SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.
In the Americas, SMBC Group has a presence in the US, Canada, Ireland, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization’s extensive global network. The Group’s operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.
- This is a hybrid role, requiring the successful candidate to attend our Tralee office.
Role Description
The Patch Governance Specialist is responsible overseeing and managing a cross functional Vulnerability and Patch Management program across the Americas Division. The Patch Governance Specialist will oversee the process for identifying, assessing, and mitigating security vulnerabilities in systems and software, and ensuring timely application of security patches to protect against cyber threats and coordinating with IT and security teams to deploy patches. The Patch Governance Specialist is also responsible for monitoring and reporting on the technology patch compliance with the defined service level agreement and providing accurate metrics such as Key risk indicators and Key Performance indicators to senior management. The Patch Governance Specialist is responsible for validating all activities for vulnerability and patching are auditable by diligently working with all technology asset owner across the Americas Division to verify policies, standards, procedures, and controls are in place to meet SMBC’s regulatory, operational, audit and reporting requirements.
Role Objectives
- Vulnerability Assessment: Regularly scan systems and applications for known vulnerabilities using various tools.
- Patch Management: Develop and implement strategies for patching and updating software and systems to address identified vulnerabilities
- Prioritization: Determine the severity and potential impact of vulnerabilities to prioritize remediation efforts.
- Remediation: Apply patches, updates, and security configurations to address vulnerabilities.
- Incident Response: Assist in investigating and resolving security incidents involving vulnerabilities.
- Reporting and Compliance: Generate reports on vulnerabilities, their impact, and the status of remediation efforts, ensuring compliance with relevant standards and regulations.
- Communication and Collaboration: Communicate vulnerability findings and remediation recommendations to stakeholders, including technical and non-technical personnel.
- Policy Development: Contribute to the development and maintenance of vulnerability management policies, procedures, and playbooks.
- System Configuration: Configure systems to meet security best practices and minimize vulnerabilities.
- Testing: Support test plan development and perform system configuration testing to ensure patches and updates are deployed correctly.
-
Threat Intelligence: Stay informed about emerging threats and vulnerabilities to proactively address potential risks.
Qualifications and Skills
- Vulnerability Management Tools: Experience with tools like vulnerability scanners, patch management systems, and configuration management tools. (Rapid7, ServiceNow VR, Tanium, etc.)
- Operating Systems: Familiarity with various operating systems, such as Windows, Linux, and macOS.
- Networking: Understanding of network security principles and protocols.
- Security Best Practices: Knowledge of industry-standard security practices and frameworks such as FFIEC, NIST, and COBIT.
- Compliance Standards: Awareness of relevant security standards and regulations.
- Communication and Collaboration: Strong interpersonal and communication skills to work effectively with various teams.
- Data reporting and normalization within ServiceNow including ITAM and CMDB
Additional Requirements
D&I Commitment
Responsible for fostering a culture of diversity and inclusion, holding leaders accountable for creating an inclusive environment through awareness and practice of equity in recruiting, developing, and promoting diverse talent.
SMBC’s employees participate in a hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process.
We are an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, disability status, protected veteran status or any other characteristic protected by law. SMBC provides reasonable accommodations for employees and applicants with disabilities consistent with applicable law. If you need a reasonable accommodation during the application process, please let us know at [email protected].
