Summary
Location
Charlotte
Type
full-time
Are you the employer? Manage your company page directly.
About this role
SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.
In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.
Role Description
Sumitomo Mitsui Banking Corporation is seeking an experienced professional who will be responsible for the leadership, development, and execution of our data security strategy within the overall Enterprise Information Protection Program (EIP). This senior role requires a deep understanding of cybersecurity, data security best practices, and regulatory compliance within the financial services industry. The successful candidate will oversee the implementation and management of policies, processes, and technologies to protect the bank’s sensitive information, ensuring compliance with all relevant regulations and industry standards.
The Head of Data Security within EIP is responsible for safeguarding SMBC’s data from unauthorized access, use, disclosure, disruption, modification, or destruction. The role encompasses data encryption, access control, data classification and discovery and compliance with regulatory requirements, ensuring the confidentiality of SMBC sensitive information across the enterprise.
Role Objectives
- Design and lead the overall strategy for data security, aligning it with SMBC’s business objectives and regulatory requirements.
- Evolve data security policies and procedures, ensuring alignment with regulatory standards (e.g., NYDFS Cybersecurity Regulation, GDPR, CCPA).
- Establish, lead and continuously evolve an operational function to manage the day-to-day ensuring a healthy data security posture. This includes overseeing the ongoing monitoring, management, and support of security processes, tools, and systems.
- Identify, assess, and mitigate risks related to data security. Oversee risk assessments and security audits to ensure ongoing compliance and protection.
- Manage, evolve and implement advanced security technologies and tools to enhance SMBC’s data security capabilities.
- Oversee the deployment and management of encryption technologies to secure sensitive data at rest, in transit, and in use. Ensure encryption policies are effectively implemented across the organization.
- Establish and maintain robust data governance frameworks, ensuring the proper classification, handling, and protection of sensitive information across the organization.
- Ensure compliance with all applicable laws and regulations, including those specific to the financial services industry. Liaise with auditors and other stakeholders, as needed.
- Work closely with other departments, including Data Governance, Data Privacy, IT, legal, compliance, and risk management, to ensure an aligned approach to data security.
- Lead, mentor, and develop a high-performing team of data security professionals. Foster a culture of security awareness across the organization through training and awareness campaigns.
Qualifications and Skills
- Bachelor’s degree in information security, Computer Science, or a related field.
- 10+ years of experience in information security, data protection, or a related field, with at least 5 years in a leadership role within a regulated financial institution.
- In-depth knowledge of data security standards, best practices, and regulatory requirements, particularly within the financial services sector.
- Proven track record of developing and implementing enterprise-wide strategies.
- Technical knowledge and hands-on experience with leading data security posture management tools such as Varonis (for data security and insider threat protection), and database encryption technologies, etc.
- Experience with risk management, incident response, and data governance.
- Demonstrated ability to lead and manage a team, with excellent interpersonal and communication skills.
- Translates technical concepts into plain language to articulate business risks and suggests appropriate solutions.
- Ability to plan, coordinate, and support security, technology and business needs in a fast-paced, rapidly changing environment at a strategic level.
- Strong problem solving and analytical skills, with a proactive and results oriented approach to security.
- Experience working in a highly regulated environment such as financial services.
- Relevant certifications such as CISSP, CISM, CIPP, or equivalent are strongly preferred.
Additional Requirements
SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.
SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at [email protected].
Other facts
About Sumitomo Mitsui Banking Corporation
SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 150 offices and 120,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, one of the three largest banking groups in Japan. SMFG's shares trade on the Tokyo and Nagoya stock exchanges, and its ADRs trade on the New York Stock Exchange (NYSE: SMFG).
Americas: https://www.smbcgroup.com/
EMEA: https://www.smbcgroup.com/emea/
APAC: https://www.smbc.co.jp/asia/
Tokyo: https://www.smfg.co.jp/english/
What you'll do
- This senior role is responsible for the leadership, development, and execution of the data security strategy within the overall Enterprise Information Protection Program (EIP). The incumbent will oversee the implementation and management of policies, processes, and technologies to protect sensitive information and ensure regulatory compliance.
Join Clera's Talent Pool
Get matched with similar opportunities at top startups
This role is hosted on Sumitomo Mitsui Banking Corporation's careers site.
Join our talent pool first to get notified about similar roles that match your profile.