Cyber Governance, Risk and Compliance Manager

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges. In the Americas, SMBC Group has a presence in the US, Canada, Ireland, Mexico, Brazil, Chile, Colombia, and Peru. The Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients and connects a diverse client base to local markets and the organization’s extensive global network.

In the Americas, the Group’s operating companies include SMBC, SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

This is a hybrid role, requiring the successful candidate to attend our Tralee office.

SMBC is seeking a Cyber Governance, Risk and Compliance Manager who has a strong understanding of Cyber Governance and Controls and is interested in building a career at a fast growing and reputable Bank. It is the responsibility of the Cyber Governance, Risk and Compliance Team to ensure controls are designed and implemented to support adherence to the Bank\'s policies.

The successful candidate will focus on ensuring our compliance with the many assessments and audits that take place over Information Security controls. The Cyber Governance, Risk and Compliance Manager will serve as the liaison with the Assessors and act as the primary point of contact, representing Information Security. In addition, you will assist with issue reporting and remediation, validating control remediation efforts and verify, through testing and periodic reviews that these controls meet their design, are operating effectively and sustainably. Please note this is NOT an auditor role. However, individuals with an auditor/internal audit or similar background would be notable candidates.

This role reports to the Director of Governance, Risk and Compliance (Information Security).

• Strong understanding of Governance, Risk and Compliance (GRC) practices to support Information Security’s adherence to authoritative frameworks (FFIEC, COBIT, NIST, ISO etc.) and U.S. regulatory expectations.
• Understanding of Information Security controls and associated risks
• Facilitate the co-ordination of audit activities and Collaborate closely with key stakeholders across the 2LoD (Operational Risk) and 3LoD (Internal Audit) as they undertake assessment / audits over Information Security controls; (Please note this is NOT an auditor role – The Cyber Governance, Risk and Compliance Manager will serve as the liaison with the Assessors)
• Familiarity with controls testing program delivery, including conducting walkthroughs, and supporting design and operating effectiveness testing.
• Collaborate with stakeholders to identify continuous improvement opportunities in Controls, Processes and Procedures.
• Monitor & track issues through remediation. Support Information Security team in remediation activities to improve operational efficiency. Provide regular updates to Senior Management on issues status.

• 5-8 years Security Information Technology experience, with focus on experience in the financial services industry.
• 5-8 years of experience in a 1LoD role or other risk management and audit roles.
• 5-8 years of experience working with common risk management frameworks, including RCSAs, control testing programs and maturity assessments.
• Experience in Cybersecurity / IT Audit (Big-4 experience) and/or Cybersecurity Risk (with active CISA and/or CRISC certification a plus).
• Experience working with Cybersecurity teams to strengthen their adherence to organizationally defined Cybersecurity controls.
• Experience executing control testing, reporting, and tracking control remediation.
• Ability to influence responsible parties (including senior management) working in the 1st, 2nd, and 3rd lines of defense in conversations regarding Control compliance and remediation activities.
• Have strong verbal and written communication skills.
• Ability to demonstrate a self-motivated and disciplined approach to learning and working.
• Ability to work in a team environment and demonstrate leadership skills when needed.
• Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple personal tasks, projects, and goals.

• SMBC’s employees participate in a hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process.
• SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.