Vice President - Data & AI Risk

Vice President - Technology, Data and Cyber (TDC) Risk Enablement & Reporting

Job Level: Vice President Job Function: Governance & Assurance Location: Charlotte, NC, US Employment Type: Full Time

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries.

The TDC Risk Enablement & Reporting VP role supports the development and implementation of the Information Technology (IT), Cybersecurity and Data risk management frameworks, the SMBC Group Americas Division (AD), in accordance with applicable regulations, home office policies and industry practices for risk management.

Role Responsibilities:

• Maintains second line risk frameworks, policies, procedures, standards, methodologies across technology, cyber and data risk.
• Supports second line processes including tools/tech for the TDCRO team.
• Assists management in coordinating TDCRO risk oversight approaches with Head Office, Enterprise Risk, Operational Risk and others including AI, Privacy, Compliance, etc.
• Maintain TDCRO view of first line programs and dependencies.
• Supports management in Audit/Exam activities.
• Prepares materials for TDC risk working group, committees, and risk metrics reporting

Qualifications and Skills:

• Well-versed in technology & cyber risk management practices with the ability to connect and align with the firm's enterprise risk and operational risk management processes.
• Extensive working experience in risk committee and board-level reporting.
• 5+ years of direct work experience within the financial services or technology industries, focused on risk management, regulatory & audit, information technology, data management, cybersecurity.
• Foundational knowledge of enterprise risk management industry practices including project management, and risk control self-assessments.
• Generalist knowledge in IT and Cyber programs (e.g., Vulnerability Management, IT Asset Management, Identity & Access Management, SDLC, IT Service Management, Change Management, Incident Management, Resilience & Continuity).
• Working knowledge of technology, cyber and data risk management processes, controls, industry practices and framework (e.g., NIST CSF, ISO, ITIL, COBIT, BCBS 239).
• Detail oriented, with proven ability to question the status quo and apply effective challenge, as appropriate.
• Strong organizational skills, with proven ability to successfully manage multiple, concurrent priorities.
• Ability to work effectively in a matrixed environment and across various organizational levels, where flexibility, collaboration, and adaptability are important.
• Strong desire to continually deliver a quality and meaningful work product in a timely and efficient manner.
• Bachelor's/University degree, Master's degree preferred.
• CISA, CISM, CISSP, CRISC or other IT & Cybersecurity certifications preferred.

SMBC's employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles.