GRC Manager - Associate

Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Information Technology, Information Security, or related field.
  • 5+ years of IT audit experience, preferably with Big 4 firms.
  • Designations in information security or IT risk fields such as CISA, CISSP, CISM, or CRISC.
  • Strong knowledge of General IT Controls and best practices in Information Security.
  • Familiar with Cyber Security regulations (e.g., NYS DFS, GDPR) and frameworks (e.g., ISO27002, NIST).
  • Strong communication and interpersonal skills, with persuasive articulation capabilities.
  • Ability to manage complex tasks and projects independently, demonstrating initiative and time management.

Responsibilities

  • Lead and coordinate audit processes from start to finish, ensuring efficiency.
  • Manage all audit requests and ensure timely response and artifact collection.
  • Oversee work of junior team members and ensure deliverables are met on schedule.
  • Facilitate interviews and logistical support for audit-related activities.
  • Engage with stakeholders to clarify audit controls and address preliminary findings.
  • Maintain the ARM Evidence Repository for streamlined access to documentation.
  • Actively participate in continuous improvement projects for the ARM program.

Benefits

  • Hybrid workforce model allowing work from home and office.
  • Opportunity for professional development and training.
  • Access to continuing education on ARM processes and best practices.
Full Job Description
Role Description

SMBC is seeking an Audit & Regulatory Management (ARM) Manager who is highly interested in building his/her career as part of a dynamic team, the Audit & Regulatory Management (ARM) team, that specializes in the management of audit and regulatory requirements for the Information Security team at JRI-A.

The ARM Manager will be a hands-on manager who can independently and successfully execute the ARM process in the coordination & facilitation of audit request and issue management. The ARM Manager will assume the lead role on an audit / multiple sections of a larger audit and on issue closure throughout the year; they will be the lead point of contact and will be responsible for the co-ordination & facilitation of the audit and issue closure from start to finish (or from remediation progress tracking to closure pack prep), ensuring the process is efficient and well-coordinated. The ARM Manager will actively manage all audit requests (including those from issue validation and continuous monitoring exercise), ensuring right artifacts are gathered and audit requests are tracked and responded to on time and be responsible for all related ARM activities associated with the audit / sections / issues for which they are managing. The ARM Manager will be responsible for the successful management of the relationship between the stakeholders throughout the process.

Please note this is NOT an auditor role. However, individuals with an auditor/assessor or similar background would be a plus.

Role Objectives: Expertise

  • Lead role for a single audit or full responsibility for multiple sections across a group of audits
  • Responsible for the coordination facilitation of the audit and issue closure from start to finish ensuring the process is efficient and well-coordinated
  • Actively manage all audit requests and evidence review and challenge ensuring right artifacts are gathered and audit requests are tracked and responded to on time
  • Responsible for the assigning and reviewing of work of junior team members and timely escalation to ensure deliverables stay on track
  • Manage the facilitation and coordination of audit request and issue management activities including but not limited to interviews documentation requests artifact requests and review logistical support for walkthroughs meetings facilitating follow up queries with various stakeholders reviewing Issue Closure Packs and facilitating management review and approval
  • Communicate effectively and timely with auditors where necessary to affirm their understanding of the controls in place to ensure the audit testing approach is effective their requests are appropriate and clear In turn be able to clearly explain the request to Evidence Providers
  • Control Owners outlining the risks controls being tested assisting them where necessary to ensure the correct artifact is provided
  • Articulate to auditors stakeholders comfortably and independently the key controls in place and identification of compensating controls be able to defend and advocate for these controls to auditors
  • Manage preliminary audit findings Engage with auditors at an early stage in preliminary findings to ensure completeness and accuracy of understanding Responsible for reviewing preliminary findings for plausibility reasonability engaging with the Control Owners Senior Management Relevant Subject Matters Experts as applicable
  • Responsible for providing further information evidence to the auditor which may result in the preliminary finding being revised or removed
  • Assist Service Providers Control Owners in drafting formal management responses to confirmed findings for Information Security management review with the expectation of management oversight required
  • Manage and track audit issues to closure per action milestones providing periodic status updates to Information Security Management
  • Maintain the ARM Evidence Repository which enables evidence to be leveraged for similar type audit requests for all audits across the firm Ensuring repeatable evidence is stored and collected in advance where possible
  • Promote use of the central ARM tool providing information to maintain up to date audit status Review of dashboard metrics to ensure information is up to date and accurate to ensure meaningful information is available for ARM Management Information Security Management
  • Take an active role in projects designed to expand and ensure continuous improvement in the ARM Program Lead certain aspects of the project Take ownership for directing the ARM Specialist ARM Senior Specialist in the performance of their tasks
  • Ensure adherence to the ARM Process Standards Working with the ARM team to continuously identify areas for improvement document and implement these
  • Share with the ARM team best practices of ARM activities processes and take lead role in rolling out the improved process Responsible for ensuring documentation is up to date
  • Create professional training materials on ARM Process and Tools and lead initiatives to educate Information Security team members by conducting the classes and socialization meetings
  • Provide direction to ARM Specialist ARM Senior Specialist in the assignment and completion of audit requests
  • Complete independently ARM activities requested by management clients auditors and regulators


