Sign upLog in

GRC Manager - Associate

SMBC

Charlotte, NC

Apply
JOB DETAILS
SKILLS
Acceptance Testing, Application Programming Interface (API), Atlassian JIRA, Automation, Banking Services, Capital Markets, Change Management, Commercial Banking, Communication Skills, Consumer Finance, Continuous Improvement, Corporate Banking, Credit Cards, Customer Support/Service, Data Quality, Data Visualization Tools, Detail Oriented, Documentation, Documentation Standards, Finance, Financial Services, Global Financial Markets, HTML (HyperText Markup Language), ISO (International Organization for Standardization), Identify Issues, Information/Data Security (InfoSec), Internal Audit, Internet Security, Internet Technology, Investment Services, JSON, JavaScript, Maintain Compliance, Management Reporting, Power BI, Regulations, Regulatory Compliance, Regulatory Reports, Reporting Dashboards, Requirements Management, Risk, Risk Analysis, Risk Management, SQL (Structured Query Language), Securities, Securities and Exchange Commission (SEC), ServiceNow, Stock Market, Systems Administration/Management, Systems Scalability, Tableau, Taxonomies, Technical/Engineering Design, Testing, Traceability, Trading/Stockbroking, U.S. National Institute of Standards and Technology (NIST), User Interface/Experience (UI/UX), Vue.js, XML (EXtensible Markup Language)
LOCATION
Charlotte, NC
POSTED
2 days ago

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

 

In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

Role Description

This role serves as SMBC Americas Division Information Security’s Product Specialist for the organizational GRC platform (SAI360), responsible for the design, configuration, and continuous improvement of integrated governance, risk, and compliance capabilities.

 

The SAI360 platform supports core GRC functions including risk management, controls management, assessments, issue management, and regulatory compliance. This role will partner with business, risk, and technology stakeholders to translate regulatory and operational requirements into scalable system configurations and workflows. This role also contributes to the standardization of control frameworks, risk taxonomies, and regulatory mappings to support consistent reporting and regulatory alignment across regions.

 

The Product Specialist is responsible for ensuring Information Security modules are effectively configured, integrated with upstream and downstream systems, and support efficient, audit-ready processes.

Role Objectives

The Product Specialist delivers configuration, design, and support services for SAI360 users across Information Security and broader control functions. Key responsibilities include:

 

Module Design, Configuration, and Maintenance:

  • Lead and facilitate configuration design workshops with business, risk, and technology stakeholders
  • Translate business, regulatory, and control requirements into functional design specifications
  • Collaborate with the GRC Technology team to identify, configure, and enhance Information Security’s modules within SAI360 to improve functionality and user experience of GRC processes
  • Ensure the configurations and workflows within Information Security’s modules align with SMBC control standards, regulatory obligations, audit expectations and optimize end-to-end GRC workflows (risk assessments, control testing, issue management, regulatory mapping)
  • Support platform governance, including documentation, standards, and controls over system changes (e.g., JIRA) in collaboration with the GRC Technology team.

Reporting:

  • Design and configure dashboards and reports using SAI360-integrated PowerBI capabilities to support risk, compliance, and management reporting
  • Ensure data integrity, completeness, and auditability within Information Security’s modules

Testing and Deployment:

  • Support user acceptance testing (UAT) and defect resolution
  • Coordinate releases and enhancements in alignment with GRC Technology’s change management processes
  • Ensure proper documentation and traceability of changes to support audit and regulatory review

Stakeholder Engagement and Training:

  • Serve as the primary point of contact for Information Security stakeholders interacting with SAI360 across business and control functions
  • Support Information Security module owners with the development and provision of training and guidance to end users, control owners, and administrators

Qualifications and Skills

  • 2+ years of experience configuring or maintaining enterprise GRC platforms (e.g., SAI360, ServiceNow, Archer)
  • Hands-on experience working with web technologies used in GRC platforms with the ability to configure, troubleshoot, and implement changes directly within the platform (JavaScript, JSON, HTML, XML, and SQL; experience with Vue.js a plus).
  • Experience with data visualization tools (e.g., Power BI, Tableau) for risk and compliance reporting
  • Working experience with a change ticketing system (e.g., JIRA, ServiceNow)
  • Understanding of information/cyber security governance, risk management, and compliance (GRC) processes
  • Strong stakeholder engagement and communication skills across technical and non-technical audiences
  • Strong attention to detail with focus on data integrity and audit readiness

Preferred Qualifications:

  • Experience supporting information security / cybersecurity GRC, risk management, internal audit, or regulatory compliance
  • Experience working in financial services or a highly regulated environment
  • Exposure to control libraries, risk taxonomies, and regulatory mapping
  • Experience with workflow automation and integration (e.g., APIs, Power Platform)
  • Familiarity with regulatory expectations for information security in financial services (e.g., NYDFS Part 500, SEC, FFIEC Handbooks)
  • Working knowledge of cybersecurity control frameworks (e.g., NIST CSF, NIST 800-53, CRI Profile, ISO 27001)

Additional Requirements

SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

 

SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.

About the Company

S

SMBC

Resume Resources

Free Resume TemplatesFree Resume Builder