Sumitomo Mitsui Banking Corporation (SMBC)
Threat Modeling Architect - Vice President
Sumitomo Mitsui Banking Corporation (SMBC), New York, New York, us, 10261
SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries.This role resides in the Cyber Resilience (COR) team within the SMBC Americas Division Information Security Office. CR's mission is to support 14 companies managing activities related to Cyber Resilience in accordance with applicable regulations, Firm policies, and industry best practices for Information Security and Operational Resilience.The Threat Modeling Architect VP will execute and mature a program that provides a visual representation of assets, controls, threat agents, trust zones, attack paths, and a list of potential attacks a threat agent may perform as well as related reporting documents and issue management. Additionally, responsibilities include participating in information technology, data management, cybersecurity, and operational resilience management across businesses. This includes regional resilience coordination and reporting of progress to executive leadership.Role Objectives
Facilitates the management of an enterprise Threat Modeling Assessment program to enhance maturity across the firm.Builds Threat Models of enterprise services to identify and refine the attack surface.Acts as a Cyber Resilience champion of the Threat Modeling Assessment program and serve a pivotal role in maturation efforts.Delivers reports that capture identified risks, controls, assets, trust zones, and enhancement requirements.Partners with stakeholders on Threat Modeling Assessment Issues to create action plans identified during fieldwork.Ability to prioritize engagements using a risk-based approach.Determines alignment of Cyber Resilience controls in practice with those from authoritative sources such as NIST SP 80053 and ISO 27002.Develops a deep knowledge of SMBC critical services and dependencies on technology, people, processes, and third parties.Understands the impact of cyber risks as it relates to both firm and industry-wide impacts to technical and security dependencies.Educates and provides subject matter expertise to support the business on cyber hygiene activities and enhancements based on business-related impacts.Qualifications and Skills
Deep understanding of enterprise architecture and security architectural elements as they relate to risks and controls.Well-versed in Cyber Resilience to include technology incident response and cyber risk practices.8 years of direct work experience within the financial services industry with a focus on security architecture as it relates to cyber threats.Working knowledge of business and cyber risk management processes and controls.Broad knowledge of cloud technologies; AWS/Azure certification a plus.Detail-oriented with proven ability to question the status quo and apply resilience activities.Strong organizational skills with proven ability to manage multiple concurrent priorities.Ability to communicate and work effectively in a matrixed environment.Strong analytical skills and attention to detail.Able to communicate technical issues to a non-technical executive audience.Foundational knowledge of banking laws and regulations.Maintain a business cyber threat mindset to understand underlying risks and weaknesses.Strong desire to continually deliver a quality and meaningful work product.Bachelor's degree in Computer Engineering, Computer Science, Information Systems, Cyber Security, Business Administration, or relevant experience.Certifications preferred: CCSP, Microsoft Certified Cybersecurity Architect Expert, Certified Network Defense Architect, CREST Registered Technical Security Architect.Additional Requirements
D&I Commitment: Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment.SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location.We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status, or any other characteristic protected by law.
#J-18808-Ljbffr
Facilitates the management of an enterprise Threat Modeling Assessment program to enhance maturity across the firm.Builds Threat Models of enterprise services to identify and refine the attack surface.Acts as a Cyber Resilience champion of the Threat Modeling Assessment program and serve a pivotal role in maturation efforts.Delivers reports that capture identified risks, controls, assets, trust zones, and enhancement requirements.Partners with stakeholders on Threat Modeling Assessment Issues to create action plans identified during fieldwork.Ability to prioritize engagements using a risk-based approach.Determines alignment of Cyber Resilience controls in practice with those from authoritative sources such as NIST SP 80053 and ISO 27002.Develops a deep knowledge of SMBC critical services and dependencies on technology, people, processes, and third parties.Understands the impact of cyber risks as it relates to both firm and industry-wide impacts to technical and security dependencies.Educates and provides subject matter expertise to support the business on cyber hygiene activities and enhancements based on business-related impacts.Qualifications and Skills
Deep understanding of enterprise architecture and security architectural elements as they relate to risks and controls.Well-versed in Cyber Resilience to include technology incident response and cyber risk practices.8 years of direct work experience within the financial services industry with a focus on security architecture as it relates to cyber threats.Working knowledge of business and cyber risk management processes and controls.Broad knowledge of cloud technologies; AWS/Azure certification a plus.Detail-oriented with proven ability to question the status quo and apply resilience activities.Strong organizational skills with proven ability to manage multiple concurrent priorities.Ability to communicate and work effectively in a matrixed environment.Strong analytical skills and attention to detail.Able to communicate technical issues to a non-technical executive audience.Foundational knowledge of banking laws and regulations.Maintain a business cyber threat mindset to understand underlying risks and weaknesses.Strong desire to continually deliver a quality and meaningful work product.Bachelor's degree in Computer Engineering, Computer Science, Information Systems, Cyber Security, Business Administration, or relevant experience.Certifications preferred: CCSP, Microsoft Certified Cybersecurity Architect Expert, Certified Network Defense Architect, CREST Registered Technical Security Architect.Additional Requirements
D&I Commitment: Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment.SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location.We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status, or any other characteristic protected by law.
#J-18808-Ljbffr