Vulnerability and Patch Governance & Administration Director

 SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

The anticipated salary range for this role is between $208,000.00 and $240,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.

Role Description

A Vulnerability and Patch Management Director is responsible overseeing and managing a cross functional Vulnerability and Patch Management program across the Americas Division. The Director will oversee the process for identifying, assessing, and mitigating security vulnerabilities in systems and software, and ensuring timely application of security patches to protect against cyber threats and coordinating with IT and security teams to deploy patches. The Director is also responsible for monitoring and reporting on the technology patch compliance with the defined service level agreement and providing accurate metrics such as Key risk indicators and Key Performance indicators to senior management. The Director is responsible for validating all activities for vulnerability and patching are auditable by diligently working with all technology asset owner across the Americas Division to verify policies, standards, procedures, and controls are in place to meet SMBC’s regulatory, operational, audit and reporting requirements.
 

Role Objectives

• Vulnerability Assessment: Regularly scan systems and applications for known vulnerabilities using various tools. 
• Patch Management: Develop and implement strategies for patching and updating software and systems to address identified vulnerabilities 
• Prioritization: Determine the severity and potential impact of vulnerabilities to prioritize remediation efforts. 
• Remediation: Apply patches, updates, and security configurations to address vulnerabilities. 
• Incident Response: Assist in investigating and resolving security incidents involving vulnerabilities. 
• Reporting and Compliance: Generate reports on vulnerabilities, their impact, and the status of remediation efforts, ensuring compliance with relevant standards and regulations. 
• Communication and Collaboration: Communicate vulnerability findings and remediation recommendations to stakeholders, including technical and non-technical personnel. 
• Policy Development: Contribute to the development and maintenance of vulnerability management policies, procedures, and playbooks. 
• System Configuration: Configure systems to meet security best practices and minimize vulnerabilities. 
• Testing: Support test plan development and perform system configuration testing to ensure patches and updates are deployed correctly. 
• Threat Intelligence: Stay informed about emerging threats and vulnerabilities to proactively address potential risks

Qualifications and Skills

• Vulnerability Management Tools: Experience with tools like vulnerability scanners, patch management systems, and configuration management tools. (Rapid7, ServiceNow VR, Tanium, etc.)
• Operating Systems: Familiarity with various operating systems, such as Windows, Linux, and macOS. 
• Networking: Understanding of network security principles and protocols. 
• Security Best Practices: Knowledge of industry-standard security practices and frameworks such as FFIEC, NIST, and COBIT.
• Compliance Standards: Awareness of relevant security standards and regulations. 
• Communication and Collaboration: Strong interpersonal and communication skills to work effectively with various teams. 
• Data reporting and normalization within ServiceNow including ITAM and CMDB

SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.