MUFG Union Bank Operational Risk Management/Information Risk Management Due Diligence, Vice President in Charlotte, North Carolina
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018) with total assets of over $2.9 trillion (106.2 (JPY) as of March 30, 2018) and 150,000 colleagues in more than 50 countries. In the U.S., we’re 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that’s working to fulfill its vision to be the world’s most trusted financial group.
Reporting to the Head of Information Risk Due Diligence, the Due Diligence Vice President is responsible for supporting the implementation of information risk management (IRM) principles through the Second Line of Defense (SLoD) review and challenge of related First Line of Defense (FLoD) assessments for third-parties, technology projects and initiatives. Specifically, you will be responsible for liaising with FLoD stakeholders and the SLoD IRM assessment team to coordinate and conduct successful planning, execution and reporting of assessments using the information risk framework. You will work with other assessors to prepare and socialize final assessment reports. You will support the review and challenge of FLoD Risk and Control Self Assessments (RCSA).
You act as an SME and a key point of contact for the SLoD Information Risk Assessment team to coordinate and manage the SLoD IRM assessment activities
You coordinate and support the implementation of IRM principles through the review and challenge of the FLoD assessments of third-parties, projects/initiatives and RCSAs
You review and challenge various information risk related project activities performed by the FLoD
You conduct independent information risk assessments and reviews of third-parties and technology projects as needed
You report status and output of assessments to senior management
You work closely with the FLoD on the definition of action plans for risk issues identified during the reviews
You support the end-to-end lifecycle for the SLoD information risk findings management across all assessment types
You monitor and report ongoing remediation activities by the FLoD
You prepare related reports and metrics for the team
You support related regulatory matters
You will be responsible for effective stakeholder management and work across various parts of the organization
You communicate information risk matters to senior management
You assist in maintaining group-wide assessment documentation reporting
Bachelor's degree required
Certifications: 1 or more required - CRISC, CRVPM, CTPRP, CISSP, CISM, CISA
8 years related experience information risk management experience
You have SME level familiarity with tools from Shared Assessments (SIG, SCA/AUP) and SOC reports
Strong experience in reviewing third-party contract documents for technology products and services
Shown knowledge of third-party information risk/security assessments and IT project delivery lifecycles (e.g. Waterfall, Agile)
Shown knowledge of information risk management frameworks, policies and tools (GRC Archer, OpenPages)
Knowledge of the financial services industry and its regulations/laws
Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business
Understanding of respective industry standard methodologies (e.g., NIST, ISO, COBIT, OWASP, ITIL)
Understanding of technology infrastructure components, software development best practices and technology management processes
Knowledge of risk management policies, methods, standards, processes, governance models and industry standard risk analysis approaches
Knowledge of current industry trends in information risk management
Superior organization skills, strong MS Office skills along with strong verbal and written communication skills
Able to influence and collaborate well with internal and external partners
Able to communicate related policies, procedures and guidelines
Self-motivated and able to work with minimal supervision
The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.
We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.
A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it’s the bank’s policy to only inquire into a candidate’s criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.
Job: Risk & Compliance
Primary Location: NORTH CAROLINA-Charlotte
Schedule Full Time
Req ID: 10028612-WD