Coordinate with CUSO to maintain a comprehensive Risk Governance framework that aligns with MUFG’s overall Information Risk Management strategy and regulatory requirements. Risk Assessment and Monitoring: Lead regular risk assessments (RCSAs, EIS Assessments, FFIEC CAT, Cyber Risk Institute, etc.) and monitoring activities to identify, evaluate, and mitigate IT risks, ensuring a proactive approach to risk management. Coordinate Risk and Controls Testing: Coordinate controls testing activities, i... more details
Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 7th largest financial group in the world. Across the globe, we’re 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.
Senior Governance Risk & Compliance (GRC) Analyst will ensure the integrity, confidentiality and availability of the Firm’s information via risk assessments, audits, controls testing, policy and procedure and compliance initiatives and operational duties. The successful candidate will support various GRC initiatives and work on a diverse set of security related tools and applications.
Responsibilities:
- Coordinate with CUSO to maintain a comprehensive Risk Governance framework that aligns with MUFG’s overall Information Risk Management strategy and regulatory requirements.
- Risk Assessment and Monitoring: Lead regular risk assessments (RCSAs, EIS Assessments, FFIEC CAT, Cyber Risk Institute, etc.) and monitoring activities to identify, evaluate, and mitigate IT risks, ensuring a proactive approach to risk management.
- Coordinate Risk and Controls Testing: Coordinate controls testing activities, including maintaining inventory of controls in Open Pages, usher independent testing teams to SMEs, and prepare responses for any potential issues.
- Coordination with Regional Teams: Collaborate with IT risk governance teams across MUSI and MUBK to ensure unified approach to IT risk management, facilitating effective communication and coordination.
- Regulatory Compliance: Ensure IT Risk governance practices comply with all relevant regulatory reequipments, providing guidance and oversight to ensure adherence (i.e., SWIFT Security Attestations).
- Reporting and communication: Develop and maintain regular reports on IT risk to senior management and board, provide insights and recommendations for risk mitigation and governance improvements. This includes Information risk management program updates, Risk metrics reporting, and MUSA executive management committee updates.
Required Skills:
- 10 – 15+ years of experience in Information Securities Technology & Governance with a focus on technology risk management.
- Strong background in Technology Risk Management implementing strategies, policies, and standards and familiarity with financial or technology audit, risk, and control processes.
- Ability to produce clear documentation, reports, and presentations.
- Excellent analytical skills with a keen eye for detail and accuracy.
- Self-disciplined with the ability to work independently and make informed decisions.
- Proficiency in Microsoft Office/O365, collaboration tools (Teams, SharePoint, Zoom), and advanced Excel and PowerPoint skills.
- Strong interpersonal and communication skills, with the ability to build relationships and collaborate effectively.
- Stong exposure and experience in Audit (internal and/or external audit), e.g. risk management or internal control function, IT, cyber security, finance, and project management, system implementation project experience, etc.)
- Strong collaboration and partnership experience between interpersonal teams, business units, and leaders.
- Quick learner with a proactive approach to new projects and technologies.
- Ability to anticipate risks and develop mitigation strategies.
- Experience with metric collection, data analytics, business analysis, and process improvement is advantageous.
- Perform information security risk assessments and assess the control environment of the business processes and applications under review, including both manual and automated processes in accordance with the information security program.
- Create, analyze and develop risk assessment/audit reports and remediation plans resulting from the identification of risks and vulnerabilities discovered during audits/risk assessments.
- Excellent documentation skills.
- Detail-oriented and able to meet tight deadlines.
- Excellent written, verbal and interpersonal skills.
- Highly motivated self-starter with an inquisitive personality.
- Desire and ability to learn new skills and concepts.
Education:
- Bachelor's or Master's degree in Computer Science, and/or or equivalent work experience equally preferable.
Preferred:
- One or more professional certification, such as: CISSP, CISA, GIAC and other Industry Certifications considered a plus.
Other Qualifications:
- As per MUFG’s work policy, must work onsite 4 days and 1 day remotely out of 1251 Avenue of the Americas, New York, NY office.
The typical base pay range for this role is between $139K - $171K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.
MUFG Benefits Summary
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.
We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.