Job Description
Role Description
The TDC Risk Enablement & Reporting Director role supports the development and implementation of the Information Technology (IT), Cybersecurity and Data risk management frameworks, the SMBC Group Americas Division (AD), in accordance with applicable regulations, home office policies and industry practices for risk management.
The Risk Management Department (RMDAD) is the second line of defense in its role of monitoring and assessing business practices as related to the risk appetite framework for SMBC. Within the RMDAD, the Tech, Data and Cyber Risk Oversight (TDCRO) establish technology, data and cyber risk management policies and framework with defined roles and responsibilities across first and second lines. The Director is responsible for managing risk oversight areas that holistically impact tech, data, and cyber risk disciplines, including second line frameworks, policies, procedures, methodology, risk reporting, etc.
Role Responsibilities:
• Maintains second line risk frameworks, policies, procedures, standards, methodologies across technology, cyber, artificial intelligence and data risk.
• Owns second line TDCRO processes including tools/tech for the team.
• Coordinates TDCRO risk oversight approaches with Head Office, Enterprise Risk, Operational Risk and others including AI, Privacy, Compliance, etc.
• Maintains TDCRO view of first line programs and dependencies.
• Provides Audit/Exam Support.
• Manages TDC risk working group, committees, materials and risk metrics reporting
• Manages Data Stewardship for the TDCRO team
• Performs new product and activities review representing the TDCRO
Qualifications and Skills
• Well-versed in technology & cyber risk management practices with the ability to connect and align with the firm’s enterprise risk and operational risk management processes
• Extensive working experience in risk committee and board-level reporting
• 10+ years of direct work experience within the financial services or technology industries, focused on risk management, regulatory & audit, information technology, data management, cybersecurity
• Foundational knowledge of enterprise risk management industry practices including project management, and risk control self-assessments
• Generalist knowledge in IT and Cyber programs (e.g., Vulnerability Management, IT Asset Management, Identity & Access Management, SDLC, IT Service Management, Change Management, Incident Management, Resilience & Continuity)
• Working knowledge of technology, cyber and data risk management processes, controls, industry practices and framework (e.g., NIST CSF, ISO, ITIL, COBIT, BCBS 239).
• Detail oriented, with proven ability to question the status quo and apply effective challenge, as appropriate
• Strong organizational skills, with proven ability to successfully manage multiple, concurrent priorities
• Ability to work effectively in a matrixed environment and across various organizational levels, where flexibility, collaboration, and adaptability are important
• Strong desire to continually deliver a quality and meaningful work product in a timely and efficient manner
• Bachelor’s/University degree, Master’s degree preferred
• CISA, CISM, CISSP, CRISC or other IT & Cybersecurity certifications preferred