Campus Pride Jobs

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

The anticipated salary range for this role is between $300,000.00 and $375,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.

Role Description

SMBC is seeking an experienced Managing Director to lead our strategic Cybersecurity Data and Business Management initiatives. This executive level position will report to the Chief Information Security Officer (CISO), whom is responsible for all aspects of Information Security, Cyber Risk Management and Security Operations.

The Cybersecurity Strategic Data and Business Management role is responsible for driving the security and risk data management strategy, development and execution across the Americas Division (AD), and for delivery as a shared service to the EMEA region.

Role Objectives

Strategic Leadership

Act as the Local Data Officer for cybersecurity across all AD entities covering all aspects of the Information Security and the Cyber Risk program. Specific components include Data Ingestion & Lifecycle Management, Metrics, Analytics, Data Controls Framework, and Visualization & Reporting. Deliver data-driven solutions and build collaborative relationships across all AD entities that aligns with SMBC’s business objectives.

Stakeholder Management (Cross-Functional Data Liaison)

Act as the primary point of contact between Information Security, Compliance, Risk, Technology, HR and Legal teams for data programs and strategic data initiatives. Foster a culture of collaboration and shared accountability across these functions. Build relationships with key stakeholders across the organization, including executive leadership, business unit leaders, and external partners, to ensure collaboration and transparency in Data Governance and Risk Management efforts.

Work across Data Management Executives, Local Data Officers, Data Stewards and Data Owners to properly govern Information Security data, ensuring consistent use of fit for purpose data. Align with Technology & Data teams in other departments or disciplines to share best practices and collaborate on cross-divisional or cross-regional data initiatives as appropriate.

Role Objectives Continued

Metrics and Reporting Data program

The role will include establishing and managing data requirements and analysis in support of all levels of metrics from operational teams to the Board including support for the Cyber Business Management function financial analysis and reporting.

Partner with our stakeholders across the firm to establish data governance surrounding Cyber data. Develop scorecards, dashboards and visualization tools to effectively communicate risk information to CISO, senior management, and the wider community of users who rely on Information Security data. Build a centralized Risk Data repository for metrics and analytics across the organization that can be used for internal and regulatory reporting. Prepare regular reports for executive leadership and the Board of Directors on Information Security performance and cybersecurity risks.

Create key metrics and controls (KPIs, KRIs and KCIs) to measure the effectiveness of governance, risk, and information security programs. Create automated monitoring and Quality Control metrics to analyze the health of our Information Security data. Ensure alignment of these quantitative and qualitative metrics to our internal Technology controls that are tied to our Risk Management frameworks. Analyze the Controls framework to ensure consistent data coverage and highlight gaps utilizing Cyber data for areas of improvement.

Insider Risk Data program

Insider risk and threat hunting initiatives are essential for protecting SMBC from internal threats that could jeopardize security, data integrity, or operational efficiency. They identify, assess, and mitigate risks posed by employees, contractors, and others within the firm to ensure that threats are managed proactively.

The role will be instrumental in developing and implementing information management best practices and technology data solutions for the AD/EMEA Insider Risk Program. Establish and manage new data initiatives in partnership with Legal, Compliance, Fraud and Information Security to support the newly established Insider Risk Program.

Define the scope of the Insider Risk program and develop its data framework that aligns with the existing procedures and controls for detecting internal threats (i.e., SIEM, DLP). Establish a User Statistics data repository and cadence for processing Insider Risk data in concert with the Metrics and Reporting program.

Create metrics to measure the effectiveness of the Insider Risk program such as user incidents, phishing, vulnerabilities, security violations, unauthorized access and develop a strategy for remediation (i.e. reduction of entitlements, additional training, etc.). Partner with Compliance, Human Resources and Legal to develop an Insider Threat Accountability procedure as part of the Conduct Management function that users need to acknowledge annually. Implement insider threat awareness training programs focusing on recognizing and reporting potential insider threats. Create user metrics to analyze effectiveness pre- and post-training.

Qualifications and Skills

The role will include specific responsibilities such as:

• Bachelor's degree or equivalent, CISSP or other relevant security certification.

• Minimum of 15 years of experience in Information Security, Technology or Technology Risk organizations within the finance sector, including significant leadership experience managing technology teams globally. Ability to manage large teams (25+ member) is a plus.

• Extensive experience in a combination of information security, cyber risk and IT jobs related to data management, risk management and security best practices in a highly regulated industry, preferably financial services.

• Must have a track record of successful data management, project management and financial management skills in order to effectively manage several priority projects at the same time with a sense of urgency.

• Strong experience in SQL queries generation and understanding of relational databases (SQL Server preferred). A database development background writing complex stored procedures and views is preferred. Experience with database design as well as using data modeling tools are a plus.

• Self-starter and problem solver, strong leadership, business acumen and ability to effectively drive projects and provide thought leadership across multidisciplinary stakeholder groups.

• Strong problem solving and analytical skills, with the ability to think critically and develop creative solutions. Possess a results-oriented attitude and can lead in an independent and collaborative manner.

• High level of professionalism, discretion, and judgement in dealing with confidential and sensitive information.

• Possess executive level communication skills and the ability to resolve issues, build consensus amongst diverse groups with a proven skill in negotiating and mediating conflict resolution.

• Proven track record developing and implementing a comprehensive data program including policies and procedures for both corporate and consumer banking environments.

• Current knowledge of common information security management frameworks, such as NIST CSF, CIS Critical Security Controls, and CRI Profile.

• Knowledge of relevant legal and regulatory requirements related to information security in the financial services sector. Ability to translate those into practice to ensure compliance and effective reporting.

• Strong ability to articulate technical concepts to non-technical business owners and management and effectively communicate security issues to developers.

• Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.

• Excellent written and verbal communication skills and high level of personal integrity.

Additional Requirements

MD Risk Guidance

Establish and adhere to policies, procedures, and processes that include line of business risk limits, management supervision standards and reporting (including escalation), to ensure that risks associated with the LOB's activities are effectively identified, measured, monitored, and controlled, consistent with the organizational risk appetite statement, concentration risk limits, and policies established within the enterprise risk management framework.

D&I Commitment

Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.

SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.