Sumitomo Mitsui Banking Corporation (SMBC)
AD IT - Functional Control Officer (Vice President)
Sumitomo Mitsui Banking Corporation (SMBC), White Plains, New York, United States,
SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG's shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.
In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization's extensive global network. The Group's operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.
The anticipated salary range for this role is between $144,000.00 and $180,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.
Role Description
The IT Functional Control Officer (FCO) is an essential role established to implement a consistent set of controls across Group Companies that comprise the Americas Division of Sumitomo Mitsui Banking Corporation (SMBC). The IT FCO will be responsible for managing compliance and operational risk associated with key Information Technology (IT) Programs in SMBC Americas Division (AD). In this role you will leverage your prior Information Technology subject matter expertise to guide the group company IT functions towards becoming compliant with the required controls related to the corresponding Information Technology Programs (e.g., Change Management, Incident Management, Service Continuity, Program and Project Management, IT Operations, IT Asset Management, etc.). The FCO will help design and implement controls to support adherence to the Bank's policies, standards, and procedures. Additionally, the FCO will validate control remediation efforts and verify, through testing and periodic reviews that these controls meet their design, are operating effectively and sustainably. As an AD Technology IT Controls team member, you will also assist other team members as they work towards control officer responsibilities as part of the Operational Risk Management Framework. Role Objectives
Strong understanding of Governance, Risk and Compliance (GRC) practices to support Information Technology's adherence to authoritative frameworks (FFIEC, COBIT, NIST, etc.) and U.S. regulatory expectations. Ability to proactively identify self-identified issues (SIIs) and support IT staff in remediation activities to improve operational efficiency. Familiarity with controls testing program delivery, including conducting walkthroughs, developing control test scripts, and supporting design and operating effectiveness testing. Support Risk and Control Self-Assessments (RCSAs) for Information Technology Risks and Controls that support business departments. Regular review of Policy Relevant Documents (PRDs) for annual revisions and amendments to address identified gaps in coverage or roles and responsibilities. Collaborate with key stakeholders across the 2LoD (Operational Risk) and 3LoD (Internal Audit) for adherence to the Operational Risk Management Framework and remediating Audit Control Remediations and regulatory findings. Leverage experience in key IT programs (e.g., Change Management, Incident Management, Software Development and Lifecycle Management) to recommend process improvements and best practices as part of BAU responsibilities. Conduct periodic status meetings with AD management and/or Group Company primary contacts, including senior management, to provide updates, ascertain remediation status and address any remediation concerns. Qualifications and Skills
5-10 years of Information Technology experience, with focus on experience in the financial services industry. 5-10 years of experience in a 1LoD role or other risk management and audit roles. 5-10 years of experience working with common risk management frameworks, including RCSAs, control testing programs, and maturity assessments. 5-10 years of experience in developing and/or reporting Key Risk and Performance Indicators. Experience working within SDLC, Program and Project Management, and IT Operations (Capacity Management, Configuration Management, etc.) a plus. Experience in IT Audit and/or IT Risk (with active CISA and/or CRISC certification a plus). Experience working with IT teams to strengthen their adherence to organizationally defined IT controls. Experience executing control testing, reporting, and tracking control remediation. Ability to influence responsible parties (including senior management) working in the 1st, 2nd, and 3rd lines of defense in conversations regarding AD IT Control compliance and remediation activities. Excellent verbal and written communication skills with ability to articulate concepts and ideas to diverse audiences. Able to work well autonomously as well in a team with group company IT teams. Additional Requirements
D&I Commitment Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent. SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required. We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.
#J-18808-Ljbffr
The IT Functional Control Officer (FCO) is an essential role established to implement a consistent set of controls across Group Companies that comprise the Americas Division of Sumitomo Mitsui Banking Corporation (SMBC). The IT FCO will be responsible for managing compliance and operational risk associated with key Information Technology (IT) Programs in SMBC Americas Division (AD). In this role you will leverage your prior Information Technology subject matter expertise to guide the group company IT functions towards becoming compliant with the required controls related to the corresponding Information Technology Programs (e.g., Change Management, Incident Management, Service Continuity, Program and Project Management, IT Operations, IT Asset Management, etc.). The FCO will help design and implement controls to support adherence to the Bank's policies, standards, and procedures. Additionally, the FCO will validate control remediation efforts and verify, through testing and periodic reviews that these controls meet their design, are operating effectively and sustainably. As an AD Technology IT Controls team member, you will also assist other team members as they work towards control officer responsibilities as part of the Operational Risk Management Framework. Role Objectives
Strong understanding of Governance, Risk and Compliance (GRC) practices to support Information Technology's adherence to authoritative frameworks (FFIEC, COBIT, NIST, etc.) and U.S. regulatory expectations. Ability to proactively identify self-identified issues (SIIs) and support IT staff in remediation activities to improve operational efficiency. Familiarity with controls testing program delivery, including conducting walkthroughs, developing control test scripts, and supporting design and operating effectiveness testing. Support Risk and Control Self-Assessments (RCSAs) for Information Technology Risks and Controls that support business departments. Regular review of Policy Relevant Documents (PRDs) for annual revisions and amendments to address identified gaps in coverage or roles and responsibilities. Collaborate with key stakeholders across the 2LoD (Operational Risk) and 3LoD (Internal Audit) for adherence to the Operational Risk Management Framework and remediating Audit Control Remediations and regulatory findings. Leverage experience in key IT programs (e.g., Change Management, Incident Management, Software Development and Lifecycle Management) to recommend process improvements and best practices as part of BAU responsibilities. Conduct periodic status meetings with AD management and/or Group Company primary contacts, including senior management, to provide updates, ascertain remediation status and address any remediation concerns. Qualifications and Skills
5-10 years of Information Technology experience, with focus on experience in the financial services industry. 5-10 years of experience in a 1LoD role or other risk management and audit roles. 5-10 years of experience working with common risk management frameworks, including RCSAs, control testing programs, and maturity assessments. 5-10 years of experience in developing and/or reporting Key Risk and Performance Indicators. Experience working within SDLC, Program and Project Management, and IT Operations (Capacity Management, Configuration Management, etc.) a plus. Experience in IT Audit and/or IT Risk (with active CISA and/or CRISC certification a plus). Experience working with IT teams to strengthen their adherence to organizationally defined IT controls. Experience executing control testing, reporting, and tracking control remediation. Ability to influence responsible parties (including senior management) working in the 1st, 2nd, and 3rd lines of defense in conversations regarding AD IT Control compliance and remediation activities. Excellent verbal and written communication skills with ability to articulate concepts and ideas to diverse audiences. Able to work well autonomously as well in a team with group company IT teams. Additional Requirements
D&I Commitment Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent. SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required. We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.
#J-18808-Ljbffr