Sumitomo Mitsui Banking Corporation
Threat Modeling Architect - Vice President
Sumitomo Mitsui Banking Corporation, Voorheesville, New York, United States,
Threat Modeling Architect - Vice President
SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries.The anticipated salary range for this role is between $153,000.00 and $196,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.Role Description
This role resides in the Cyber Resilience (COR) team within the SMBC Americas Division Information Security Office. CR’s mission is to support 14 companies managing activities related to Cyber Resilience in accordance with applicable regulations, Firm policies, and industry best practices for Information Security and Operational Resilience.The Threat Modeling Architect VP will execute and mature a program that provides a visual representation of assets, controls, threat agents, trust zones, attack paths, and a list of potential attacks a threat agent may perform as well as related reporting documents and issue management. Additionally, responsibilities include participating in information technology, data management, cybersecurity, and operational resilience management across businesses.Role Objectives
Facilitates the management of an enterprise Threat Modeling Assessment program to enhance maturity across the firm.Builds Threat Models of enterprise services to identify and refine the attack surface.Acts as a Cyber Resilience champion of the Threat Modeling Assessment program and serve a pivotal role in maturation efforts.Delivers reports that capture identified risks, controls, assets, trust zones, and enhancement requirements.Partners with stakeholders on Threat Modeling Assessment Issues to create action plans identified during fieldwork.Ability to prioritize engagements using a risk-based approach.Determines alignment of Cyber Resilience controls in practice with those from authoritative sources such as NIST SP 80053 and ISO 27002.Develops a deep knowledge of SMBC critical services and dependencies on technology, people, processes, and third parties.Understands the impact of cyber risks as it relates to both firm and industry-wide impacts to technical and security dependencies.Educates and provides subject matter expertise to support the business on cyber hygiene activities and enhancements based on business-related impacts.Qualifications and Skills
Deep understanding of enterprise architecture and security architectural elements as they relate to risks and controls.Well-versed in Cyber Resilience including technology incident response and cyber risk practices.8 years of direct work experience within the financial services industry with a focus on security architecture as it relates to cyber threats.Working knowledge of business and cyber risk management processes and controls industry practices and frameworks (e.g., NIST 80053, ISO 27000 family).Broad knowledge of cloud technologies; AWS/Azure certification a plus.Detail-oriented with proven ability to question the status quo and apply resilience activities to enhance capabilities.Strong organizational skills with proven ability to manage multiple concurrent priorities.Ability to communicate and work effectively in a matrixed environment.Strong analytical skills and attention to detail.Able to communicate technical issues to a non-technical executive audience.Foundational knowledge of banking laws and regulations (e.g., FFIEC, BCBS, FCA, PRA, BoE).Strong desire to deliver quality and meaningful work in a timely manner.BABS in Computer Engineering, Computer Science, Information Systems, Cyber Security, Business Administration or demonstrated relevant industry background.CCSP, Microsoft Certified Cybersecurity Architect Expert, Certified Network Defense Architect, and other relevant certifications preferred.Additional Requirements
D&I Commitment: Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location.We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.
#J-18808-Ljbffr
SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries.The anticipated salary range for this role is between $153,000.00 and $196,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.Role Description
This role resides in the Cyber Resilience (COR) team within the SMBC Americas Division Information Security Office. CR’s mission is to support 14 companies managing activities related to Cyber Resilience in accordance with applicable regulations, Firm policies, and industry best practices for Information Security and Operational Resilience.The Threat Modeling Architect VP will execute and mature a program that provides a visual representation of assets, controls, threat agents, trust zones, attack paths, and a list of potential attacks a threat agent may perform as well as related reporting documents and issue management. Additionally, responsibilities include participating in information technology, data management, cybersecurity, and operational resilience management across businesses.Role Objectives
Facilitates the management of an enterprise Threat Modeling Assessment program to enhance maturity across the firm.Builds Threat Models of enterprise services to identify and refine the attack surface.Acts as a Cyber Resilience champion of the Threat Modeling Assessment program and serve a pivotal role in maturation efforts.Delivers reports that capture identified risks, controls, assets, trust zones, and enhancement requirements.Partners with stakeholders on Threat Modeling Assessment Issues to create action plans identified during fieldwork.Ability to prioritize engagements using a risk-based approach.Determines alignment of Cyber Resilience controls in practice with those from authoritative sources such as NIST SP 80053 and ISO 27002.Develops a deep knowledge of SMBC critical services and dependencies on technology, people, processes, and third parties.Understands the impact of cyber risks as it relates to both firm and industry-wide impacts to technical and security dependencies.Educates and provides subject matter expertise to support the business on cyber hygiene activities and enhancements based on business-related impacts.Qualifications and Skills
Deep understanding of enterprise architecture and security architectural elements as they relate to risks and controls.Well-versed in Cyber Resilience including technology incident response and cyber risk practices.8 years of direct work experience within the financial services industry with a focus on security architecture as it relates to cyber threats.Working knowledge of business and cyber risk management processes and controls industry practices and frameworks (e.g., NIST 80053, ISO 27000 family).Broad knowledge of cloud technologies; AWS/Azure certification a plus.Detail-oriented with proven ability to question the status quo and apply resilience activities to enhance capabilities.Strong organizational skills with proven ability to manage multiple concurrent priorities.Ability to communicate and work effectively in a matrixed environment.Strong analytical skills and attention to detail.Able to communicate technical issues to a non-technical executive audience.Foundational knowledge of banking laws and regulations (e.g., FFIEC, BCBS, FCA, PRA, BoE).Strong desire to deliver quality and meaningful work in a timely manner.BABS in Computer Engineering, Computer Science, Information Systems, Cyber Security, Business Administration or demonstrated relevant industry background.CCSP, Microsoft Certified Cybersecurity Architect Expert, Certified Network Defense Architect, and other relevant certifications preferred.Additional Requirements
D&I Commitment: Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location.We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law.
#J-18808-Ljbffr