IT Risk Manager - Information Technology - Assistant Vice President (m/w/d)
Frankfurt, HE, DE, 60311
SMBC: A trusted partner for the long term
Here at SMBC Group, we want to help you find the next step in your career so read on to discover if this opportunity is the one for you. We like to recognise potential in our people, so we welcome your application even when your experience doesn’t perfectly align with the job description. Whilst we’ll always strive to be better, we’re proud of our inclusive culture, and encourage our applicants and colleagues to be their authentic, unique selves.
Who we are
United by a sense of purpose towards our customers – to be a trusted partner for the long-term – and our universal banking platform in EMEA, SMBC Group has an international growth agenda and award-winning products, meaning we provide exciting opportunities to work on a diverse range of projects and initiatives.
We deliver a full suite of corporate finance products and solutions to our customers as well as investment banking and advisory services, and a range of innovative solutions in global capital markets.
Read on to find out how you could enhance your skills and gain valuable experience, by joining us to support our clients transition to a sustainable future.
Role Summary
Is the next step in your career at SMBC Group EMEA? We’re looking for a IT Risk Manager for our ITSD EU department to join our team.
The IT Risk Manager is a First Line of Defence role responsible for owning and managing technology and cyber risk across EU AG.
The role sits within Technology and Cyber and ensures risks are identified, assessed, managed and remediated in line with internal frameworks and EU regulatory requirements.
As a 1LOD role, the IT Risk Manager is responsible for the design, operation and remediation of controls rather than independent oversight or challenge.
The role embeds effective risk management, governance and reporting within day-to-day Technology and Cyber activities.
The role also supports EMEA technology and cyber risk initiatives, driving consistency and alignment across the region.
In addition, the role coordinates regulatory and audit responses, ensuring EU AG meets its obligations across Germany, France and Belgium.
The anticipated annual salary range for this role is 64,000 - 96,000 €, with the final offer determined based on the candidate’s skills, experience, role scope, location, and relevant market factors. In addition to base salary, the role may be eligible for a discretionary incentive award and a competitive benefits package, including core benefits such as pension provision.
Business Area
The role role sits within the EU AG Technology and Cyber organisation as part of the First Line of Defence, with direct responsibility for managing IT and cyber risk.
It supports the ongoing development of the EU AG risk and control environment, ensuring risks are effectively managed in line with EU regulatory expectations.
The role works closely with EMEA Technology and Cyber Risk teams to ensure alignment with regional frameworks and initiatives.
It also interfaces with Group and Second Line teams to maintain alignment with enterprise risk standards.
The role is key to supporting regulatory engagement, audit readiness and the implementation of DORA and wider ICT risk requirements.
Position Description
Accountabilities & Responsibilities
First LOD Risk Ownership and Management
- Own the identification, assessment and management of IT and cyber risks across EU AG
- Maintain the technology and cyber risk profile, ensuring risks are accurately assessed and actively managed
- Embed risk management practices within Technology and Cyber teams as part of day to day operations
- Drive remediation activities to address control gaps, ensuring delivery against agreed timelines
Control Framework and Operation
- Design, implement and operate technology and cyber controls in line with SMBC standards
- Ensure controls are effective, documented and operating as intended
- Support control testing and evidence gathering to demonstrate control effectiveness
- Maintain traceability between risks, controls, issues and remediation actions
Regulatory Compliance and DORA
- Own the coordination and delivery of responses to EU regulators across IT and cyber risk topics
- Ensure compliance with ECB and EBA expectations and applicable local regulatory requirements
- Support the interpretation and implementation of DORA requirements within EU AG
- Track regulatory commitments and ensure delivery with a clear audit trail
Audit and Issue Management
- Own and coordinate responses to internal and external audits impacting EU AG
- Ensure timely provision of complete and accurate audit evidence
- Manage audit findings, ensuring remediation plans are defined, tracked and delivered
- Drive sustainable closure of issues and reduction of repeat findings
Governance and Reporting
- Operate IT and cyber risk governance forums across EU AG
- Produce regular risk reporting for senior management and key stakeholders
- Provide clear visibility of risk exposure, control effectiveness and remediation progress
- Escalate material risks and issues in line with governance requirements
Knowledge, Skills, Experience & Qualifications
- Strong experience in IT risk and cyber risk within a First Line role
- Proven experience owning and managing risks and controls within Technology or Cyber functions
- Strong understanding of EU regulatory requirements including ECB, EBA and local regulators
- Practical knowledge and experience of DORA and ICT risk management
- Experience managing regulatory interactions and audit responses
- Strong understanding of control frameworks and operating effectiveness
- Experience supporting regional or cross entity risk initiatives across EMEA
- Strong stakeholder management and communication skills
Competencies
What we offer
For all the expertise and experience you bring to help us make a difference, it’s only sustainable if we support you to build your career and be your best self so we offer competitive company benefits, centred around promoting positive well-bring and work-life balance. We also believe in fostering a diverse and inclusive work environment, where all team members perspectives and contributions are valued. Initiatives in place which promote a diverse and inclusive culture and healthy work life balance include hybrid working, Sport & Social Clubs and Diversity and Inclusion networks.
As an employee of SMBC you have access to a host of both useful and exciting benefit offerings. See below some of the benefits on offer to you:
- Hybrid and flexible working
- Competitive paid leave days
- Benefits to support your physical wellbeing, including private medical insurance
- Various policies to support your mental wellbeing, including a robust behavioural health network with counselling and coaching services
- Access a wide range of learning and development opportunities and career progression opportunities
- Ambitious remuneration package
So, if you like a challenge and want to continuously grow and develop in a role where you will be supported along the way by a dynamic and diverse team, apply today!
We recognise our role as a bank to support social change and welcome all applications, including those from groups often under-represented in financial services. We value the uniqueness of professional and personal, backgrounds and perspectives as they play a vital role in continuing the sustainable growth of our organisation. We’ll ensure reasonable adjustments to our recruitment process are offered due to a disability or long-term condition whenever requested.
We are committed to transparent and equitable pay practices. Compensation is determined using objective criteria, including skills, experience, and role responsibilities, and applied consistently throughout our recruitment processes. We do not request candidates' pay history and are committed to preventing unjustified pay disparities.