are managing. The ARM Manager will be responsible for the successful management of the relationship between the stakeholders throughout the process. 
Please note this is NOT an auditor role. However, individuals with an auditor/assessor or similar background would be a plus.

Role Objectives

•    Lead role for a single audit or full responsibility for multiple sections across a group of audits. Responsible for the co-ordination & facilitation of the audit / section from start to finish, ensuring the process is efficient and well-coordinated. Actively manage all audit requests, ensuring right artifacts are gathered and audit requests are tracked and responded to on time. Responsible for the assigning and reviewing of work of junior team members and timely escalation to ensure deliverables stay on track.  
•    Manage the facilitation and co-ordination of audit request and issue management activities including but not limited to interviews, documentation requests, artifact requests, logistical support for walkthroughs / meetings, facilitating follow up queries with various stakeholders, reviewing Issue Closure Packs, and facilitating management review and approval.
•    Communicate effectively and timely with auditors where necessary to affirm their understanding of the controls in place to ensure the audit testing approach is effective & their requests are appropriate and clear. In turn, be able to clearly explain the request to Evidence Providers/Control Owners, outlining the risks / controls being tested, assisting them where necessary, to ensure the correct artifact is provided.
•    Articulate to auditors / stakeholders comfortably and independently the key controls in place and identification of compensating controls; be able to defend and advocate for these controls to auditors.
 

Role Objectives continued

•    Manage preliminary audit findings. Engage with auditors at an early stage in preliminary findings to ensure completeness and accuracy of understanding. Responsible for reviewing preliminary findings for plausibility & reasonability, engaging with the Control Owners / Senior Management / Relevant Subject Matters Experts as applicable. Responsible for providing further information / evidence to the auditor, which may result in the preliminary finding being revised or removed.
•    Assist Service Providers / Control Owners in drafting formal management responses to confirmed findings for Information Security management review with the expectation of management oversight required.
•    Manage and track audit issues to closure providing periodic status updates to Information Security Management.
•    Maintain the ARM Evidence Repository, which enables evidence to be leveraged for similar type audit requests for all audits across the firm. Ensuring repeatable evidence is stored and collected in advance where possible.
•    Promote use of the central ARM tool, providing information to maintain up to date audit status. Review of dashboard metrics to ensure information is up to date and accurate to ensure meaningful information is available for ARM Management / Information Security Management.
•    Take an active role in projects designed to expand and ensure continuous improvement in the ARM Program. Lead certain aspects of the project. Take ownership for directing the ARM Specialist / ARM Senior Specialist in the performance of their tasks.
•    Ensure adherence to the ARM Process & Standards. Working with the ARM team to continuously identify areas for improvement, document and implement these. Share with the ARM team best practices of ARM activities & processes and take lead role in rolling out the improved process. Responsible for ensuring documentation is up to date.
•    Create professional training materials on ARM Process and Tools and lead initiatives to educate Information Security team members by conducting the classes and socialization meetings. 
•    Provide direction to ARM Specialist / ARM Senior Specialist in the assignment and completion of audit requests.
•    Complete independently ARM activities requested by management, clients, auditors and regulators.
•    Continuously ensure professional development (e.g. attend technical training courses, pursue relevant certifications).  

Qualifications and Skills

•    Bachelor’s degree in information technology, Information Security, or related field. 
•    Have 5 plus years of IT audit (Big 4 preferable), assurance, or consulting experience.
•    Have designations in the information security and IT risk fields such as CISA, CISSP, CISM, CRISC.
•    Possess strong knowledge of General IT Controls, risk, and best practices, especially in relation to Information Security.
•    Possess strong knowledge of IT Auditing - the core concepts, audit process, types of audits.
•    Possess strong knowledge of Cyber Security regulations (e.g., NYS DFS Cybersecurity, GDPR, FCA) and information security best practices and industry frameworks (e.g., ISO27002, FFIEC, NIST). Detailed, thorough, diligent technical ability, with good analytical skills, a customer service mindset.         
•    Strong written, verbal, and interpersonal communication skills must be able to clearly articulate a point and be a persuasive communicator.
•    Ability to demonstrate a self-motivated and disciplined approach to learning and working.
•    Ability to display initiative and innovation; independently manage ARM assessments, including all related ARM activities from start to finish.
•    Ability to take ownership of complex tasks, drive projects forward for timely completion.
•    Must have excellent time manageability skills, should be able to prioritize, multitask and manage multiple projects simultaneously.

Additional Requirements

SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.