Controls Assurance & Advisory (CAA) SOX Analyst-IT Controls


Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018). In the Americas, we're 13,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, developing positive relationships built on integrity and respect. It's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. We're a team that accepts responsibility for the future by asking the tough questions and owning the solutions. Join MUFG and be empowered to make your voice heard and your actions count.

Job Summary

The position requires a driven and proactive individual with experience in IT external audit support for SOX, and SOC and is responsible for detailing and executing the program plan for Internal Controls over Financial Reporting (ICFR) and for Regulatory Reporting (ICRR) for the Controller and Tax Services (CTS) Department - specifically Information Technology General Controls (ITGCs) and application automated controls.

Major Responsibilities:

  • Participates in planning and prioritization of IT controls both ITGC and automated application controls.
  • Leads technology walkthroughs for IT general controls and application controls and prepares meaningful documentation
  • Executes testing of IT general controls and application controls based on internal and industry standards and guidelines.
  • Reviews and assesses impact from issues raised by various partners, both internal and external.
  • Based on mentorship of IT Audit Manager, distributes work to teams in multiple geographical locations while maintaining ultimate ownership of the final work product.
  • Problem solves and steps in to complete work to meet critical deadlines. Conducts root cause analysis, compensating and mitigating controls, and impact analysis.


You will have all or most of the following skills and work experience with:
  • Bachelor's Degree in computer science and or technology management; CIA, CISA, CISSP or similar certification desired.
  • 5+ years of Experience in IT risk and controls space. Combined experience in IT external audit, IT internal audit, and Technology Risk and / or ITGC assessment for compliance with SOX.
  • Professional services experience and large banking experience desired.
  • You have experience in collaborating with business process teams and appreciative understanding of front, middle and back office processes.
  • You have designed and executed testing for ITGCs. Key focus on Access Management (with related experience in Privileged Access Management and Identity and Access Management), and Change Management (with related experience in Agile and DevOps methodologies, and Change Management Preventive/Detective Controls)
  • You possess a deep understanding and experience evaluating and testing automated application controls with related experience and understanding of banking products, business processes and key regulatory changes.
  • There will be an opportunity to work on large teams cross functionally.
  • Collaborate with Internal and external auditors across different levels of seniority.
  • Experience working with both applications and infrastructure supporting financial reporting processes.
  • You have prior experience reviewing and evaluating SOC reports and service provided by third party vendors.
  • You are a strong presenter with a good working knowledge of Microsoft Office applications; strong PowerPoint and Visio skills.

The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified .

We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.

A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.

Back to top