Join to apply for the GRC Sr Manager - Vice President role at SMBC Group
SMBC Group is a top-tier global financial group headquartered in Tokyo with a 400-year history. It offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide across nearly 40 countries.
In the Americas, SMBC Group has a presence in the US, Canada, Ireland, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients, connecting a diverse client base to local markets and the organization’s extensive global network.
Role Description
SMBC is seeking a Cyber Governance, Risk and Compliance professional with 7+ years of experience. The ideal candidate has a strong background in Cybersecurity/Information Security, information technology audit execution and coordination, controls governance, and a deep understanding of Governance, Risk and Compliance programs. This role reports to the Director of Governance, Risk and Compliance (Information Security). Hybrid: 2‑3 days per week from the Tralee, Ireland office.
Responsibilities
Lead a portfolio of assessments for Cybersecurity, including Internal Audits, External Audits, Compliance Reviews, and regulatory exams such as US State, US Federal, and other Region‑specific Regulatory Exams. Enhance coordination efforts, address inefficiencies from previous years, and guide the ARM team.
Collaborate closely with 2LoD (Operational Risk) and 3LoD (Internal Audit) stakeholders, communicating audit requests and ensuring clear understanding of controls. Act as liaison with assessors, explaining controls, compensating controls, and evidence requirements.
Collaborate with stakeholders to identify continuous improvement opportunities in controls, processes, and procedures. Assist ARM Leadership in strategic program management.
Engage with auditors early in preliminary findings, review plausibility, and manage audit issues to closure. Draft formal management responses and provide periodic status updates to Information Security Management.
Apply strong knowledge of GRC practices to support Information Security’s adherence to frameworks such as FFIEC, COBIT, NIST, ISO, and U.S. regulatory expectations.
Qualifications and Skills
7+ years experience in Cybersecurity / IT Audit (Big‑4 or related financial services experience preferred) and/or Cybersecurity Risk, with active CISA and/or CRISC certification a plus.
7+ years experience working with common risk management frameworks, including RCSAs, control testing programs, and maturity assessments.
Experience strengthening adherence to organizationally defined Cybersecurity controls.
Experience executing control testing, reporting, and tracking control remediation.
Ability to influence senior management across the 1st, 2nd, and 3rd lines of defense.
Strong verbal and written communication skills.
Self‑motivated, disciplined learning approach.
Teamwork and leadership skills when needed.
Highly developed sense of personal accountability, with the ability to prioritize multiple tasks, projects, and goals.
Additional Requirements
SMBC requires employees to live within a reasonable commuting distance of the office. Hybrid work includes occasional home work days. SMBC provides reasonable accommodations for applicants with disabilities. If you need a reasonable accommodation during application, please contact accommodations@smbcgroup.com.
Seniority Level
Not Applicable
Employment Type
Full‑time
Job Function
Other
Industries
Banking, Financial Services, IT Services, IT Consulting
#J-18808-Ljbffr