Assistant Vice President - Information Risk Assessments

Description

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018) with total assets of over $2.9 trillion (106.2 (JPY) as of March 30, 2018) and 150,000 colleagues in more than 50 countries. In the U.S., we're 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that's working to fulfill its vision to be the world's most trusted financial group.

Job Summary

Reporting to the Information Risk Assessment - Process Director, the Testing Assistant Vice President is responsible for testing the design and operating effectiveness of information risk controls applicable to various technology processes. The Testing Assistant Vice President is also responsible for review and challenge of first line control testing activities.

Major Responsibilities:

Specifically:

  • Operates the risk control testing program for IT processes
  • Implements testing processes for critical IT controls
  • Performs review and challenge of front line unit risk controls testing activities and risk assessments
  • Executes sample based testing of front line unit risk controls
  • Performs independent review and challenge of risk control remediation action plans and remediation activities
  • Prepares reports of assessment and review and challenge results for remediation tracking
  • Performs independent review and challenge of front line unit mitigation strategies
  • Supports the definition of front line unit risk controls as it relates to IT processes

Generally:
  • Stakeholder management and working across various parts of the organization
  • Communicates information risk matters to team leadership


Qualifications

Additional Information:
  • Bachelor's Degree or equivalent work experience preferred
  • At least one security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP)
  • 3+ years of related experience
  • Knowledge of information risk governance framework / policies / procedures / standards / controls, and mitigation strategies
  • Knowledge of the financial services industry and its regulations / laws
  • Understanding of control and risk management concepts including control testing, risk assessments, RCSA
  • Understanding of respective industry best practices (e.g., NIST, ISO, COBIT, OWASP, ITIL)
  • Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches
  • Knowledge of current industry trends in information risk management
  • Strong MS Office skills along with strong verbal and written communication skills
  • Able to collaborate well with internal and external stakeholders
  • Able to be a subject matter expert on review and challenge processes, information risk governance framework / policies / procedures / standards / controls, and mitigation strategies

The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified .

We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.

A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.


    Back to top