Role DescriptionSMBC is seeking an Audit & Regulatory Management (ARM) Senior Specialist who is highly interested in building his/her career as part of a dynamic team, the Audit & Regulatory Management (ARM) team, that specializes in the management of audit and regulatory requirements for the Information Security team at JRI-A.
The main responsibility of the Audit & Regulatory Management (ARM) Senior Specialist is providing assistance and support to the ARM Team in the co-ordination & facilitation of audit responses from all audit sources on behalf of the Information Security department.
This is to ensure right artifacts are gathered and audit requests are tracked and responded to on time; The ARM team act as the primary point of contact and actively manage all audits requests, ensuring the process if efficient and well-coordinated.
Please note this is NOT an auditor role.
However, individuals with an auditor/assessor or similar background would be notable candidates.
Role ObjectivesARM is the process within Information Security Governance, Risk and Compliance (GRC) by which all reviews, exams and audits or other type of formally requested assurance over Information Security control effectiveness are managed, from initial point of contact through closure of the assessment.
The Audit and Regulatory Management (ARM) team is responsible for facilitating and coordinating all assessment requests and activities in a systematic and efficient manner.
The ARM team serves as the liaison between the Information Security team and the (External and Internal) Auditor.
The ARM team manages all assessments for SMBC America's Division.
* Monitoring & reviewing all logged Information Security audit requests to ensure they are responded to efficiently and on time
* Supporting the facilitation and coordination of audit activities including but not limited to interviews, documentation requests, artifact requests, logistical support for walkthroughs / meetings, facilitating follow up queries with various stakeholders and tracking status of all requested items.
For some assessments, as directed by ARM Management, undertake the role of facilitator.
Communicating effectively with evidence providers to ensure they understand the audit request; Communicating effectively with auditors to ensure that the request is clear.
* Reviewing the work of the ARM Specialist to ensure that evidence gathered is appropriate to move forward to the next stage of review
* Providing guidance as needed to the ARM Specialist to assist them and obtain the appropriate evidence
* Taking responsibility and ownership for certain sections of an Audit; For other sections, gathering required evidence, under the direction of the ARM Management; Preparing this for review and approval by ARM Management to ensure it is appropriate and accurate for submission
* This is a critical role in our audit response process that will involve meeting with auditors, compiling auditor requests, engaging with evidence providers, collecting evidence, and preparing this for review by ARM Management
* Develop a working knowledge and understanding of the information security controls and associated risks
* Maintaining the ARM Evidence Repository, which enables evidence to be leveraged for similar type audit requests for all audits across the firm.
Ensuring repeatable evidence is stored and collected in advance where possible
* Ensuring the central ARM tool is maintained up to date to ensure meaningful information is available for ARM Management / Information Security Management
* Performing an active role in various ARM Projects that occur as we continuously seek to improve the ARM process; Such projects may involve enhancing current ARM tools, identifying and implementing new tools
* Ensuring adherence to the ARM Process & Standards; Working with the ARM team to continuously identify areas for improvement and implement these Educating Information Security team members in use of our ARM Tool by conducting training classes and socialization meetings
* Assist with other ARM activities requested by management, clients, auditors and regulators, as needed
* Possess working knowledge of information security controls, risks and best practices
* Possess working knowledge of IT Auditing - the core concepts, audit process, types of audit
* Possess working knowledge of Cyber Security regulations (e.g., NYS DFS Cybersecurity, GDPR, FCA) and information security best practices and industry frameworks (e.g., ISO27002, FFIEC, NIST)Qualifications and Skills
* Have 2-5 years of Big-4 IT audit, other IT audit, assurance or consulting experience
* Possess a very high level of attention to detail
* Ability to demonstrate a self-motivated and disciplined approach to learning and working
* Ability to work independently and take ownership in starting and completing the tasks initiated and assigned
* Ability to lead in a team environment and demonstrate leadership skills
* Actively pursuit of or have designations in the information security and IT risk fields such as CISA, CISSP,
* CISM, CRISC.
Education:
B.S.
or M.S.
degree in Information Systems/Technology, Science or Engineering preferred; Exposure to and interest in the field of computer science, audit and associated subject matter
* Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple personal tasks, projects and goals.
* Possess strong verbal and written communication skills; Have strong computer literacy skills e.g.
proficient in the use of Microsoft Office.