Cloud Security Risk Assessment Vice President

Cloud Security Risk Assessment Vice PresidentSMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries.The anticipated salary range for this role is between $143,000.00 and $185,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.Role DescriptionSMBC is seeking a Cloud Security Risk Assessment Vice President who is experienced working in a Cloud Security Risk Program that includes running projects and BAU activity for assessing and reporting on risk and controls for Service Providers and their supporting tools. The Cloud Security Risk Assessment Vice President will be responsible for maintaining a program that will drive Cloud governance, security improvements, and efficiency across the Bank and the various group companies.Role ObjectivesPrioritize and complete internal and external risks assessments as required and negotiate with requesters on validity of the requests as needed.Partner with other risk departments of the bank to collaborate on BAU activities or projects and define clear roles and responsibilities on risk management processes.Complete independently or assign resources to various information security risk assessment activities such as self-assessments requested by clients and regulators, as needed.Fully understand Cloud security risk and controls and can simplify and articulate risk and controls to both technical and business stakeholders.Continuously enhance/streamline processes and technology in the Cloud security risk management space.Formally manage junior staff as direct reports.Function as an internal cloud security consultant on information security initiatives as assigned by the Executive Director and CISO.Function as SME to defend and advocate security controls.PRIMARY RESPONSIBILITIESCommunicate policy, procedure, and standard updates to stakeholders concisely and clearly.Clearly articulate security and technical controls and corresponding technical and operational risks to stakeholders.Assess Cloud-based risks and controls against internal requirements, best practices, and industry frameworks.Ensure compliance with all policy and standard requirements applied to Cloud services and technology.Coordinate with various departments to ensure Cloud Security documentation requests are comprehensible and addressed timely.Serve as the Cloud Security SME and as a change agent to enable cloud transformation initiatives from a security perspective.Work closely with DevOps teams to assess practices for deploying new systems in the Cloud.Qualifications and SkillsAbility to lead complex tasks and technical projects and assign resources to complete the tasks timely.Have strong knowledge of cloud information security controls, risks and best practices in a large financial institution or banking environment.Have strong knowledge of cloud service providers (e.g., GCP, AWS, and AAD), cloud-based applications and tools (e.g., CASB), as well as the security controls that are unique to such solutions.Have strong knowledge of commonly used banking applications, operating systems, and databases.Have strong knowledge of cyber security regulations (e.g., NYS DFS Cybersecurity, GDPR, FCA) and information security best practices and industry frameworks (e.g., ISO27002, FFIEC, NIST, Cloud Security Alliance).Have working knowledge of various risk functions in large financial institutions, including how these risk functions relate to the management of information security risks.Have strong verbal and written communication skills.Additional RequirementsD&I Commitment: Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.SMBC's employees participate in a hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location.We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law.#J-18808-Ljbffr

Created: 2025-03-06