GRC Manager - Associate

Role Description

This role serves as SMBC Americas Division Information Security’s Product Specialist for the organizational GRC platform (SAI
360), responsible for the design, configuration, and continuous improvement of integrated governance, risk, and compliance capabilities.

The SAI
360 platform supports core GRC functions including risk management, controls management, assessments, issue management, and regulatory compliance. This role will partner with business, risk, and technology stakeholders to translate regulatory and operational requirements into scalable system configurations and workflows. This role also contributes to the standardization of control frameworks, risk taxonomies, and regulatory mappings to support consistent reporting and regulatory alignment across regions.

The Product Specialist is responsible for ensuring Information Security modules are effectively configured, integrated with upstream and downstream systems, and support efficient, audit‑ready processes.

The Product Specialist delivers configuration, design, and support services for SAI
360 users across Information Security and broader control functions.

Key responsibilities include:

• Module Design, Configuration, and Maintenance: lead and facilitate configuration design workshops with business, risk, and technology stakeholders.
• Translate business, regulatory, and control requirements into functional design specifications.
• Collaborate with the GRC Technology team to identify, configure, and enhance Information Security’s modules within SAI
  360 to improve functionality and user experience of GRC processes.
• Ensure the configurations and workflows within Information Security’s modules align with SMBC control standards, regulatory obligations, audit expectations and optimize end‑to‑end GRC workflows (risk assessments, control testing, issue management, regulatory mapping).
• Support platform governance, including documentation, standards, and controls over system changes (e.g., JIRA) in collaboration with the GRC Technology team.
• Design and configure dashboards and reports using SAI
  360‑integrated PowerBI capabilities to support risk, compliance, and management reporting.
• Ensure data integrity, completeness, and auditability within Information Security’s modules.
• Support user acceptance testing (UAT) and defect resolution.
• Coordinate releases and enhancements in alignment with GRC Technology’s change management processes.
• Ensure proper documentation and traceability of changes to support audit and regulatory review.
• Serve as the primary point of contact for Information Security stakeholders interacting with SAI
  360 across business and control functions.
• Support Information Security module owners with the development and provision of training and guidance to end users, control owners, and administrators.

• 2+ years of experience configuring or maintaining enterprise GRC platforms (e.g., SAI
  360, Service Now, Archer).
• Experience with data visualization tools (e.g., Power BI, Tableau) for risk and compliance reporting.
• Working experience with a change ticketing system (e.g., JIRA, Service Now).
• Understanding of information/cyber security governance, risk management, and compliance (GRC) processes.
• Strong stakeholder engagement and communication skills across technical and non‑technical audiences.
• Strong attention to detail with focus on data integrity and audit readiness.

Preferred Qualifications:

• Experience supporting information security / cybersecurity GRC, risk management, internal audit, or regulatory compliance.
• Experience working in financial services or a highly regulated environment.
• Exposure to control libraries, risk taxonomies, and regulatory mapping.
• Experience with workflow automation and integration (e.g., APIs, Power Platform).
• Familiarity with regulatory expectations for information security in financial services (e.g., NYDFS Part 500, SEC, FFIEC Handbooks).
• Working knowledge of cybersecurity control frameworks (e.g., NIST CSF, NIST 800‑53, CRI Profile, ISO 27001).

SMBC’s employees participate in a Hybrid workforce model that provides employees with an opportunity to work from home, as well as from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process. Hybrid work may not be permitted for certain roles, including, for example, certain FINRA‑registered roles for which in‑office attendance for the entire workweek is required.

SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know at