GRC Specialist - Associate (Remote)

Role Description

SMBC is seeking a 1st Line of Defense - Security Risk Management (SRM) Associate who has a strong passion for Information Security risk management and is interested in building a career at a fast growing and reputable Bank. The SRM Associate will assist with various information security risks and controls assessments. They will be given opportunities to participate in information security risk management projects and will play a key role in the expanding information security risk management practices in the Bank and in the Bank’s various group companies. This role will report to the Head of Security Risk Assessments. SMBC is open to hiring a remote employee for this role. 

Role Objectives

• Independently complete information security risk assessment activities such as self-assessments requested by clients and regulators, as needed.
• Continuously enhance and streamline processes and technology in the information security risk management space.
• Interface with other risk departments of the Bank to collaborate on Business as Usual (BAU) activities or projects.
• Understand information security controls and associated risks and articulate the risks and controls to both technical and business stakeholders.
• Prioritize and complete internal and external risks assessments as required, including negotiating with stakeholders on requests and responses as needed.
• Thoroughly understand the various security risk management policies and procedures to perform risk assessments and to educate new/existing stakeholders when policies and procedures change.
• Assist with periodically reviewing and updating information security policy documents.
• Perform risk assessments on new and existing applications and take actions on the relevant risk treatments such as issue remediations or risk acceptances upon consultation of the senior risk team members.
• Assist stakeholders with understanding assessment control questions, identifying compensating controls.
• Simplify and explain risks associated with control gaps by articulating technical controls, risks, impacts and likelihood in business and layman's terms.
• Support risk management tooling such as assessment tools and the risk register.

Qualifications and Skills

• Basic knowledge of information security controls, risks, and best practices in the banking industry.
• Basic knowledge of commonly used banking applications, operating systems, and databases.
• Basic knowledge of cloud-based applications and tools.
• Basic knowledge of cyber security and information security best practices and industry frameworks, e.g., NYS DFS Cybersecurity, GLBA, CCPA/CPRA, ISO27001, NIST CSF/800-53, SWIFT Customer Security Program (CSP), Center for Internet Security.
• Have strong verbal and written communication skills.
• Ability to demonstrate a self-motivated and disciplined approach to learning and working.
• Ability to work in a team environment and demonstrate leadership skills when needed.
• Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple personal tasks, projects, and goals.
• 3+ years of experience

Additional Requirements