Cloud Security Risk Assessment Vice President

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC Rail Services LLC, Manufacturers Bank, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

The anticipated salary range for this role is between $143,000.00 and $185,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.

Role Description

SMBC is seeking a Cloud Security Risk Assessment Vice President who is experienced working in a Cloud Security Risk Program that includes running projects and BAU activity for assessing and reporting on risk and controls for Service Providers and their supporting tools. The Cloud Security Risk Assessment Vice President will be responsible for maintaining a program that will drive Cloud governance, security improvements, and efficiency across the Bank and the various group companies. He/she will lead efforts to continuously monitor Cloud Security Risks in a dynamic environment and will also lead projects related to information security risk management processes and system implementations. Additionally, the Cloud Security Risk Assessment Director will partner with various departments of the Bank on developing new risk management processes and ensure the roles and responsibilities are clearly defined among different teams.  

Role Objectives

•    Prioritize and complete internal and external risks assessments as required and negotiate with requesters on validity of the requests as needed. 
•    Partner with other risk departments of the bank to collaborate on BAU activities or projects and define clear roles and responsibilities on risk management processes, ensuring information security risks and controls throughout the bank are sufficiently assessed and managed. 
•    Complete independently or assign resources to various information security risk assessment activities such as self-assessments requested by clients and regulators, as needed.
•    Fully understand Cloud security risk and controls and can simplify and articulate risk and controls to both technical and business stakeholders.
•    Continuously enhance/streamline processes and technology in the Cloud security risk management space.
•    Formally manage junior staff as direct reports.
•    Function as an internal cloud security consultant on information security initiatives as assigned by the Executive Director and CISO.
•    Function as SME to defend and advocate security controls.

PRIMARY RESPONSIBILITIES
•    Communicate policy, procedure, and standard updates to stakeholders concisely and clearly.
•    Clearly articulate security and technical controls and corresponding technical and operational risks to stakeholders 
•    Assess Cloud-based risks and controls against internal requirements, best practices, and industry frameworks.
•    Ensure compliance with all policy and standard requirements applied to Cloud services and technology.
•    Coordinate with various departments to ensure Cloud Security documentation requests are comprehensible and addressed timely.  
•    Serve as the Cloud Security SME and as a change agent to enable cloud transformation initiatives from a security perspective.
•    Work closely with DevOps teams to assess practices for deploying new systems in the Cloud.
 

Qualifications and Skills

•    Ability to lead complex tasks and technical projects and assign resources to complete the tasks timely.
•    Have strong knowledge of cloud information security controls, risks and best practices in a large financial institution or banking environment.
•    Have strong knowledge of cloud service providers (e.g., GCP, AWS, and AAD), cloud-based applications and tools (e.g., CASB), as well as the security controls that are unique to such solutions.
•    Have strong knowledge of commonly used banking applications, operating systems, and databases.
•    Have strong knowledge of cyber security regulations (e.g., NYS DFS Cybersecurity, GDPR, FCA) and information security best practices and industry frameworks (e.g., ISO27002, FFIEC, NIST, Cloud Security Alliance).
•    Have working knowledge of various risk functions in large financial institutions, including how these risk functions relate to the management of information security risks.
•    Have strong verbal and written communication skills. 
 

Additional Requirements

D&I Commitment

Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.

SMBC’s employees participate in a hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.