GRC Specialist Associate

Role Description for GRC Specialist Associate

SMBC Group is a top-tier global financial group with a 400-year history. Headquartered in Tokyo, it offers a diverse range of financial services globally. In the Americas, SMBC Group provides commercial and investment banking services to corporate, institutional, and municipal clients.

SMBC is actively seeking a GRC Specialist Associate who possesses a strong passion for information security risk management and aims to build a career within a fast-growing and reputable Bank.

As an Associate within GRC, you will play a vital role in protecting SMBC’s information assets. This involves conducting comprehensive risk assessments, collaborating with various stakeholders, and driving process improvements. Reporting to the Head of Security Risk Assessments, you will contribute significantly to shaping the bank’s security risk management practices and ensuring compliance with both internal and external standards.

This is a hybrid role, requiring attendance at our Tralee office at least 4 times a week, including weekly Monday and Tuesday AD hours (13:30 - 22:00 local time Tralee).

Role Objectives: Expertise

• Conduct information security risk assessments for new and existing applications, clients, and regulatory requests.
• Collaborate with IT, business, and compliance teams to identify, assess, and mitigate security risks effectively.
• Continuously improve risk management processes and leverage technology to enhance efficiency and effectiveness.
• Communicate risks and controls clearly to both technical and non-technical stakeholders.
• Assist stakeholders in understanding assessment control questions and identifying appropriate compensating controls.
• Maintain and regularly update security policies and procedures, ensuring stakeholders are educated on any changes.
• Support the remediation and acceptance of identified risks through consultation with senior team members.
• Thoroughly understand information security controls and associated risks, articulating these to both technical and business stakeholders.
• Understand various security risk management policies and procedures to perform assessments and educate new/existing stakeholders.
• Simplify and explain risks associated with control gaps, articulating technical controls, risks, impacts, and likelihood in business and layman's terms.
• Support risk management tooling, including assessment tools and the risk register.

Qualifications And Skills

The ideal candidate for the GRC Specialist Associate role will possess:

• Strong understanding of information security principles, risk assessment methodologies, and relevant regulatory requirements.
• Basic knowledge of commonly used banking applications, operating systems, and databases.
• Basic knowledge of cloud-based applications and tools.
• Basic knowledge of cybersecurity and information security best practices and industry frameworks, such as NYS DFS Cybersecurity, GLBA, CCPA/CPRA, ISO 27001, NIST CSF/800-53, and Center for Internet Security.
• Strong verbal and written communication skills are essential.
• Ability to demonstrate a self-motivated and disciplined approach to continuous learning and work.
• Ability to work effectively in a team environment and demonstrate leadership qualities when necessary.
• A highly developed sense of personal accountability and follow-through, with the ability to effectively prioritize multiple personal tasks, projects, and goals.

Additional Requirements

SMBC’s employees participate in a hybrid workforce model. This model offers the opportunity to work from home while also requiring attendance at an SMBC office. Employees are required to live within a reasonable commuting distance of their office location. Specific hybrid work schedules will be discussed during the interview process.

Key skills/competency

• Information Security
• Risk Management
• Compliance
• Risk Assessment
• Regulatory Requirements
• Cybersecurity Frameworks
• Policy Management
• Stakeholder Communication
• Process Improvement
• Cloud Security