Qualifications and Skills
• Bachelor's degree in information technology, Information Security, or related field.
• Have 5 plus years of IT audit (Big 4 preferable), assurance, or consulting experience.
• Have designations in the information security and IT risk fields such as CISA, CISSP, CISM, CRISC.
• Possess strong knowledge of General IT Controls, risk, and best practices, especially in relation to Information Security.
• Possess strong knowledge of IT Auditing - the core concepts, audit process, types of audits.
• Possess strong knowledge of Cyber Security regulations (e.g., NYS DFS Cybersecurity, GDPR, FCA) and information security best practices and industry frameworks (e.g., ISO27002, FFIEC, NIST). Detailed, thorough, diligent technical ability, with good analytical skills, a customer service mindset.
• Strong written, verbal, and interpersonal communication skills must be able to clearly articulate a point and be a persuasive communicator.
• Ability to demonstrate a self-motivated and disciplined approach to learning and working.
• Ability to display initiative and innovation; independently manage ARM assessments, including all related ARM activities from start to finish.
• Ability to take ownership of complex tasks, drive projects forward for timely completion.
• Must have excellent time manageability skills, should be able to prioritize, multitask and manage multiple projects simultaneously.

Additional Requirements

SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

About Sumitomo Mitsui Financial Group, Inc.

Sumitomo Mitsui Financial Group, Inc. Careers

There has never been a more opportune time to join the dynamic team at Sumitomo Mitsui Financial Group, Inc. (SMFG)—a leading force in the financial services industry recognized for its leadership in innovation and diversity.

Explore Job Opportunities

Sumitomo Mitsui Financial Group, Inc. offers a plethora of job opportunities that cater to a variety of skills and interests. The company is renowned for its commitment to professional growth and leadership development, making it an ideal environment for ambitious individuals looking to advance their careers.

Experience Professional Growth

At SMFG, career advancement is not just a possibility but a priority. The company supports its team members with extensive training programs, including leadership development and diversity training, ensuring that every employee has the tools and knowledge necessary to succeed.

Join a Diverse and Inclusive Team

Diversity and inclusion are at the core of the company culture at Sumitomo Mitsui Financial Group, Inc. With a global team that values unique perspectives and fosters a collaborative and inclusive environment, SMFG is a place where everyone can thrive.

Internship Programs

For those starting their career journey, SMFG offers internship programs that provide a robust foundation in the financial sector. Interns gain invaluable experience, working alongside seasoned professionals and engaging in projects that offer real-world applications of their studies.

Benefits and Culture

Sumitomo Mitsui Financial Group, Inc. is dedicated to not only attracting but also retaining top talent by offering competitive benefits that enhance both personal and professional life. The company culture promotes work-life balance, employee well-being, and continuous learning.

Innovative Work Environment

Innovation is a key driver of SMFG’s success. Employees are encouraged to bring forward-thinking ideas to the table and are provided with the resources to transform these ideas into actionable solutions that drive the financial industry forward.

Networking and Career Development

Networking opportunities within SMFG are abundant. Employees are encouraged to connect with colleagues and industry leaders through various platforms and events, enhancing their professional network and opening doors to myriad career opportunities.

Apply for a Position

Sumitomo Mitsui Financial Group, Inc. is actively hiring and looking for talented individuals who are passionate, curious, and driven. Explore open positions that match your skills and interests on the SMFG careers page.

Stay Connected with SMFG Careers

Keep up to date with the latest career tips, industry insights, and company news from Sumitomo Mitsui Financial Group, Inc. Subscribe to receive updates and stay informed about new job openings and employment trends.

Prepare for Your Interview

Aspiring to join SMFG? Prepare your resume to reflect your best self and gear up for the interview process where you can showcase your skills and passion for finance and innovation.

Career Opportunities Await

At Sumitomo Mitsui Financial Group, Inc., the potential for professional development and personal growth is limitless. Discover the exciting and rewarding career opportunities that await at SMFG, where every position contributes to the company’s global success and leadership in the financial industry.
Learn more about Sumitomo Mitsui Financial Group, Inc.

Similar Jobs

More Jobs at Sumitomo Mitsui Financial Group, Inc.

More Information Technology Jobs

Find similar GRC Manager - Associate jobs: