Head of Data Security - Director

SMBC•Charlotte, NC

1d•Hybrid

About The Position

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges. In the Americas, SMBC Group has a presence in the US, Canada, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd. Role Description Sumitomo Mitsui Banking Corporation is seeking an experienced professional who will be responsible for the leadership, development, and execution of our data security strategy within the overall Enterprise Information Protection Program (EIP). This senior role requires a deep understanding of cybersecurity, data security best practices, and regulatory compliance within the financial services industry. The successful candidate will oversee the implementation and management of policies, processes, and technologies to protect the bank’s sensitive information, ensuring compliance with all relevant regulations and industry standards. The Head of Data Security within EIP is responsible for safeguarding SMBC’s data from unauthorized access, use, disclosure, disruption, modification, or destruction. The role encompasses data encryption, access control, data classification and discovery and compliance with regulatory requirements, ensuring the confidentiality of SMBC sensitive information across the enterprise.

Requirements

Bachelor’s degree in information security, Computer Science, or a related field.
10+ years of experience in information security, data protection, or a related field, with at least 5 years in a leadership role within a regulated financial institution.
In-depth knowledge of data security standards, best practices, and regulatory requirements, particularly within the financial services sector.
Proven track record of developing and implementing enterprise-wide strategies.
Technical knowledge and hands-on experience with leading data security posture management tools such as Varonis (for data security and insider threat protection), and database encryption technologies, etc.
Experience with risk management, incident response, and data governance.
Demonstrated ability to lead and manage a team, with excellent interpersonal and communication skills.
Translates technical concepts into plain language to articulate business risks and suggests appropriate solutions.
Ability to plan, coordinate, and support security, technology and business needs in a fast-paced, rapidly changing environment at a strategic level.
Strong problem solving and analytical skills, with a proactive and results oriented approach to security.
Experience working in a highly regulated environment such as financial services.

Nice To Haves

Relevant certifications such as CISSP, CISM, CIPP, or equivalent are strongly preferred.

Responsibilities

Design and lead the overall strategy for data security, aligning it with SMBC’s business objectives and regulatory requirements.
Evolve data security policies and procedures, ensuring alignment with regulatory standards (e.g., NYDFS Cybersecurity Regulation, GDPR, CCPA).
Establish, lead and continuously evolve an operational function to manage the day-to-day ensuring a healthy data security posture. This includes overseeing the ongoing monitoring, management, and support of security processes, tools, and systems.
Identify, assess, and mitigate risks related to data security. Oversee risk assessments and security audits to ensure ongoing compliance and protection.
Manage, evolve and implement advanced security technologies and tools to enhance SMBC’s data security capabilities.
Oversee the deployment and management of encryption technologies to secure sensitive data at rest, in transit, and in use. Ensure encryption policies are effectively implemented across the organization.
Establish and maintain robust data governance frameworks, ensuring the proper classification, handling, and protection of sensitive information across the organization.
Ensure compliance with all applicable laws and regulations, including those specific to the financial services industry. Liaise with auditors and other stakeholders, as needed.
Work closely with other departments, including Data Governance, Data Privacy, IT, legal, compliance, and risk management, to ensure an aligned approach to data security.
Lead, mentor, and develop a high-performing team of data security professionals. Foster a culture of security awareness across the organization through training and awareness campaigns.