Associate Network Security Engineer

We accept only local candidate. Description: SMBC is seeking a 1st Line of Defense GRC Specialist at the Associate level who has a strong passion for Information Security risk management and is interested in building a career at a fast-growing reputable bank. As an Associate within GRC, you will play a vital role in protecting SMBC s information assets by conducting comprehensive risk assessments, collaborating with stakeholders, and driving process improvements. Reporting to the Head of Security Risk Assessments, you will help shape the bank s security risk management practices and ensure compliance with internal and external standards. Core Responsibilities:

• Perform information security risk assessments for new and existing SaaS and cloud-based solutions, client initiatives, and regulatory-driven requests.
• Review and assess thirdparty security postures by analyzing SOC 1 and SOC 2 reports, ISO 27001 certifications, penetration test summaries, SIG responses, and security questionnaires.
• Evaluate SaaS architectures, data flows, and hosting models, with particular attention to data protection, encryption, identity and access management, logging, and monitoring.
• Identify control gaps, assess both inherent and residual risk, and partner with stakeholders to define practical mitigation strategies or compensating controls.
• Translate technical and operational risks into clear, businessfocused language that resonates with both technical and nontechnical audiences.
• Collaborate regularly with IT, business, risk, and compliance teams to support timely, wellinformed decision making.
• Support remediation efforts by tracking open issues, validating responses, and documenting outcomes through established governance processes.
• Stay current with information security policies, standards, and procedures, and help stakeholders understand how changes may impact risk assessments.
• Contribute to the ongoing improvement of risk assessment processes, templates, and tooling.

Do you have experience in System risk assessment (security system operation)?, * 2 3 years of experience in banking, financial services, or another highly regulated environment.

• Hands-on familiarity with cloud service providers such as AWS, Azure, or Google Cloud Platform, and an understanding of how SaaS applications are built on cloud infrastructure.
• A solid foundation in information security principles, risk assessment concepts, and control-based evaluations.
• Working knowledge of common security and regulatory frameworks, including NIST, NYDFS Cybersecurity Regulation, GLBA, ISO 27001, NIST CSF, and data privacy regulations such as CCPA/CPRA.
• Basic understanding of enterprise systems, operating systems, databases, identity and access concepts.
• Strong written and verbal communication skills, with the ability to explain security risk clearly and concisely.
• Comfortable working independently while also collaborating effectively across technical and business teams.
• Well-organized, detail-oriented, and able to manage multiple assessments and competing priorities.
• A strong sense of ownership and follow-through.
• Ability to track and maintain risk assessment data and metrics using tools such as Microsoft Excel, Jira, or similar platforms.

Preferred / Nice to Have Experience:

• Supporting thirdparty or vendor risk management programs.
• Exposure to GRC platforms or security risk assessment tools.
• Experience reviewing and interpreting SOC reports.
• Current or in progress security certifications (e.g., CompTIA Security+, CompTIA Cloud+, AWS, Azure, Google Cloud Platform, CCSP, CRISC).