Vice President - Cybersecurity Audit Manager

Sumitomo Mitsui Banking Corporation•New York, NY

1d•Hybrid

About The Position

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges. In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd. The anticipated salary range for this role is between $152,000.00 and $190,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees. OverviewSMBC is seeking an experienced Audit Vice President with a minimum of 7 years’ experience in the banking and finance/technology industry to conduct audit coverage for the firm's cybersecurity and other related technology controls. Reporting to the Cybersecurity Audit Team Head, the Audit Vice President will be responsible for (i) conducting cybersecurity and other related technology audits, ensuring work is performed in accordance with IIA standards and Internal Audit Department (IAD) policies and procedures, and (ii) supporting the Cybersecurity Audit Team Head in the execution of their duties. In addition, they will (i) support IAD Management team in helping to identify areas of coverage for planning, development, implementation, and maintenance of an internal audit program covering cybersecurity and technology related areas across the Americas Division and (ii) conduct regular continuous monitoring activities covering cybersecurity and technology related risks and related processes and controls within a prescribed timeframe. This position will not have any direct reports. When acting as the Auditor in Charge, the individual will be assigned an audit team (2-4 individuals from both the North America and EMEA IT Audit teams) depending on the size and complexity of the audit.

Requirements

Minimum of 7 years of Cybersecurity/audit experience in the banking and/or technology industry.
Knowledge and experience in various Technology and Cybersecurity domains, e.g., Identity and Access Management, Vulnerability Management, etc.
Knowledge of cybersecurity related risks (i.e., Governance, Identify, Protect, Detect, Respond, Recover, Supply Chain, and Demand Management).
Knowledge of industry relevant standards (e.g., NIST, CRI) and related regulatory expectations (e.g., NYS DFS 500, FFIEC).
Knowledge of audit techniques, risk and internal controls assessment, and workpaper standards. Ability to manage and execute audits, from planning to audit closing.
Strong strategic thinking skills including the ability to identify and assess technology related risks.
Ability to act as trusted advisor to senior management using discretion and sound judgment in identifying, analyzing, and reporting results.
Excellent communication (both verbal and written), presentation and professional skills including the ability to interact effectively at all levels within the organization.
Enthusiastic and self-motivated, effective under pressure and willing to take personal responsibility/accountability.
Bachelor’s Degree in Information Technology, MIS, Finance, or related field.
Working knowledge of Microsoft Office Suite (Outlook, Excel, Word, PowerPoint).

Nice To Haves

Advanced degree is a plus.

Responsibilities

Conduct regular audits of cybersecurity and technology related areas assessing adherence to firm and regulatory requirements and assessing design, operating effectiveness and sustainability of associated controls.
Create audit issues and reports that clearly articulate results, conclusions and recommendations for review with senior audit management and auditees.
Challenge the ongoing coverage of cybersecurity and technology related areas and present ideas for improvement.
Facilitate risk issue tracking to promote timely remediation.
Track and validate closure of issues raised by IAD, external auditors, regulators, and self-identified by stakeholders, including recommending additional actions when necessary.
Work collaboratively with colleagues and auditees to identify risk concerns and agree reasonable solutions.
Forge strong partnerships with colleagues in other technology and control functions including legal, compliance, data security and risk management to promote front-to-back collaboration across risk assessment and findings remediation.
Partner with audit colleagues in other business verticals and/or geographies to share best practices and drive greater consistency. Seek out opportunities to engage with stakeholders outside of formal audit periods to drive deeper relationships.
Stay up-to-date with evolving industry/regulatory changes impacting the business and participate in appropriate control forums.
Conduct regular Continuous Monitoring activities and auditable entity updates.
Recognize the confidential nature of IAD communications and access to information; exercise discipline in protecting the confidentiality and security of information in accordance with IAD policies and procedures.