Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 7th largest financial group in the world. Across the globe, we’re 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
This is a hybrid position. The selected colleague will work at an MUFG office or client sites up to four days per week and work remotely the remaining day(s). A member of our Talent Acquisition team will provide more details.In this role you will focus on implementing frameworks designed to identify, evaluate, and manage technology-related risks and controls across the company or a particular business or function. Responsibilities include collaborating with Technology and Risk & Controls Office (RCO) colleagues to prepare or review content prior to submission and manage follow-up actions; tracking, escalating, and/or remediating risks and issues; and contributing to executive-level reporting. Conduct and lead risk and control self-assessment (RCSA), process, risk, and control compliance, issues management, and other risk policies, standards, and processes.
As a RCO member of Information Technology for the Americas (ITA), this role is a key member of a first line risk and controls team aligned to a specific ITA technology business. You will document and execute risk and control assessments across processes related to Technology functions. There is a comprehensive coverage and joint accountability model that promotes early identification and assessment of operational and technology risk, effective design and evaluation of controls, and sustainable solutions to mitigate operational and technology risk. You will work with other team members and partner with technology teams to drive effective risk and control management.
RESPONSIBILITIES
As a Controls officer, support the execution and documentation of RCSA, Risks and Controls, and Issues & Findings across technology and First Line of Defense (FLoD) business units
RCSAs are properly administered and maintained in the GRC tools (OpenPages, Archer)
Provide advice and guidance to the 1st Line to ensure identification, assessment and consistent management of Operational (ORM) and IT system risks (including RCSA)
Support the execution of front line controls self-assurance and risk assessment activities (ad hoc controls review, business process management (BPM), risk and control self-assessments (RCSA) and independent risk and audit activities as needed
Partner with stakeholders, including process owners and control officers, to document controls, enhance control language, and validate controls are being performed in compliance with bank policies, procedures, and regulatory requirements to mitigate technology risk to the firm
Execute testing of RCSA and controls based on internal and industry standards and guidelines for design and effectiveness
Participate in technology walkthroughs for controls and prepare meaningful documentation (including risk assessment, process flows)
Provide project management support in tracking and coordinating the execution of policy and standards RCSA execution activities
Liaise with risk assessment team and other stakeholders to ensure execution activities are in alignment
Create synergies by identifying opportunities to improve monitoring and governance on execution activities
As an Issues Manager, develop and distribute status reporting and communication related to issues and findings
Implement remediation plans that adhere to issues management mandates: timely issue and corrective action submission and monitoring, accurate root cause identification, on time closure, no failed validations
Provide ongoing communication to internal stakeholders throughout the RCSA and issues management lifecycle to keep them apprised of progress and findings, escalating when appropriate
Facilitate and provide oversight of the issue management lifecycle, challenging the quality of new issues and performing validation activities on issues ready for closure
Prepare written reports that summarize the objectives, scope, findings, and conclusions for each assigned issue or finding
Support iterative review and challenge of assessment results, working with appropriate stakeholders across the lines of defense
Work collaboratively with risk and control team to execute against technology risk governance procedures
Coordinate required meetings, reviews, and walkthroughs
Prepare materials for ongoing team meetings and meetings with senior management
QUALIFICATIONS
Bachelor's degree in computer science, information systems, technology management, or equivalent preferred
Preferred: degree from a competitive school, demonstrating a strong academic and extracurricular track record
Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC)
5-6 years of experience in IT risk and controls
2-5 years of experience in IT risk and controls performing audit and control checks or implementation of control measures
At least 2 years of actual programming experience in creating complex queries using structured query language (SQL)
5+ years of experience preferably in a financial institution or other highly regulated environment in technology infrastructure, technology Risk Management role or equivalent or related field
Preferred: "Big Four" IT audit experience, Professional in Project Management (PMP), Six Sigma Black Belt or Green Belt professional certifications
Experience with process documentation, risk and control assessments
Understanding of the regulatory environment and regulations related to technology risk, and Office of the Comptroller of the Currency (OCC) and Federal Reserve Board (FRB) expectations
Experience with problem solving in a team environment by thinking outside of the box and providing innovative solutions, with and without technology
Experience in working with multiple IT risk and control domains
Working knowledge of unit testing, continuous integration (CI)/continuous delivery (CD)
Combined experience in IT external audit, IT internal audit and technology risk for compliance with Sarbanes-Oxley (SOX)
Experience working in a full software development lifecycle using Agile project delivery
Understanding of Risk Management, including experience executing risk assessments, testing and evaluating processes and controls
Preferred: knowledge in technology areas including, but not limited to: SDLC, Application Development and general IT concepts
Preferred: experience in a project management role
Preferred: Experience using GRC tools (Open Pages, Archer)
Excellent social skills and ability to work in a matrixed environment
Excellent interpersonal skills, building relationships with Risk and Compliance functions is key in this role
Strong communication and presentation skills; ability to explain a complex topic in a structured and clear manner
The typical base pay range for this role is between $80K–$100K depending on job-related knowledge, skills, experience, and location. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays.
For more information on our Total Rewards package, please click the link below.
MUFG Benefits Summary
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.We are proud to practice affirmative action to diversify our workforce by engaging in the targeted recruiting of under-represented groups and are firmly committed to equal employment opportunity and to fully complying with Federal, State, and local laws that prohibit employment discrimination on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.
#LI-Hybrid