SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC Rail Services LLC, Manufacturers Bank, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

The anticipated salary range for this role is between $100,000.00 and $176,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.

Role Description

SMBC is seeking a Audit & Regulatory Management (ARM)Manager who is highly interested in building his/her career as part of a dynamic team, the Audit & Regulatory Management (ARM) team, that specializes in the management of audit and regulatory requirements for the Information Security team at JRI-A.

The ARM Manager will be a hands-on manager who can successfully execute the ARM process, and lead team members to follow the process. The ARM Manager will manage ARM assessments and will assume the lead role on an audit / multiple sections of a larger audit throughout the year; They will be the lead point of contact and will be responsible for the coordination & facilitation of the audit / section from start to finish, ensuring the process is efficient and well co-ordinated; The ARM Manager will actively manage all audit requests, ensuring right artifacts are gathered and audit requests are tracked and responded to on time; The ARM Manager will be responsible for the successful management of the relationship between the stakeholders throughout the process. The ARM Manager will be responsible for all related ARM activities associated with the audit / sections for which they are managing.

Please note this is NOT an auditor role. However, individuals with an auditor/assessor or similar background would be notable candidates

Role Objectives

• Lead role for a single audit or full responsibility for multiple sections across a group of audits; Responsible for the co-ordination & facilitation of the audit / section from start to finish, ensuring the process is efficient and well coordinated; Actively manage all audit requests, ensuring right artifacts are gathered and audit requests are tracked and responded to on time; Responsible for the assigning and reviewing of work of junior team members. Responsible for the timely implementation of escalation to ensure deliverables stay on track.

• Manage the facilitation and co-ordination of audit activities including but not limited to interviews, documentation requests, artifact requests, logistical support for walkthroughs / meetings, facilitating follow up queries with various stakeholders and tracking status of all requested items.

• Communicate effectively and timely with auditors where necessary to affirm their understanding of the controls in place to ensure the audit testing approach is effective & their requests are appropriate and clear; In turn, be able to explain clearly the request to Evidence Providers, outlining the risks / controls being tested, assisting them where necessary, to ensure the correct artefact is provided in response to the request.

• Able to confidently & clearly articulate to auditors / stakeholders the key controls in place and identification of compensating controls; Be able to defend and advocate these controls to auditors;

• Responsible for the appropriate management of audit findings; Engage with auditors at an early stage in preliminary findings to ensure completeness and accuracy of understanding; Responsible for reviewing preliminary findings for plausibility & reasonability, engaging with the Control Owners / Senior Management / Relevant Subject Matters Experts as applicable. Responsible for providing further information / evidence to the auditor, which may result in the preliminary finding being revised or removed. Responsibility for drafting formal management responses to findings for Information Security management review with the expectation of management oversight required. Assisting with audit remediation and tracking on any findings, working closely with Information Security team

• Maintaining the ARM Evidence Repository, which enables evidence to be leveraged for similar type audit requests for all audits across the firm. Ensuring repeatable evidence is stored and collected in advance where possible.

• Promote use of the central ARM tool, providing information to enable it be maintained up to date; Review of dashboard metrics to ensure information is up to date and accurate to ensure meaningful information is available for ARM Management / Information Security Management.

• Take an active role in projects designed to expand and ensure continuous improvement in the ARM Program; Lead certain aspects of the project; Take ownership for directing the ARM Specialist / ARM Senior Specialist in the performance of their tasks as part of the project.

• Ensuring adherence to the ARM Process & Standards; Working with the ARM team to continuously identify areas for improvement and implement these.

• Create professional training materials on ARM Process and Tools and lead initiatives to educate Information Security team members by conducting the classes and socialization meetings;

• Provide direction to ARM Specialist / ARM Senior Specialist in the assignment and completion of their tasks; lead new graduate recruitment efforts.

• Complete independently ARM activities requested by management, clients, auditors and regulators, as needed.

• Continuously ensure professional development eg. attend technical training courses, pursue related professional qualifications;

Qualifications and Skills

• Possess working knowledge of information security controls, risks and best practices;

• Possess working knowledge of IT Audit - the core concepts, audit process, types of audit

• Possess working knowledge of Cyber Security regulations (e.g., NYS DFS Cybersecurity, GDPR, FCA) and information security best practices and industry

• frameworks (e.g., ISO27002, FFIEC, NIST);

• Have 5 plus years of Big-4 IT audit, assurance or consulting experience (nice to have);

• Excellent attention to detail

• Ability to demonstrate a self-motivated and disciplined approach to learning and working;

• Ability to work independently and take ownership in starting and completing the tasks initiated and assigned;

• Ability to lead in a team environment and demonstrate leadership skills;

• Have strong verbal and written communication skills; Have strong computer literacy skills e.g. proficient in the use of Microsoft Office

• Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple personal tasks, projects and goals.

Additional Requirements

D&I Commitment

Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.

SMBC’s employees participate in a hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.