SLoD Information/Technology Risk Due Diligence - PMO, Vice President
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018) with total assets of over $2.9 trillion (106.2 (JPY) as of March 30, 2018) and 150,000 colleagues in more than 50 countries. In the U.S., we're 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that's working to fulfill its vision to be the world's most trusted financial group.
Working with the Head of Information Risk Due Diligence, the Due Diligence PMO Vice President is responsible for supporting various Second Line of Defense (SLoD) Information/Technology Risk Assessment activities including Project Management Support for in-scope assessments, building assessment pipeline and related reporting/socialization routines, periodically reviewing and challenging First Line of Defense (FLoD) technology project management and governance procedures as well as controls for compliance with the bank's Information Risk Management framework. Additionally, you will take a lead in managing data quality for assessment activities in the appropriate toolsets (GRC Tool, SharePoint, MS-Project and Excel). You will be a great teammate and a leader with vision contributing to further improvements of our Information Risk Assessment framework and services.
- You act as an Information/Technology Risk Project Management SME and a key point of contact for the SLoD Information Risk Assessment team to run the SLoD Information Risk assessment activities
- You review and challenge various information risk related project activities as well as Risk and Control Self Assessments (RCSAs) performed by the FLoD
- You work with assessors and their management team in building assessment plans and working across internal partners (from FLoD, SLoD and other business functions) to manage assessments per the plan
- You report status and output of assessments to senior management and other partners
- You work closely with the FLoD on the definition of action plans for risk issues identified during the reviews
- You contribute to further enhancing and maturing our SLoD Information Risk Assessment framework and services
- You maintain and improve assessment platform and related toolset (e.g. GRC Tool, SharePoint and Excel) through advance level of hands-on knowledge and detail oriented dedicated approach
- You support the end-to-end lifecycle for the SLoD information risk findings management across all assessment types
- You monitor and report ongoing remediation activities by the FLoD
- You prepare related reports and metrics for the team
- You support related regulatory matters and special projects
- You are responsible for the highest quality in your work
- You are a self-directed individual actively handling assessment pipeline, plans and related reporting
- You effectively manage partners and work across various parts of the organization
- You communicate information risk matters to senior management and other internal partners
- Assist in maintaining group-wide assessment documentation and reporting
- Bachelor's degree required
- Certifications: 1 or more required PMP, CRISC, CISM
- 8+ years related experience in running projects in information/technology risk domain
- You have SME level demonstrable experience and familiarity with Project Management Methodologies (e.g. Waterfall, Agile)
- Hands-on advanced level knowledge of Excel (Pivots, Data Connections and Scripting), SharePoint, MS-Project and GRC Tools (e.g. Archer)
- Shown knowledge of information risk management frameworks, policies and tools (GRC Archer, OpenPages)
- Familiarity of the financial services industry and its regulations/laws
- Understanding of control and risk management concepts and operational aspects of the information risk business
- Understanding of respective industry standard methodologies (e.g., NIST, ISO, COBIT, OWASP, ITIL)
- Understanding of technology infrastructure components, software development standard methodologies and technology management processes
- Knowledge of risk management policies, methods, standards, processes, governance models and industry standard risk analysis approaches
- Knowledge of current industry trends in information risk management
- Superb organization skills, detail oriented, strong MS Office skills along with strong verbal and written communication skills
- Able to influence and collaborate well with internal and external partners
- Able to communicate related policies, procedures and guidelines
- Self-motivated, enthusiastic and able to work with minimal supervision
The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.
We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.
A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.
Back to top