SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

 

In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

 

The anticipated salary range for this role is between $143,000.00 and $185,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.

Role Description

SMBC is seeking an Audit & Regulatory (ARM) Senior Manager who continues to build his/her career as part of a dynamic team, the Audit & Regulatory Management (ARM) team, that specializes in the co-ordination & management of audit and regulatory requirements for the Information Security team at JRI-A. The ARM team is the primary point of contact for Information Security related audits, and it actively manages all audit and issue closure requirements to ensure the process is efficient and well-coordinated.

 

The ARM Senior Manager will be a hands-on manager who can independently and successfully execute the ARM process, and lead team members (as needed) to follow the process. The ARM Senior Manager will manage multiple ARM assessments and will assume the lead role for an assigned suite of audits; more complex, large scope audits will be included within this portfolio.  They will be the lead point of contact and will be responsible for the co-ordination & facilitation of the audit from start to finish, ensuring the process is efficient and well-coordinated. The ARM Senior Manager will actively manage all audit requests, ensuring right artifacts are gathered and audit requests are tracked and responded to on time and be responsible for all related audit activities. In addition, they will be responsible for the successful management of the relationship between the stakeholders throughout the process. Please note this is NOT an auditor role. However, individuals with an auditor/assessor or similar background would be a plus.

Role Objectives Lead role for single large complex audit and or full responsibility for multiple smaller audits Responsible for coordination facilitation of audits from start to finish ensuring process is efficient and well coordinated Actively manage all audit requests ensuring right artifacts are gathered and audit requests are tracked and responded to on time Responsible for the timely escalation to ensure deliverables stay on track and be able to prioritized tasks as needed Manage facilitation and coordination of audit activities including but not limited to interviews documentation requests artifact requests logistical support for walkthroughs meetings facilitating follow up queries with various stakeholders and tracking status of all requested items Provide periodic status updates and timely feedback to Management Enhance coordination efforts each year ensuring inefficiencies identified in previous years are actively addressed and improved Communicate effectively and timely with auditors where necessary to affirm their understanding of controls in place to ensure the audit testing approach is effective and their requests are appropriate and clear In turn be able to clearly explain the request to Evidence Providers Control Owners outlining the risks controls being tested assisting them where necessary to ensure the correct artefact is provided Responsible for assigning work to junior staff when needed and reviewing and approving evidence submission following the ARM Process This is a critical role in our audit response process to ensure that the evidence submitted to the auditors successfully meets the audit request Articulate to auditors stakeholders comfortably and independently the key controls in place and identification of compensating controls be able to defend and advocate for these controls to auditors Responsible for the appropriate management of audit findings Engage with auditors at an early stage in preliminary findings to ensure completeness and accuracy of understanding Manage preliminary audit findings Engage with auditors at early stage in preliminary findings to ensure completeness and accuracy of understanding Responsible for reviewing preliminary findings for plausibility reasonability engaging with Control Owners Senior Management Relevant Subject Matters Experts as applicable Responsible for providing further information evidence to the auditor which may result in the preliminary finding being revised or removed Working with Service Providers Control Owners draft formal management responses to findings for Information Security management review with the expectation of minimal management oversight required Manage and track audit issues to closure providing periodic status updates to Information Security Management Provide guidance in the creation maintenance development and improvement of ARM Evidence Repository that allows the team to leverage existing evidence for similar requests Enforce adherence to ARM Process Standards Work with the rest of the ARM team to continuously identify areas for improvement document and implement these Share with ARM team best practices of ARM activities and processes and take lead role in rolling out improved process Ensure department procedures and guidelines are up to date reflecting current practices and update accordingly When assigning tasks to junior staff as needed ensure their understanding and perform review of assigned work Assist in development and growth of ARM staff Lead projects designed to expand and ensure continuous improvement in the ARM Program Take ownership for directing and assisting other members of the ARM team in the performance of their tasks as part of the project Take initiatives and provide leadership solutions in improving processes for a better experience for the business Qualifications and Skills Bachelors degree in Information Technology Information Security or related field Have 7 plus years of IT audit Big 4 preferable assurance or consulting experience Have designations in the information security and IT risk fields such as CISA CISSP CISM CRISC Possess strong knowledge of General IT Controls risk and best practices especially in relation to Information Security Possess strong knowledge of IT Auditing  the core concepts audit process types of audits Possess strong knowledge of Cyber Security regulations eg NYS DFS Cybersecurity GDPR FCA and information security best practices and industry frameworks eg ISO27002 FFIEC NISTDetailed thorough diligent technical ability with good analytical skills a customer service mindset Strong written verbal and interpersonal communication skills must be able to clearly articulate a point and be a persuasive communicator Ability to demonstrate a selfmotivated and disciplined approach to learning and working Ability to display initiative and innovation independently manage ARM assessments including all related ARM activities from start to finish Ability to take ownership of complex tasks drive projects forward for timely completion Must have excellent time manageability skills should be able to prioritize multitask and manage multiple projects simultaneously Additional Requirements

D&I Commitment

Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.

SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.