Cloud Security Risk Assessment Vice President
Location: White Plains
Posted on: June 23, 2025
|
|
|
Job Description:
SMBC Group is a top-tier global financial group. Headquartered
in Tokyo and with a 400-year history, SMBC Group offers a diverse
range of financial services, including banking, leasing,
securities, credit cards, and consumer finance. The Group has more
than 130 offices and 80,000 employees worldwide in nearly 40
countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the
holding company of SMBC Group, which is one of the three largest
banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya,
and New York (NYSE: SMFG) stock exchanges. In the Americas, SMBC
Group has a presence in the US, Canada, Mexico, Brazil, Chile,
Colombia, and Peru. Backed by the capital strength of SMBC Group
and the value of its relationships in Asia, the Group offers a
range of commercial and investment banking services to its
corporate, institutional, and municipal clients. It connects a
diverse client base to local markets and the organization’s
extensive global network. The Group’s operating companies in the
Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko
Securities America, Inc., SMBC Capital Markets, Inc., SMBC Rail
Services LLC, Manufacturers Bank, JRI America, Inc., SMBC Leasing
and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and
Sumitomo Mitsui Finance and Leasing Co., Ltd. The anticipated
salary range for this role is between $143,000.00 and $185,000.00.
The specific salary offered to an applicant will be based on their
individual qualifications, experiences, and an analysis of the
current compensation paid in their geography and the market for
similar roles at the time of hire. The role may also be eligible
for an annual discretionary incentive award. In addition to cash
compensation, SMBC offers a competitive portfolio of benefits to
its employees. Role Description SMBC is seeking a Cloud Security
Risk Assessment Vice President who is experienced working in a
Cloud Security Risk Program that includes running projects and BAU
activity for assessing and reporting on risk and controls for
Service Providers and their supporting tools. The Cloud Security
Risk Assessment Vice President will be responsible for maintaining
a program that will drive Cloud governance, security improvements,
and efficiency across the Bank and the various group companies.
He/she will lead efforts to continuously monitor Cloud Security
Risks in a dynamic environment and will also lead projects related
to information security risk management processes and system
implementations. Additionally, the Cloud Security Risk Assessment
Director will partner with various departments of the Bank on
developing new risk management processes and ensure the roles and
responsibilities are clearly defined among different teams. Role
Objectives • Prioritize and complete internal and external risks
assessments as required and negotiate with requesters on validity
of the requests as needed. • Partner with other risk departments of
the bank to collaborate on BAU activities or projects and define
clear roles and responsibilities on risk management processes,
ensuring information security risks and controls throughout the
bank are sufficiently assessed and managed. • Complete
independently or assign resources to various information security
risk assessment activities such as self-assessments requested by
clients and regulators, as needed. • Fully understand Cloud
security risk and controls and can simplify and articulate risk and
controls to both technical and business stakeholders. •
Continuously enhance/streamline processes and technology in the
Cloud security risk management space. • Formally manage junior
staff as direct reports. • Function as an internal cloud security
consultant on information security initiatives as assigned by the
Executive Director and CISO. • Function as SME to defend and
advocate security controls. PRIMARY RESPONSIBILITIES • Communicate
policy, procedure, and standard updates to stakeholders concisely
and clearly. • Clearly articulate security and technical controls
and corresponding technical and operational risks to stakeholders •
Assess Cloud-based risks and controls against internal
requirements, best practices, and industry frameworks. • Ensure
compliance with all policy and standard requirements applied to
Cloud services and technology. • Coordinate with various
departments to ensure Cloud Security documentation requests are
comprehensible and addressed timely. • Serve as the Cloud Security
SME and as a change agent to enable cloud transformation
initiatives from a security perspective. • Work closely with DevOps
teams to assess practices for deploying new systems in the Cloud.
Qualifications and Skills • Ability to lead complex tasks and
technical projects and assign resources to complete the tasks
timely. • Have strong knowledge of cloud information security
controls, risks and best practices in a large financial institution
or banking environment. • Have strong knowledge of cloud service
providers (e.g., GCP, AWS, and AAD), cloud-based applications and
tools (e.g., CASB), as well as the security controls that are
unique to such solutions. • Have strong knowledge of commonly used
banking applications, operating systems, and databases. • Have
strong knowledge of cyber security regulations (e.g., NYS DFS
Cybersecurity, GDPR, FCA) and information security best practices
and industry frameworks (e.g., ISO27002, FFIEC, NIST, Cloud
Security Alliance). • Have working knowledge of various risk
functions in large financial institutions, including how these risk
functions relate to the management of information security risks. •
Have strong verbal and written communication skills. Additional
Requirements D&I Commitment Responsible for fostering a culture
of diversity and inclusion, holding leaders accountable for
creating an inclusive environment through awareness and practice of
equity in recruiting, developing, and promoting diverse talent.
SMBC’s employees participate in a hybrid workforce model that
provides employees with an opportunity to work from home, as well
as, from an SMBC office. SMBC requires that employees live within a
reasonable commuting distance of their office location. Prospective
candidates will learn more about their specific hybrid work
schedule during their interview process. We are an equal employment
opportunity employer. All qualified applicants will receive
consideration for employment without regard to race, color,
religion, gender, national origin, disability status, protected
veteran status or any other characteristic protected by law. SMBC
provides reasonable accommodations for employees and applicants
with disabilities consistent with applicable law.
Keywords: , Westfield , Cloud Security Risk Assessment Vice President, IT / Software / Systems , White Plains, Massachusetts
