Head of IT Assurance Director
White Plains, NY, US, 10601
SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.
In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.
The anticipated salary range for this role is between $180,000.00 and $219,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.
Role Description
Finance Control Oversight (“FCO”) IT Assurance Director leads IT assessments for SMBC Combined US Operations entities (“CUSO”) in the areas of internal control over financial reporting (“ICFR”) and regulatory reporting quality assurance (“RRQA”). FCO is within SPDAD FAD Controllers. In addition, the IT Assurance Director supports broader FCO assessment activities by evaluating technology, data, and information governance controls that support financial reporting, regulatory reporting, capital planning, and other Finance risk management initiatives.
FCO IT Control’s work is focused on the following primary activities:
- Evaluating internal control environment in IT general control and application and making recommendations;
- Taking a leadership role with the CUSO entities’ IT controls to comply with the U.S. and Japan Sarbanes-Oxley Act (collectively “SOX”);
- Performing and updating periodic IT risk assessments and communicating to management;
- Developing FCO IT control policies and procedures;
- Assisting SMBC’s independent auditor with their annual audit; and
- Performing various other consulting and special projects.
Responsibilities
The IT Assurance Director is responsible for drafting the annual IT assessment plan and managing IT audit execution of significant components of it. The IT Assurance Director will:
- Coordinate the annual risk assessment, collecting input from senior management and assessing SMBC Americas Division (“AD”)/CUSO’s strategic initiatives and changes in the business and IT, and document ITGC assessment approach to the identified risks.
- Develop and the execute the risk-based IT assessment plan.
- Plan and develop IT assessment programs (including IT entity level control, access control, system development/change, IT operations, cybersecurity and IT application - IPE and data quality);
- Manage the annual IT assessments (including SOX testing) for SMBC AD/CUSO to meet timeline commitments. Ensure that all assessment steps meet objectives and are completed and reviewed on schedule.
- Review internal control testing of IT Controls for quality assurance;
- Understand and assess the IT system flows, technology risks, and the related controls supporting the business processes. Identify gaps and inefficiencies in the IT environments and provide recommendations to close those gaps and improve process efficiencies;
- Evaluate control exceptions to determine if a deficiency exists and the level of that deficiency. Discuss issues with management to agree on risks and remediation needed;
- Communicate findings and recommendations to all levels of departmental and operating unit management verbally and through concisely written reports;
- Supervise staff and review their work to ensure it meets the standards of the FCO Policies and Procedures;
- Develop and foster strong professional relationships within SMBC AD/CUSO.
- Build the department’s standing and credibility throughout SMBC AD/CUSO; and
- Take a proactive role in departmental continuous improvement initiatives.
Qualifications and Skills
The IT Assurance Director is expected to have the following, but not limited to:
- The ability to interact and collaborate with subordinates, peers, and senior management in a professional and partnering manner and instill confidence that will influence decision making.
- Expert decision making is expected on complex, technical issues. Typically, these will entail technology and control issues as well as other issues such as organizational development. Position will participate in the decision-making process for department and company-wide policies.
- Position is expected to identify and resolve issues as they arise.
- Position will be responsible for determining the need for and directly managing external resources that are engaged for projects.
We would like to see candidates who have the following qualifications;
- Bachelors degree in information systems, accounting, or equivalent.
- 15+ years of professional audit experience in public accounting, internal audit, and/or consulting and a strong technology background.
- CPA and CISA certification or comparable certification.
- Expert knowledge of COBIT, IT general controls and applications, and data governance framework of DCAM.
- Working knowledge of various technologies, applications, operating systems, and databases.
- Expert understanding of current cybersecurity risks and trends.
- Expert understanding of the system development lifecycle and the business risks associated with system implementations.
- Demonstrated project management skills.
- Demonstrated communication skills (verbal, writing, presentation) and
- Executive management presence.
Additional Requirements
SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.
SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.
Nearest Major Market: White Plains
Nearest Secondary Market: New York City