SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.
In the Americas, SMBC Group has a presence in the US, Canada, Ireland, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.
SMBC is seeking an Audit & Regulatory Management (ARM) Senior Specialist who is highly interested in building his/her career as part of a dynamic team, the Audit & Regulatory Management (ARM) team, that specializes in the management of audit and regulatory requirements for the Information Security team at JRI-A. The main responsibility of the Audit & Regulatory Management (ARM) Senior Specialist is providing assistance and support to the ARM Team in the co-ordination & facilitation of audit responses from all audit sources on behalf of the Information Security department. This is to ensure right artifacts are gathered and audit requests are tracked and responded to on time; The ARM team act as the primary point of contact and actively manage all audits requests, ensuring the process if efficient and well-coordinated. Please note this is NOT an auditor role. However, individuals with an auditor/assessor or similar background would be notable candidates.
ARM is the process within Information Security Governance, Risk and Compliance (GRC) by which all reviews, exams and audits or other type of formally requested assurance over Information Security control effectiveness are managed, from initial point of contact through closure of the assessment. The Audit and Regulatory Management (ARM) team is responsible for facilitating and coordinating all assessment requests and activities in a systematic and efficient manner. The ARM team serves as the liaison between the Information Security team and the (External and Internal) Auditor. The ARM team manages all assessments for SMBC America’s Division.
- Monitoring & reviewing all logged Information Security audit requests to ensure they are responded to efficiently and on time
- Supporting the facilitation and coordination of audit activities including but not limited to interviews, documentation requests, artifact requests, logistical support for walkthroughs / meetings, facilitating follow up queries with various stakeholders and tracking status of all requested items. For some assessments, as directed by ARM Management, undertake the role of facilitator. Communicating effectively with evidence providers to ensure they understand the audit request; Communicating effectively with auditors to ensure that the request is clear.
- Reviewing the work of the ARM Specialist to ensure that evidence gathered is appropriate to move forward to the next stage of review
- Providing guidance as needed to the ARM Specialist to assist them and obtain the appropriate evidence
- Taking responsibility and ownership for certain sections of an Audit; For other sections, gathering required evidence, under the direction of the ARM Management; Preparing this for review and approval by ARM Management to ensure it is appropriate and accurate for submission
- This is a critical role in our audit response process that will involve meeting with auditors, compiling auditor requests, engaging with evidence providers, collecting evidence, and preparing this for review by ARM Management
- Develop a working knowledge and understanding of the information security controls and associated risks
- Maintaining the ARM Evidence Repository, which enables evidence to be leveraged for similar type audit requests for all audits across the firm. Ensuring repeatable evidence is stored and collected in advance where possible
- Ensuring the central ARM tool is maintained up to date to ensure meaningful information is available for ARM Management / Information Security Management
- Performing an active role in various ARM Projects that occur as we continuously seek to improve the ARM process; Such projects may involve enhancing current ARM tools, identifying and implementing new tools
- Ensuring adherence to the ARM Process & Standards; Working with the ARM team to continuously identify areas for improvement and implement these Educating Information Security team members in use of our ARM Tool by conducting training classes and socialization meetings
- Assist with other ARM activities requested by management, clients, auditors and regulators, as needed
- Possess working knowledge of information security controls, risks and best practices
- Possess working knowledge of IT Auditing - the core concepts, audit process, types of audit
- Possess working knowledge of Cyber Security regulations (e.g., NYS DFS Cybersecurity, GDPR, FCA) and information security best practices and industry frameworks (e.g., ISO27002, FFIEC, NIST)
- Have 2-5 years of Big-4 IT audit, other IT audit, assurance or consulting experience
- Possess a very high level of attention to detail
- Ability to demonstrate a self-motivated and disciplined approach to learning and working
- Ability to work independently and take ownership in starting and completing the tasks initiated and assigned
- Ability to lead in a team environment and demonstrate leadership skills
- Actively pursuit of or have designations in the information security and IT risk fields such as CISA, CISSP,
- CISM, CRISC.
- Education: B.S. or M.S. degree in Information Systems/Technology, Science or Engineering preferred; Exposure to and interest in the field of computer science, audit and associated subject matter
- Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple personal tasks, projects and goals.
- Possess strong verbal and written communication skills; Have strong computer literacy skills e.g. proficient in the use of Microsoft Office.
SMBC’s employees participate in a hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process.
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.