SMBC is seeking an experienced professional (10 years) to join our IT Application Audit Team for the Americas Division, specializing on the delivery of integrated audits, focusing on scoping and executing IT audit procedures for key business applications supporting business process audits.

The individual will evaluate IT-related governance, processes, risks and controls to provide reasonable assurance as to the adequacy of the control environment within the Americas, and entities reliant upon the Americas' services.

Audit activity includes the annual risk assessment and planning; scheduled audit execution covering both existing applications in production and new development/implementations; issue validation; continuous monitoring. The department is also expanding the use of data and analytics in various audit activities.

The role requires the candidate to plan and perform internal audits over technology areas within SMBC's Americas Division, primarily focusing on application-specific risks and controls in integrated business audits, along with some exposure to infrastructure and cybersecurity audits. The individual is responsible for the supervision of respective audit team staff and day-to-day oversight and reporting of audit activities for assigned portfolio including: (i) execution of efficient, high quality, and timely audit reviews; (ii) issue validation, continuous monitoring, and annual risk assessments for Auditable Entities (AEs); and (iii) development of respective portfolio's audit plan. Specific responsibilities include:

• Defines, plans and schedules IT audit activities in support of business audits, to include internal controls in key technology risk areas to ensure compliance with internal policies, laws and regulations, and regulatory expectations (FFIEC and Supervision and Regulation letters)
• Manages timely and quality execution of audits for assigned portfolio.
• Manages timely and quality performance of (1) audit issue validation; (2) continuous monitoring activities; (3) annual risk assessment and audit planning.
• Provides supervision and on-the-job training to staff, to ensure audit execution is in line with IIA and other relevant standards, including completion of clear and concise audit work-papers and audit reports summarizing scope, methodology, and significant conclusions of audit procedures performed within prescribed time frames.
• Coordinates audit activities with business audit management.
• Establishes and builds relationships with key IT and business stakeholders.
• Performs staff development and people management activities.
• Possesses strong project management skills with an ability to oversee multiple audits, issue validation, annual risk assessment, audit planning, and continuous monitoring and deliver within required deadlines * Can execute a variety of tasks and properly prioritize deliverables.
• Has excellent written and verbal communication skills to support and review the audit execution team's delivery of clear and concise workpapers and support effective interaction with IAD NY Management and audit clients across the organization.
• Exhibits initiative and critical thinking to effectively challenge decisions made by the team.
• Exhibits an appropriate level of professional skepticism and encourages their team to do the same.
• Demonstrates and supports an attitude of continuous learning in applicable risk/functional areas (for themselves and their team, respectively).
• Shows initiative to identify and communicate any opportunities for improvement in execution of audits or IAD NY's methodology.

Proactively foster relationships with technology and business management design authority and/or implementation authority (as appropriate) to establish and maintain open and constructive dialogue. Forge strong partnerships with colleagues in other infrastructure and control functions including legal, compliance, data security and risk management to promote front-to-back collaboration across risk assessment and findings remediation. Partner with audit colleagues in other business verticals and/or geographies to share best practices and drive greater consistency. Seek out opportunities to engage with stakeholders outside of formal audit periods to drive deeper relationships.

Minimum 10 years IT Audit experience, at a bank or financial institution is required; in-depth understanding of business processes in at least three of the following: commercial banking; broker-dealer sales and trading; financial and regulatory reporting; AML and BSA; human resources and operations, is a must.

* Identifying and testing key risks and controls within applications is required, such as completeness and accuracy of input and update; interfaces; access controls and segregation of duties; application security scanning and familiarity with OWASP Top 10 guidance are required.The department is also expanding the use of data and analytics in various audit activities.

Responsibilities:

• The role requires the candidate to plan and perform internal audits over technology areas within SMBC's Americas Division, primarily focusing on application-specific risks and controls in integrated business audits, along with some exposure to infrastructure and cybersecurity audits.
• The individual is responsible for the supervision of respective audit team staff and day-to-day oversight and reporting of audit activities for assigned portfolio including: (i) execution of efficient, high quality, and timely audit reviews; (ii) issue validation, continuous monitoring, and annual risk assessments for Auditable Entities (AEs); and (iii) development of respective portfolio's audit plan.
• Defines, plans and schedules IT audit activities in support of business audits, to include internal controls in key technology risk areas to ensure compliance with internal policies, laws and regulations, and regulatory expectations (FFIEC and Supervision and Regulation letters).
• Manages timely and quality performance of (1) audit issue validation; (2) continuous monitoring activities; (3) annual risk assessment and audit planning.
• Provides supervision and on-the-job training to staff, to ensure audit execution is in line with IIA and other relevant standards, including completion of clear and concise audit work-papers and audit reports summarizing scope, methodology, and significant conclusions of audit procedures performed within prescribed timeframes.
• Coordinates audit activities with business audit management.
• Establishes and builds relationships with key IT and business stakeholders.
• Performs staff development and people management activities.
• Possesses strong project management skills with an ability to oversee multiple audits, issue validation, annual risk assessment, audit planning, and continuous monitoring and deliver within required deadlines.
• Can execute a variety of tasks and properly prioritize deliverables.
• Has excellent written and verbal communication skills to support and review the audit execution team's delivery of clear and concise workpapers and support effective interaction with IAD NY Management and audit clients across the organization.
• Exhibits initiative and critical thinking to effectively challenge decisions made by the team.
• Exhibits an appropriate level of professional skepticism and encourages their team to do the same.
• Demonstrates and supports an attitude of continuous learning in applicable risk/functional areas (for themselves and their team, respectively).
• Shows initiative to identify and communicate any opportunities for improvement in execution of audits or IAD NY's methodology.

Minimum 10 years IT Audit experience, at a bank or financial institution is required; in-depth understanding of business processes in at least three of the following: commercial banking; broker-dealer sales and trading; financial and regulatory reporting; AML and BSA; human resources and operations, is a must including:

• A good understanding of risks and controls within a technical environment is required, as well as the ability to clearly identify, document and test these controls; this team evaluates applications as part of an overall business process; the ability to identify and assess compensating controls (in the event of IT-related weaknesses) is desired.
• Bachelor's Degree is required, and CISA, CISSP, CIA and/or other relevant certifications is preferred.
• Identifying and testing key risks and controls within applications is required, such as completeness and accuracy of input and update; interfaces; access controls and segregation of duties; application security scanning and familiarity with OWASP Top 10 guidance are required. Knowledge of system development lifecycle (SDLC) and common frameworks, including agile development, is preferred.
• Understanding of common banking applications, including cloud-based, is preferred.
• Knowledge of data governance; records management; end user computing; and business continuity/operational resilience processes and techniques is desirable.
• Ability to multitask and work in a team environment is crucial.
• Ability to understand, interpret, and apply general and specific administrative and departmental policies and procedures, as well as applicable federal & state (CA and NY) laws and regulations is required.
• Overall understanding of audit techniques, internal controls, audit principles and ability to manage and execute audits, from planning to audit closing is required.
• Strong critical thinking, analytical and organizational skills.
• Strong oral and written communication skills, including ability to write clear and concise audit recommendations and reports.
• Working knowledge of Microsoft Office Suite (Outlook, Excel, Word, PowerPoint).

Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.

SMBC's employees participate in a hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process.

We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at accommodations@smbcgroup.com