Director - Technology, Data and Cyber (TDC) Risk Validation

Role Description

The Director of TDC Risk Validation role supports the development, maintenance and independent validation of the Information Technology (IT), Cybersecurity and Data risk management frameworks for the SMBC Group Americas Division (AD), in accordance with applicable regulations, home office policies and industry practices for risk management.

The Risk Management Department (RMDAD) is the second line of defense in its role of independently monitoring and assessing business practices as related to the risk appetite framework for SMBC. Within RMDAD, Tech, Data and Cyber Risk Oversight (TDCRO) establish technology, data and cyber risk management policies and framework with defined roles and responsibilities across first and second lines and provides independent challenge and validation of first line risk management execution. The Director is responsible for managing second line oversight areas that holistically impact tech, data, and cyber risk disciplines, including frameworks, policies, procedures, methodology, independent validation approach, risk reporting, etc. 

Role Responsibilities:

•    Maintains second line risk frameworks, policies, procedures, standards and methodologies across technology, cyber, artificial intelligence (AI) and data risk.
•    Leads independent validation and effective challenge of first line TDC risk management execution, including design and operating effectiveness assessments and issue tracking through closure.
•    Defines and enables TDC risk tooling strategy.
•    Performs insight generation of first line programs to enable independent monitoring, challenge, and validation activities. Transforms tech, cyber, data, AI risk reporting from static reporting to insight-driven, forward looking risk assessment using Power BI, Tableau, or similar tools. 
•    Manages TDC risk working group, committees, materials, and risk metrics reporting. 

Expertise and Qualifications

•    Well-versed in technology & cyber risk management practices with the ability to connect and align with the firm’s enterprise risk and operational risk management processes.
•    Extensive working experience in risk committee and board-level reporting.
•    10+ years of direct work experience within the financial services or technology industries, focused on risk management, control testing and validation, regulatory & audit. 
•    Foundational knowledge of enterprise, operational and technology risk management practices. 
•    Experience and proficiency utilizing Power BI, Tableau, or similar visualization / dashboarding tools to design forward-looking risk dashboards. 
•    Direct experience (or strong proficiency) in data storytelling, integrating analytics, visualization, and business context to develop board‑level risk narratives that inform strategic decision‑making.
•    Direct experience with Power BI, Tableau, or similar tools to design and develop risk dashboards; experience building KRIs, KCIs, or KPIs is a plus.
•    Working knowledge of technology, cyber and data risk management processes, controls, industry practices, and framework (e.g., NIST CSF, ISO, ITIL, COBIT, BCBS 239).
•    Strong organizational skills and detail oriented with ability to manage concurrent priorities.
•    Bachelor’s/University degree, master’s degree preferred.
•    Power BI, Tableau, and CISA/CISM/CISSP/ CRISC certifications preferred.