Role Description
The Director of TDC Risk Validation supports the development, maintenance, and independent validation of the Information Technology (IT), Cybersecurity, and Data risk management frameworks for the SMBC Group Americas Division (AD). This support is provided in accordance with applicable regulations, home office policies, and industry practices for risk management.
The Risk Management Department (RMDAD) is the second line of defense, independently monitoring and assessing business practices related to the risk appetite framework for SMBC. Within RMDAD, Tech, Data and Cyber Risk Oversight (TDCRO) establishes technology, data, and cyber risk management policies and frameworks with defined roles across first and second lines, and provides independent challenge and validation of first‑line risk management execution. The Director manages second‑line oversight areas that holistically impact tech, data, and cyber risk disciplines, including frameworks, policies, procedures, methodology, independent validation approach, risk reporting, and related activities.
Role Responsibilities
- Maintains second‑line risk frameworks, policies, procedures, standards, and methodologies across technology, cyber, artificial intelligence (AI), and data risk.
- Leads independent validation and effective challenge of first‑line TDC risk management execution, including design and operating effectiveness assessments and issue tracking through closure.
- Defines and enables TDC risk tooling strategy.
- Generates insights from first‑line programs to enable independent monitoring, challenge, and validation activities. Transforms tech, cyber, data, and AI risk reporting from static reporting to insight‑driven, forward‑looking risk assessment using Power BI, Tableau, or similar tools.
- Manages TDC risk working group, committees, materials, and risk metrics reporting.
Expertise And Qualifications
- Well‑versed in technology and cyber risk management practices with the ability to align with the firm’s enterprise and operational risk management processes.
- Extensive experience in risk committee and board‑level reporting.
- 10+ years of direct work experience within the financial services or technology industries, focused on risk management, control testing and validation, regulatory, and audit.
- Foundational knowledge of enterprise, operational, and technology risk management practices.
- Experience and proficiency utilizing Power BI, Tableau, or similar visualization/dashboarding tools to design forward‑looking risk dashboards.
- Direct experience or strong proficiency in data storytelling, integrating analytics, visualization, and business context to develop board‑level risk narratives that inform strategic decision‑making.
- Experience with Power BI, Tableau, or similar tools to design and develop risk dashboards; experience building KRIs, KCIs, or KPIs is a plus.
- Working knowledge of technology, cyber, and data risk management processes, controls, industry practices, and frameworks (e.g., NIST CSF, ISO, ITIL, COBIT, BCBS 239).
- Strong organizational skills and detail orientation with the ability to manage concurrent priorities.
- Bachelor’s or university degree; master’s degree preferred.
- Power BI, Tableau, and CISA/CISM/CISSP/CRISC certifications preferred.
SMBC’s employees participate in a Hybrid workforce model that provides opportunities to work from home or from an SMBC office. Employees are required to live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during the interview process. Hybrid work may not be permitted for certain roles, such as certain FINRA‑registered positions that require in‑office attendance for the entire workweek.
SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at
#J-18808-Ljbffr