Head of Enterprise Information Protection - Director

 SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

The anticipated salary range for this role is between $190,000.00 and $227,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.

Role Description

Sumitomo Mitsui Banking Corporation is seeking an experienced professional who will be responsible for the strategic leadership, development, and execution of our information protection program. This senior role requires a deep understanding of cybersecurity, data privacy, and regulatory compliance within the financial services industry. The successful candidate will oversee the design, implementation and management of policies, processes, and technologies to protect the bank’s sensitive information, ensuring compliance with all relevant regulations and industry standards.

The Head of Enterprise Information Protection (EIP) is responsible for safeguarding SMBC’s data from unauthorized access, use, disclosure, disruption, modification, or destruction. The role encompasses data encryption, access control, data loss prevention, and compliance with regulatory requirements, ensuring the confidentiality, integrity, and availability of sensitive information across the enterprise.

Role Objectives

• Develop and lead the overall strategy for enterprise information protection, aligning it with SMBC’s business objectives and regulatory requirements.
• Design and implement comprehensive information protection policies and procedures, ensuring alignment with regulatory standards (e.g., NYDFS Cybersecurity Regulation, GDPR, CCPA).
• Develop and establish an operational function to manage the day-to-day operations of the enterprise information protection program. This includes overseeing the ongoing monitoring, management, and support of security processes, tools, and systems.
• Identify, assess, and mitigate risks related to information security and data privacy. Oversee risk assessments and security audits to ensure ongoing compliance and protection.
• Manage data leakage prevention solutions and incidents to detect, monitor, and prevent unauthorized access, sharing, or transmission of sensitive information.
• Manage and implement advanced security technologies and tools to enhance SMBC’s information protection capabilities.
• Oversee the deployment and management of encryption technologies to secure sensitive data at rest, in transit, and in use. Ensure encryption policies are effectively implemented across the organization.
• Establish and maintain robust data governance frameworks, ensuring the proper classification, handling, and protection of sensitive information across the organization.
• Ensure compliance with all applicable laws and regulations, including those specific to the financial services industry. Liaise with auditors and other stakeholders as needed.
• Work closely with other departments, including Data Governance, Data Privacy, IT, legal, compliance, and risk management, to ensure an aligned approach to information protection.
• Lead, mentor, and develop a high-performing team of information protection professionals. Foster a culture of security awareness across the organization.

Qualifications and Skills

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• 10+ years of experience in information security, data protection, or a related field, with at least 5 years in a leadership role within a regulated financial institution.
• In-depth knowledge of information security standards, best practices, and regulatory requirements, particularly within the financial services sector.
• Proven track record of developing and implementing enterprise-wide information protection strategies.
• Strong understanding of data privacy laws and regulations, including GDPR, CCPA, and NYDFS Cybersecurity Regulation.
• Technical knowledge and hands-on experience with leading security tools such as Varonis (for data security and insider threat protection), Proofpoint DLP/CASB (for email security and data loss prevention), Microsoft Purview, Database Encryption technologies, etc.
• Cloud experience with information protection capabilities in Azure or AWS, including encryption, access controls, and cloud-native security tools.
• Experience with risk management, incident response, and data governance.
• Demonstrated ability to lead and manage a team, with excellent interpersonal and communication skills.
• Translates technical concepts into plain language to articulate business risks and suggests appropriate solutions.
• Ability to plan, coordinate, and support security, technology and business needs in a fast-paced, rapidly changing environment at a strategic level. 
• Strong problem solving and analytical skills, with a proactive and results oriented approach to security.
• Experience working in a highly regulated environment such as financial services.
• Relevant certifications such as CISSP, CISM, CIPP, or equivalent are strongly preferred.

Additional Requirements

SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.