Sumitomo Mitsui Banking Corporation
Receive alerts when this company posts new jobs.
Information Security & IT Risk Engineer
at Sumitomo Mitsui Banking Corporation
- Career Category
- Information Technology
- Position ID
- 2019-0351 and 2019-0428
- Corporate Title
SMBC Capital Markets, Inc. is a market maker for swaps, including interest rate, currency and commodity swaps and related derivative products, headquartered in New York as a wholly-owned subsidiary of SMBC. SMBC Capital Markets, Inc. was provisionally registered as a swap dealer with the Commodity Futures Trading Commission on December 31, 2012. Our business works in close collaboration with SMBC Nikko Capital Markets, Capital Markets Limited in the UK, and SMBC Capital Markets Asia, Ltd in Hong Kong to provide global coverage to SMBC’s corporate, institutional, and project clients. Capital Markets maintains its own middle and back-office functions, including Risk Management, Compliance, Systems, Finance, and Operations.
The Information Security & IT Risk Engineer will be responsible for ensuring that IT security systems are configured, deployed, and maintained in accordance with polices and standards. This position requires participation in technical research and development to enable continuing innovation for security and IT risk management. The candidate will be responsible for monitoring regular vulnerability scanning and penetration testing, and will participate in incident response and investigations.
Focus on cybersecurity solutions and ways to protect the firm from virus and malware vulnerabilities.
Develop and maintain IT Risk log analysis solutions, including data collection and aggregations, data normalization, and reporting.
Review and analysis of long-term comprehensive security data from a wide variety of sources.
- Assist with project management and will be responsible for the devel opment and management of ongoing Information Security and Corporate Governance training programs. They will develop and maintain a secure forum for all Information Security related activities.
- Responsible for following established guidelines and identifying and resolving problems.
- Contribute to work flow or process change and redesign, and to form a strong basic understanding of the specific product or process; May also be accountable for regular reporting or process administration as owner.
- Coordinate and perform security audits and vulnerability assessments to assess internal security procedures and compliance requirements.
- Work with relevant internal IT Application, Infrastructure, Network and Support teams to ensure that security controls are implemented at all significant and relevant phases of all IT processes.
- Ensure that the IT systems are compliant with applicable regulations, group policies, codes and industry guidance, e.g. performing gap analyses between standards such as SANS Top 20, NIST 800-53, ISO 27001, and the SMBC Information Security Framework.
- Where gaps are identified, assist in implementation of controls.
- Collate and quality assure data provided to other departments such as Risk Management and Internal Audit.
- Review security event log data and investigate anomalies.
- Perform monitoring activities and risk assessments.
- Respond to, and where appropriate, resolve or escalate reported security incidents.
- Management of security related events and tracking of remediation process.
- Implement and support information security solutions including security architectures, change/configuration management, and the integration of security products as needed.
- Develop and maintain documentation for security systems and procedures and processes. Develop security awareness training for new employees.
- Participate in information security working groups.
- Perform testing to evaluate new products for network and system security controls.
- Maintain logging and monitoring standards, technical investigative techniques and reporting.
- Maintain project scheduling and task follow on security initiatives.
- 7+ Years of Experience
- Strong expertise with the following technologies and solutions at a minimum:
- Cybersecurity solutions and protection
- Identity and Access Management
- Endpoint Security
- Privileged Management
- IT Risk Assessments
- IT Risk and Security Training
- Next Generation Firewalls
- Next Generation End Point Detection
- Vulnerability Scanning
- Threat Hunting
- Web and Email Security
- System vulnerability tools
- Security monitoring tools
- Application security risk assessment tools
- Performing gap analyses within different environments coupled with an in depth understanding of regulatory guidelines as well as standards and best practices related to ISO and NIST.
- Able to follow priorities set by management
- Strong ability to deliver on time
- Strong ability to deliver quality
- Ability to multi-task and work on several projects at the same time.
- Ability to translate business requirements into technical solutions
- Ability to analyze vulnerabilities within the internal infrastructure and oversee timely remediation.
- Strong ability to recognize and remediate issues within the internal infrastructure.
- Ability to communicate information security concepts across a broad range of technical & non-technical staff.
- Strong verbal and written communication skills.
- Ability to adapt information delivery based on audience.
- Ability to work in a fast paced environment.
- Good influencing, relationship and stakeholder management skill
One of the following certifications is a plus - SSCP, CISM, CISA, or CISSP.
Weekend and night work may be needed at times based on project, support, and business needs.