Cybersecurity Audit Associate

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG's shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization's extensive global network. The Group's operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

The anticipated salary range for this role is between $85,000.00 and $138, The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.

Overview
SMBC is seeking an experienced Audit Associate with a minimum of 3 years' experience in the banking and finance/technology industry to conduct audit coverage for the firm's cybersecurity and other related technology controls. Reporting to the Cybersecurity Audit Team Head, the Audit Associate will be responsible for (i) conducting cybersecurity and other related technology audits, ensuring work is performed in accordance with IIA standards and Internal Audit Department (IAD) policies and procedures, and (ii) supporting the Cybersecurity Audit Team Head in the execution of their duties. In addition, they will (i) support IAD Management team in helping to identify areas of coverage for planning, development, implementation, and maintenance of an internal audit program covering cybersecurity and technology related areas across the Americas Division and (ii) conduct regular continuous monitoring activities covering cybersecurity and technology related risks and related processes and controls within a prescribed timeframe.

Role Responsibilities

• Conduct regular audits of cybersecurity and technology related areas assessing adherence to firm and regulatory requirements and assessing design, operating effectiveness and sustainability of associated controls.
• Create audit issues and reports that clearly articulate results, conclusions and recommendations for review with senior audit management and auditees.
• Challenge the ongoing coverage of cybersecurity and technology related areas and present ideas for improvement.
• Facilitate risk issue tracking to promote timely remediation.
• Track and validate closure of issues raised by IAD, external auditors, regulators, and self-identified by stakeholders, including recommending additional actions when necessary.
• Work collaboratively with colleagues and auditees to identify risk concerns and agree reasonable solutions.
• Forge strong partnerships with colleagues in other technology and control functions including legal, compliance, data security and risk management to promote front-to-back collaboration across risk assessment and findings remediation.
• Partner with audit colleagues in other business verticals and/or geographies to share best practices and drive greater consistency. Seek out opportunities to engage with stakeholders outside of formal audit periods to drive deeper relationships.
• Stay up-to-date with evolving industry/regulatory changes impacting the business and participate in appropriate control forums.
• Conduct regular Continuous Monitoring activities and auditable entity updates.
• Recognize the confidential nature of IAD communications and access to information; exercise discipline in protecting the confidentiality and security of information in accordance with IAD policies and procedures.

Qualifications And Skills

• Minimum of 3 years of Cybersecurity/audit experience in the banking and/or technology industry.
• Knowledge and experience in various Technology and Cybersecurity domains, e.g., Identity and Access Management, Vulnerability Management, etc.
• Knowledge of cybersecurity related risks (i.e., Governance, Identify, Protect, Detect, Respond, Recover, Supply Chain, and Demand Management).
• Knowledge of industry relevant standards (e.g., NIST, CRI) and related regulatory expectations (e.g., NYS DFS 500, FFIEC).
• Knowledge of audit techniques, risk and internal controls assessment, and workpaper standards. Ability to manage and execute audits, from planning to audit closing.
• Strong strategic thinking skills including the ability to identify and assess technology related risks.
• Excellent communication (both verbal and written), presentation and professional skills including the ability to interact effectively at all levels within the organization.
• Enthusiastic and self-motivated, effective under pressure and willing to take personal responsibility/accountability.
• Bachelor's Degree in Information Technology, MIS, Finance, or related field. Advanced degree is a plus.
• Working knowledge of Microsoft Office Suite (Outlook, Excel, Word, PowerPoint).

SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know