Job Summary:In this role you will focus on reviewing issues that are identified by management, second line of defense, and third line of defense. Responsibilities include verifying the adequacy of the issues submitted to the Issues Management Validation (IM Validation) team and engaging with business partners to resolve review comments and discrepancies.
This role requires someone with a strong combination of analytical thinking, attention to detail, technical knowledge, effective communication and writing skills, problem-solving skills, critical thinking, the ability to gather and interpret data, and a deep understanding of business requirements to accurately assess and validate issues, ensuring the remediation is appropriate and adequate to address the issues.
Responsibilities: - Work with Business Unit Risk Managers' (BURMs') teams to identify potential issues and participate in issue development once they are recognized and agreed as issues
- Review management action plans (MAPs) development to ensure MAPs can address the control deficiencies and symptoms pointed out in the issue including building out a sustainable and repeatable process
- Validate issues to determine if issues identified by management, Second Line of Defense (SLoD), and Internal Audit /Third Line of Defense (TLoD) are remediated
- Work with BURMs' teams to ensure new issues and closure issue packages are completed properly prior to being presented at tollgates meetings
- Engage with key stakeholders, management, BURMs, SLoD, and TLoD to ensure risks are understood across all Lines of Defense (LoDs) and risk treatment is properly identified.
- Review issue intake submissions for tollgates (review & challenge), prepare issue package (new, closures, risk acceptances), and ensure requirements are met, and that pending items are acted on, completed, and resolved.
- Assess the scope of exams or findings provided by Second Line of Defense (SLoD), Third Line of Defense (TLoD), or regulatory authority, and identify required resources for remediation.
- Participate in ongoing meetings to track remediation efforts and other review related activities.
- Oversee review process, provide updates on the review to senior leadership, and escalate any potential challenges.
- Review management responses, provide feedback in line with issues management procedures, and participate in close out meetings.
QUALIFICATIONS- 6-8 years of technology risks and controls experience
- 6-8 years of experience in information technology, information security, and/or operational risk management, (includes operations, operational risk management, compliance, audit, and third-party risk management within technology and or information security), or a combination thereof
- Deep understanding of financial institution processes, products, and risk
- Strong understanding of governance and oversight best practices, ideally with experience implementing and/or managing governance processes
- Advance level of proficiency using Microsoft Excel to organize and analyze data, produce management reporting and dashboards, and prototype strategic solutions is critical
- Experience communicating key messages to senior managers
- Strong planning and organizing skills and the ability to multitask across a varied workload
- Knowledge of information technology risk and process frameworks, including National Institute of Standards and Technology (NIST), Cybersecurity Horizontal Reviews, and ITIL
- Understanding of risk management, including experience executing risk assessments, testing and evaluating processes and controls
- Strong project management skills; includes an ability to independently drive work, and pragmatically solve problems
- Experience with automating and/or the ability to conceptualize automated control solutions is highly desired
- Fluent in Portuguese or Spanish a plus.
Education:- Bachelor's degree or experience in Auditing Technology, Engineering, Risk management, Computer Science, Information Systems, or equivalent field.
- Preferred: degree from a competitive school, demonstrating a strong academic and extracurricular track record
- Preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Internal Auditor (CIA) or Certified in Risk and Information Systems Control (CRISC)
- Other preferred certificates: risk management, information security, and/or technology certifications desired, but not required. (Certified in Governance of Enterprise Information Technology (CGEIT), Cybersecurity Fundamentals (CSX), Certified Information Systems Security Professional (CISSP), Information Technology Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (COBIT), etc.)
"Visa sponsorship/support is based on business needs. We do not anticipate providing visa sponsorship/support for this position."The typical base pay range for this role is as follows:
- New York / New Jersey: $120k - $192k
- Non- New York / New Jersey: $120k - $164k
depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.
Our hybrid work schedule is four days on-site and work remotely one day per week.
MUFG Benefits Summary