SMBC is a major international bank with a leading position in the Loan Capital Markets / Syndications, Global Markets and Treasury, Corporate Banking, Project Finance, Financial Institutions and Sponsored / Leverage Finance markets. Reporting to the Head of Security Management, this position will deliver a highly effective and efficient Security Management (SM) framework for SMBC Sydney Branch. The responsibilities of the role will be to support our regulatory compliance, control testing and audit processes. This role will focus on assessing, testing, and ensuring compliance with internal and external security controls, with an emphasis on regulatory standards (e.g., CPS234 and financial related regulations).

THIS POSITION WILL BE RESPONSIBLE FOR BUT NOT LIMITED TO THE FOLLOWING:

• Conduct internal audits and control testing to ensure compliance with relevant regulations and standards (e.g., CPS234, SOX, RBA, AusPayNet).
• Test and evaluate the effectiveness of security controls and processes against established regulatory requirements.
• Act as a liaison with auditors to provide clarity on security controls and assist with audit findings.
• Track audit findings and collaborate with stakeholders to resolve identified issues.
• Assist in the development, review, and maintenance of security policies, procedures, and standards.
• Stay updated with the latest regulatory changes, industry trends, and best practices in information security.
• Provide insights into regulatory developments and potential impacts on the organization.
• Collaborate with IT, legal, and other departments to enhance security awareness and foster a culture of compliance.
• Help drive improvements in security posture based on audit findings and control tests.

TO SUCCEED IN THIS ROLE, YOU WILL HAVE:

• 5 + years of experience in information security, risk management, IT Audit or compliance-related roles.
• Sound understanding of the banking and regulatory environment with working knowledge and experience in a bank, financial services company.
• Hands-on experience with regulatory frameworks (e.g., NIST, ISO 27001, CPS234, SOC 2) and auditing methodologies.
• Experience in performing control testing, risk assessments, and gap analysis.
• Strong understanding of security frameworks, risk management processes, and regulatory requirements.
• Experience with security tools and technologies (e.g., SIEM, vulnerability management tools).
• Attention to detail and the ability to work with complex documentation and regulatory requirements.
• Strong analytical, communication and interpersonal skills and ability to “think outside the square”.

Certifications (Preferred):

• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Systems Control (CRISC)