MUFG Union Bank Jobs

Mobile mufg Logo

Job Information

MUFG Union Bank Cyber Risk Associate, Assistant Vice President in Charlotte, North Carolina

Cyber Risk Associate, Assistant Vice President - 10043635-WD


Discover your next career opportunity at MUFG Union Bank, N.A., a member of Mitsubishi UFJ Financial Group (MUFG), the fifth-largest financial services company in the world. In the Americas, we are a community of 14,000 colleagues who go above and beyond to make a difference for every client and organization—and the world at large. Our culture emphasizes putting our values into action and developing positive relationships built on integrity and respect. As individuals, we listen to new and diverse ideas and collaborate toward greater innovation, speed, and agility. As a team, we take responsibility for the future by asking tough questions and owning the solutions. Want to make your voice heard and your actions count? Join us at MUFG.


  • Some MUFG roles require that individuals be fully vaccinated against COVID-19, subject to medical and/or religious exemptions, if applicable. Should you be selected for an interview, your recruiter will provide additional information._ Overview:

In this role you will focus on internal and external compliance requirements, activities, and deliverables to ensure that Operations & Technology meets regulatory and audit milestones. Responsibilities include collaborating with Operations & Technology colleagues to prepare or review content prior to submission and manage follow-up actions; tracking, escalating, and/or remediating risks and issues; and contributing to executive-level reporting.

A member of the Operations and Technology for the Americas (OTA) Risk & Controls Office (RCO), this role is a key member of a first line risk and controls team aligned to a specific OTA technology business. This individual works with other team members to partner with technology teams to drive effective risk and control management. The teams are responsible for assessing the technology risk and control environment, identifying improvement opportunities, reporting and monitoring key risk metrics and providing governance with respect to all risk and control matters.

Major Responsibilities:

  • Support implementation of information technology and information security control framework

  • Evaluate and benchmark technology process execution against outstanding standards. (COBIT, NIST - CSF 800-53, FFIEC etc.)

  • Support the execution of front-line controls self-assurance and risk assessment activities (ad hoc controls review, business process management (BPM), risk and control self-assessments (RCSA)) and independent risk and audit activities as needed

  • Contribute to controls design and efficiency to technology partners in support their commitments to align with all applicable laws, regulations, and internal policies and procedures

  • Implement remediation plans that adhere to issues management mandates: timely issue and corrective action submission, accurate root cause identification, corrective action monitoring, on time closure, no failed validations, and no repeat issue

  • Monitor and document emerging risk, internal operational trends, and external risk events for potential impact to control environment

  • Contribute to risk analysis and risk mitigation recommendations

  • Support technology risk governance by ensuring our control environment performance is reported in a timely manner

  • Support the preparation of risk and controls governance materials as needed

  • Facilitate and provide oversight of the issue management lifecycle, challenging the quality of new issues and performing validation activities on issues ready for closure

  • Support high priority technology related regulatory initiatives and remediation activities

  • Oversee and challenge technology metrics and reporting

  • Serve as a risk escalation point, to raise material concerns to the appropriate parties

  • Examine trends, develop insights, and collaborate on solutions to sustain and strengthen the control environment

  • Monitor and assess the implementation of internal controls, industry standards, policies and/or procedures, including the assessment, reporting, management, and mitigation of risk across the legacy, cloud, and third-party hosted technology environments

  • Participate in design of control testing and risk monitoring program

  • Participate in risk and control-related projects and initiatives focused on process enhancements, control assessment, and deep dives with various functional and business partners

  • Partner with the business to facilitate remediation of regulatory, audit, and self-identified risk and control issues

  • Engage with multiple stakeholders and collaborate with key business partners, risk management, and internal audit

  • Align to specific technology risk controls or business functions, as applicable, as well as identifying potential risks and developing protocols and controls to reduce or manage those risks



  • Degree in computer science or related field, or in business or finance with coursework or working experience in areas of risk and/or data analytics, or typically requires a BA or BS degree

  • 4 years of experience in a risk & control or audit function, and compliance function.

  • 4 years of experience preferably in a financial institution or other highly regulated environment in technology infrastructure, technology risk management role or equivalent or related field.

  • Experience with executing technology and or information security risk assessment/testing methodologies evaluating the adequacy and efficiency of internal controls; and identifying issues resulting from internal and or external compliance examinations

  • Experience with risk metrics definition and reporting/scorecard development utilizing key risk metrics tools (IBM Open Pages, Tableau, structured query language (SQL), Access etc.

  • Knowledge and implementation experience with industry best practices and frameworks such as: Committee of Sponsoring Organizations of the Treadway Commission (COSO), COBIT, National Institute of Standards and Technology (NIST CSF)-800-53, and ITIL in complex environment

  • Knowledge of critical domestic and international banking regulations (Reg W, Basel II, Federal Financial Institutions Examination Council (FFIEC), General Data Protection Regulation (GDPR), etc.)

  • Familiarity with U.S. regulatory, compliance, and governance

  • Understanding of risk management, including experience executing risk assessments, testing and evaluating processes and controls

  • Demonstrable experience with and knowledge of regulations applicable to the banking and finance industry a plus

  • Excellent communication, presentation, and influencing skills and ability to manage stakeholders across multiple disciplines

  • Excellent analytical, organizational, and conceptual skills

  • Strong work ethic, ability to make decisions and work under tight deadlines; achievement-oriented and takes initiative

  • Strong project management skills; includes an ability to independently drive work, and pragmatically solve problems

  • Preferred: professional certifications such as Certified Information System Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Manager (CISM), Certified in the Governance of Enterprise Information Technology (CGEIT), Certified Information Systems Security Professional (CISSP), Information Technology Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (COBIT), etc.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.

A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.

Job : Technology

Primary Location : NORTH CAROLINA-Charlotte

Other Locations : ARIZONA-Tempe

Job Posting : Jun 15, 2021, 2:01:25 PM

Shift: : Day

Schedule: : Full Time

Req ID: 10043635-WD