MUFG Union Bank Jobs

Mobile mufg Logo

Job Information

MUFG Union Bank Operational Risk Management/Information Risk Management Due Diligence, Vice President in Charlotte, North Carolina

Description

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018) with total assets of over $2.9 trillion (106.2 (JPY) as of March 30, 2018) and 150,000 colleagues in more than 50 countries. In the U.S., we’re 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that’s working to fulfill its vision to be the world’s most trusted financial group.

Job Summary

Reporting to the Head of Information Risk Due Diligence, the Due Diligence Vice President is responsible for supporting the implementation of information risk management (IRM) principles through the Second Line of Defense (SLoD) review and challenge of related First Line of Defense (FLoD) assessments for third-parties, technology projects and initiatives. Specifically, you will be responsible for liaising with FLoD stakeholders and the SLoD IRM assessment team to coordinate and conduct successful planning, execution and reporting of assessments using the information risk framework. You will work with other assessors to prepare and socialize final assessment reports. You will support the review and challenge of FLoD Risk and Control Self Assessments (RCSA).

Major Responsibilities

  • You act as an SME and a key point of contact for the SLoD Information Risk Assessment team to coordinate and manage the SLoD IRM assessment activities

  • You coordinate and support the implementation of IRM principles through the review and challenge of the FLoD assessments of third-parties, projects/initiatives and RCSAs

  • You review and challenge various information risk related project activities performed by the FLoD

  • You conduct independent information risk assessments and reviews of third-parties and technology projects as needed

  • You report status and output of assessments to senior management

  • You work closely with the FLoD on the definition of action plans for risk issues identified during the reviews

  • You support the end-to-end lifecycle for the SLoD information risk findings management across all assessment types

  • You monitor and report ongoing remediation activities by the FLoD

  • You prepare related reports and metrics for the team

  • You support related regulatory matters

Generally:

  • You will be responsible for effective stakeholder management and work across various parts of the organization

  • You communicate information risk matters to senior management

  • You assist in maintaining group-wide assessment documentation reporting

Qualifications

  • Bachelor's degree required

  • Certifications: 1 or more required - CRISC, CRVPM, CTPRP, CISSP, CISM, CISA

  • 8 years related experience information risk management experience

  • You have SME level familiarity with tools from Shared Assessments (SIG, SCA/AUP) and SOC reports

  • Strong experience in reviewing third-party contract documents for technology products and services

  • Shown knowledge of third-party information risk/security assessments and IT project delivery lifecycles (e.g. Waterfall, Agile)

  • Shown knowledge of information risk management frameworks, policies and tools (GRC Archer, OpenPages)

  • Knowledge of the financial services industry and its regulations/laws

  • Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business

  • Understanding of respective industry standard methodologies (e.g., NIST, ISO, COBIT, OWASP, ITIL)

  • Understanding of technology infrastructure components, software development best practices and technology management processes

  • Knowledge of risk management policies, methods, standards, processes, governance models and industry standard risk analysis approaches

  • Knowledge of current industry trends in information risk management

  • Superior organization skills, strong MS Office skills along with strong verbal and written communication skills

  • Able to influence and collaborate well with internal and external partners

  • Able to communicate related policies, procedures and guidelines

  • Self-motivated and able to work with minimal supervision

The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.

We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.

A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it’s the bank’s policy to only inquire into a candidate’s criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.

Job: Risk & Compliance

Primary Location: NORTH CAROLINA-Charlotte

Schedule Full Time

Shift Day

Req ID: 10028612-WD

DirectEmployers