Discover your opportunity with Mitsubishi UFJ Financial Group, Inc. (MUFG), one of the world's largest financial groups, with total assets of approximately $2.8 trillion (as of December 2017) and about 150,000 colleagues in more than 50 countries. In the U.S., we're more than 14,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that's working to fulfill its vision to be the world's most trusted financial group.
The Associate/AVP, Risk Assessment Support reports to the Head of Information Risk Due Diligence and is responsible for supporting various risk assessment planning, execution and reporting activities. You will demonstrate a background in Information Security and technology processes to effectively perform Review and Challenge of First Line of Defense activities.
You independently conduct or support information risk assessments of technology projects/initiatives from Second Line of Defense perspective
You conduct and/or support Review and Challenge of RCSAs
You support the team in building and maintaining related reports, templates and documentation
You work closely with partners from within IRA and other business units to effectively plan, execute and report on Information Risk Assessments as a Second Line of Defense SME
You review & challenge related First Line of Defense assessments in information risk domain
You provide hands-on support for SharePoint solution and to some level for GRC tools (Archer/OpenPages)
You handle related activities across team(s) and act as a single point of contact for assigned activities
You contribute ideas and effort to mature current services
You lead stakeholder partnerships and oversee across various parts of the organization
You communicate information risk matters to management
Bachelor's Degree required
5 years related experience in leading/supporting information risk assessments
1 or more certifications - PMP, CISSP, CISM, CISA, CRISC, CGEIT preferred, but not required
Strong background required in performing risk assessments for major projects/initiatives
Strong background required in technology architecture and information security domains
Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business
Understanding of respective industry standard methodologies (e.g., NIST, ISO, COBIT, OWASP, ITIL)
Shown functional knowledge of information risk management technology, specifically GRC tools such as Archer, Open Pages
Knowledge of the financial services industry and its regulations / laws
Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches
Knowledge of current industry trends in information risk management
Able to adjust with changing priorities and handle internal and external partner expectations
Able to use appropriate judgement in promptly bringing up matters to management as needed
Strong attention to detail and focus
Strong MS Office skills (specifically Excel, Word and PowerPoint Programs) along with strong verbal and written communication skills
The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.
We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.
A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.