GRC Sr Manager - Vice President

Role Description

SMBC is seeking a Cyber Governance, Risk and Compliance professional with 7+ years of experience and strong professional background in Cybersecurity/Information Security and Information Technology audit execution and coordination, controls governance, design, and operation, as well as a deep understanding of Governance Risk and Compliance programs and is interested in further developing their career with a fast growing and leading global bank. This role reports to the Director of Governance, Risk and Compliance (Information Security).

This role is hybrid, requiring 2-3 days of the week to be conducted from the Tralee, Ireland office.

The candidate would support the GRC Team: Audit and Regulatory Management (ARM). As a VP on the ARM Team, the candidate will primarily be leading the successful coordination of various assessments or assessment activities on behalf of Cybersecurity. These assessments may include, but are not limited to: Internal Audits, External Audits, Compliance Reviews, as well as US State, US Federal, and other Region-specific Regulatory Exams that SMBC must comply with regularly. The ARM VP will serve as a primary liaison between Cybersecurity and its assessors through the management of issue reporting, audit remediation activities including validation efforts, and the intendent evaluation of control design and operating effectiveness prior to the delivery of evidence to the assessors.

Please note this is NOT an auditor role, the ARM Team is a Cybersecurity function reporting through to the SMBC CISO. However, individuals with certifications or professional experience as an IT/Cyber/InfoSec auditor or similar background would be notable candidates.

Role Objectives

• Lead role for a portfolio of assignments; Lead the successful coordination of various assessments or assessment activities on behalf of Cybersecurity. These assessments may include, but are not limited to: Internal Audits, External Audits, Compliance Reviews, as well as US State, US Federal, and other Region-specific Regulatory Exams’; Familiarity with controls testing program delivery, including conducting walkthroughs, and supporting design and operating effectiveness testing. Enhance coordination efforts each year ensuring inefficiencies identified in previous years are actively addressed and improved. Direct & provide guidance to other members of the ARM team in the performance of their tasks .
• Collaborate closely with key stakeholders across the 2LoD (Operational Risk) and 3LoD (Internal Audit) as they undertake assessment / audits over Information Security controls;  Communicate effectively and timely with auditors where necessary to affirm their understanding of controls in place to ensure the audit testing approach is effective and their requests are appropriate and clear. Able to confidently & clearly articulate to auditors / stakeholders controls in place and identification of compensating controls; In turn be able to clearly explain the request to Evidence Providers or Control Owners outlining the risks controls being tested assisting them where necessary to ensure the correct artefact is provided (Please note this is NOT an auditor role – The  Cyber Governance, Risk and Compliance Manager will serve as the liaison with the Assessors )
• Collaborate with stakeholders to identify continuous improvement opportunities in Controls, Processes and Procedures. Assist ARM Leadership to strategically manage and develop the ARM program.
• Engage with auditors at early stage in preliminary findings to ensure completeness and accuracy of understanding Responsible for reviewing preliminary findings for plausibility engaging with Control Owners, Senior Management & Relevant Subject Matters Experts as applicable; Working with Service Providers Control Owners draft formal management responses to findings for Information Security management review with the expectation of minimal management oversight required; Manage and track audit issues to closure providing periodic status updates to Information Security Management
• Strong understanding of Governance, Risk and Compliance (GRC) practices to support Information Security’s adherence to authoritative frameworks (FFIEC, COBIT, NIST, ISO etc.) and U.S. regulatory expectations. Understanding of Information Security controls and associated risks

Qualifications and Skills

• 7 plus years experience in Cybersecurity / IT Audit (Big-4 experience or related financial services industry experience preferable) and/or Cybersecurity Risk (with active CISA and/or CRISC certification a plus) or other risk management and audit roles
• 7 plus  years of experience working with common risk management frameworks, including RCSAs, control testing programs and maturity assessments
• Experience working with Cybersecurity teams to strengthen their adherence to organizationally defined Cybersecurity controls.
• Experience executing control testing, reporting, and tracking control remediation
• Ability to influence responsible parties (including senior management) working in the 1st, 2nd, and 3rd lines of defense in conversations regarding Control compliance and remediation activities
• Have strong verbal and written communication skills.
• Ability to demonstrate a self-motivated and disciplined approach to learning and working.
• Ability to work in a team environment and demonstrate leadership skills when needed.
• Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple personal tasks, projects, and goals

Additional Requirements