The Risk Director role supports the development and implementation of the Information Technology (IT) and Cybersecurity risk management framework, as well as operational resilience second line oversight for the SMBC Group Americas Division (AD), in accordance with applicable regulations, home office policies and industry practices for risk management.

The Risk Management Department (RMDAD) is the second line of defense in its role of monitoring and assessing business practices as related to the risk appetite framework for SMBC. Within the RMDAD, the Non-Financial Risk (NFR) establishes an IT & cyber risk management and resilience oversight frameworks with defined roles and responsibilities across first and second lines. The Risk Director is responsible for providing second line review and challenge as part of the framework execution.

• Supports the Head of Technology Risk and Resilience Oversight (TRRO) in ensuring IT, data management, cybersecurity, and operational resiliency risks are adequately governed, managed
• Designs risk policies and framework to govern IT, data management, cybersecurity, and operational resiliency risks
• Review and challenge effectiveness of 1st line IT and Cyber control programs and report to risk committees and senior management to s
• Review and challenge of the 1st LOD risk identification, assessment, mitigating activities, and overall operational risk profile as it relates to IT, data management, cybersecurity, and operational resiliency risks

• Provides feedback and guidance on IT, data management, cybersecurity, and operational resiliency risk matters, standards, policies and control framework
• Understands the impact of IT, data management, cybersecurity, and operational resiliency risk across the business, group companies, and functions bank-wide
• Understands changes related to regulatory, new product/initiative, processes, controls, events, issues, etc., in the IT, data management, cybersecurity, and operational resiliency risk domains that may impact the operational risk profile of the bank

• Well-versed in technology & cyber risk management and resilience practices with the ability to connect and align with the firm's operational risk management processes and operational resilience framework
• 10 years of direct work experience within the financial services or technology industries, focused on risk management, regulatory, information technology, data management, cybersecurity, operational resiliency, compliance, or audit experience
• Foundational knowledge of enterprise risk management industry practices including project management, and risk control self-assessments
• Working knowledge of technology and cyber risk management process and controls, industry practices and framework (e.g., NIST, ISO, ITIL).
• Detail oriented, with proven ability to question the status quo and apply effective challenge, as appropriate
• Strong organizational skills, with proven ability to successfully manage multiple, concurrent priorities

D&I Commitment

Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.