Technology Risk Vice President
About The Position
The Risk VP role supports the operationalization of the Information Technology (IT) and Cybersecurity risk management framework for the SMBC Group Americas Division (AD), in accordance with applicable regulations, home office policies and industry practices for risk management. The Risk Management Department (RMDAD) is the second line of defense in its role of monitoring and assessing business practices as related to the risk appetite framework for SMBC. Within the RMDAD, the Tech, Data and Cyber Risk Oversight (TDCRO) establishes technology, data and cyber risk management policies and framework with defined roles and responsibilities across first and second lines. The Technology Risk VP is responsible for providing second line review and challenge as part of the framework execution.
Requirements
- Well-versed in technology & cyber risk and resilience practices with the ability to connect and align with the firm’s operational risk management processes and operational resilience framework
- 5+ years of direct work experience within the financial services industry, focused on IT risk management, regulatory/audit, information technology and cybersecurity experience
- Foundational knowledge of enterprise risk management industry practices including project management, and risk control self-assessments
- Subject matter expertise in two or more Tech/Cyber/Data programs (e.g., SDLC, application security, IT asset management, Data Management)
- Working knowledge of technology, cyber and data risk management process and controls, industry practices and framework (e.g. NIST, ISO, COBIT).
- Board committee reporting experience with strong writing skills and attention to detail
- Strong organizational skills, with proven ability to successfully manage multiple, concurrent priorities. Ability to work effectively in a matrixed environment and across various organizational levels, where flexibility, collaboration, and adaptability are important
- Foundational knowledge of Tech/Cyber or Data Management regulatory guidance/regulations
- Strong desire to continually deliver a quality and meaningful work product in a timely and efficient manner
- Bachelor’s/University degree
Nice To Haves
- Master’s degree preferred
- CISA, CISM, CISSP, or other IT risk/IT security certifications preferred
Responsibilities
- Supports the Head of TDCRO in ensuring IT, data management, and cybersecurity risks are adequately governed, managed and controlled
- Supports the review and challenge of the 1st LOD risk identification, assessment, mitigating activities, and overall operational risk profile as it relates to IT, data management and cybersecurity risks
- Provides review and challenge on IT, data management and cybersecurity policies, standards, control framework, risk metrics/indicators, risk and control self-assessment (“RCSA”)
- Understands changes related to regulatory, new product/initiative, processes, controls, events, issues, etc., in the IT, data management and cybersecurity that may impact the operational risk profile of the bank
- Prepare IT, data management and cybersecurity risk reporting for risk committee and support management on board-level oversight
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
5,001-10,000 employees
