SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.
In the Americas, SMBC Group has a presence in the US, Canada, Ireland, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.
Role Description
SMBC is seeking a Cyber Governance, Risk and Compliance professional with 7+ years of experience and strong professional background in Cybersecurity/Information Security and Information Technology audit execution and coordination, controls governance, design, and operation, as well as a deep understanding of Governance Risk and Compliance programs. The role reports to the Director of Governance, Risk and Compliance (Information Security). This role is hybrid, requiring 2-3 days of the week to be conducted from the Tralee, Ireland office.
The candidate would support the GRC Team: Audit and Regulatory Management (ARM). As a VP on the ARM Team, the candidate will primarily be leading the successful coordination of various assessments or assessment activities on behalf of Cybersecurity. These assessments may include, but are not limited to: Internal Audits, External Audits, Compliance Reviews, as well as US State, US Federal, and other Region-specific Regulatory Exams that SMBC must comply with regularly. The ARM VP will serve as a primary liaison between Cybersecurity and its assessors through the management of issue reporting, audit remediation activities including validation efforts, and the intense evaluation of control design and operating effectiveness prior to the delivery of evidence to the assessors.
Please note this is NOT an auditor role; the ARM Team is a Cybersecurity function reporting through to the SMBC CISO. However, individuals with certifications or professional experience as an IT/Cyber/InfoSec auditor or similar background would be notable candidates.
Role Objectives
Lead a portfolio of assignments and coordinate various assessments on behalf of Cybersecurity, including Internal Audits, External Audits, Compliance Reviews, and US State, US Federal, and other Region-specific Regulatory Exams. Conduct control testing program delivery, walkthroughs, and support design and operating effectiveness testing. Enhance coordination efforts each year to address and improve efficiencies identified in previous years. Direct and provide guidance to other members of the ARM team in the performance of their tasks.
Collaborate closely with key stakeholders across the 2LoD (Operational Risk) and 3LoD (Internal Audit) during assessments over Information Security controls. Communicate effectively and timely with auditors to affirm their understanding of controls and ensure audit testing approaches are effective. Articulate controls and compensating controls to auditors and stakeholders, and explain requests to Evidence Providers or Control Owners to secure appropriate artifacts. Note: This is NOT an auditor role – the Cyber Governance, Risk and Compliance Manager will serve as the liaison with assessors.
Collaborate with stakeholders to identify continuous improvement opportunities in controls, processes, and procedures. Assist ARM Leadership in strategically managing and developing the ARM program.
Engage with auditors early in preliminary findings to ensure completeness and accuracy. Review preliminary findings for plausibility and engage with Control Owners, Senior Management & Subject Matter Experts as applicable. Draft formal management responses to findings for Information Security management review with minimal oversight. Manage and track audit issues to closure, providing periodic status updates to Information Security Management.
Apply strong understanding of Governance, Risk and Compliance (GRC) practices to support Information Security’s adherence to authoritative frameworks (FFIEC, COBIT, NIST, ISO, etc.) and U.S. regulatory expectations, and understand Information Security controls and associated risks.
Qualifications and Skills
7+ years experience in Cybersecurity / IT Audit (Big‑4 experience or related financial services industry experience preferable) and/or Cybersecurity Risk (with active CISA and/or CRISC certification a plus) or other risk management and audit roles.
7+ years experience working with common risk management frameworks, including RCSAs, control testing programs and maturity assessments.
Experience working with Cybersecurity teams to strengthen adherence to organization‑defined Cybersecurity controls.
Experience executing control testing, reporting, and tracking control remediation.
Ability to influence responsible parties (including senior management) across the 1st, 2nd, and 3rd lines of defense in conversations regarding control compliance and remediation.
Strong verbal and written communication skills.
Self‑motivated and disciplined approach to learning and working.
Team‑oriented mindset with demonstrated leadership when needed.
Strong personal accountability and follow‑through with the ability to prioritize multiple tasks, projects, and goals.
Additional Requirements
SMBC’s employees participate in a hybrid workforce model that provides employees with an opportunity to work from home, as well as from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at .
EOE, including Disability/veterans
#J-18808-Ljbffr