SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

 

In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

 

The anticipated salary range for this role is between $153,000.00 and $196,000.00. The specific salary offered to an applicant will be based on their individual qualifications, experiences, and an analysis of the current compensation paid in their geography and the market for similar roles at the time of hire. The role may also be eligible for an annual discretionary incentive award. In addition to cash compensation, SMBC offers a competitive portfolio of benefits to its employees.

Role Description

This role resides in the Cyber Resilience (COR) team within the SMBC Americas Division Information Security Office.  CR’s mission is to support 14 companies managing activities related to Cyber Resilience in accordance with applicable regulations, Firm policies, and industry best practices for Information Security and Operational Resilience. 

 

The Threat Modeling Architect VP will execute and mature a program that provides a visual representation of assets, controls, threat agents, trust zones, attack paths, and a list of potential attacks a threat agent may perform as well as related reporting documents and issue management.  Additionally, responsibilities include participating in information technology, data management, cybersecurity, and operational resilience management across businesses. This includes regional resilience coordination and reporting of progress to executive leadership. The role also serves as a champion for Cyber Resilience concerns, controls and maturation at the Firm, especially for the modeled environments, and related processes such as Architecture and SDLC (Software Development Lifecycle).  

Role Objectives Facilitates the management of an enterprise Threat Modeling Assessment program to enhance maturity across the firm   Builds Threat Models of enterprise services to identify and refine the attack surface   Acts as a Cyber Resilience champion of the Threat Modeling Assessment program and serve a pivotal role in maturation efforts   Delivers reports that capture identified risks controls assets trust zones and enhancement requirements   Partners with stakeholders on Threat Modeling Assessment Issues to create action plans identified during fieldwork  Ability to prioritize engagements using a riskbasedapproach   Determines alignment of Cyber Resilience controls in practice with those from authoritative sources such as NIST SP 80053 and ISO 27002 to provide holistic insight into current capabilities and risk themes as well as best practices   Develops a deep knowledge of SMBC critical services and dependencies on technology people processes and third parties    Understands the impact of cyber risks as it relates to both firm and industry wide impacts to technical and security dependencies and single points of failure to enhance mitigation activities  Educates and provides subject matter expertise to support the business on cyber hygiene activities and enhancements based on business related impacts  Qualifications and Skills Deep understanding of enterprise architecture and security architectural elements as they relate to risks and controls Ability to accurately capture and enhance architectural diagrams  Wellversed in Cyber Resilience to include technology incident response and cyber risk practices with the ability to connect and align with the firms processes and frameworks  8 years of direct work experience within the financial services industry with focus on security architecture as it relates to cyber threats  Working knowledge of business and cyber risk management process and controls industry practices and frameworks eg NIST 80053 ISO 27000 family  Broad knowledge of cloud technologies AWS Azure certification a plus  Detail oriented with proven ability to question the status quo and apply resilience activities to enhance capabilities as appropriate  Strong organizational skills with proven ability to successfully manage multiple concurrent priorities and team members as the program is built out  Ability to communicate and work effectively in a matrixed environment and across various organizational levels where flexibility collaboration and adaptability are important at all levels  Strong analytical skills and attention to detail  Able to communicate technical issues to a nontechnical executive audience  Foundational knowledge of banking laws and regulations FFIEC BCBS FCA PRA BoE etc  Maintain a business cyber threat mindset to understand underlying risks and weaknesses to properly assist in mitigating and enhancement activities  Strong desire to continually deliver a quality and meaningful work product in a timely and efficient manner  BABS in Computer Engineering Computer Science Information Systems Cyber Security Business Administration or demonstrated relevant industry background andor military experience  CCSP Certified Cloud Security Professional CCSP Microsoft Certified Cybersecurity Architect Expert MS SC100 Exam Certified Network Defense Architect CNDA CREST Registered Technical Security Architect CRTSA Global Information Assurance Certifications Defensible Security Architect GDSA from GIAC certifications preferred 

 

Additional Requirements

D&I Commitment

Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.

SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA-registered roles for which in-office attendance for the entire workweek is required.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com.