MUFG Union Bank Information Risk Management - Library & Methods, Vice President in Jersey City, New Jersey
Join a financial group that’s as committed to your future as you are. At MUFG, we share a vision for our future, we share our successes, and we strive to bring out the best in each other in everything we do. Our 14,000 diverse colleagues are connected by a common ambition to create change for the better—from forging more dynamic career paths, to driving progress in our communities, to continuously reshaping the standards of global financial services. Positive impact starts here; see the change you can make as we strive to become the world’s most trusted financial group.
Reporting to the Governance & Frameworks Director, the Library & Methods Vice President is responsible for defining and implementing the enterprise-wide risk, threat and control libraries for information risk as well as establishing processes for maintaining those libraries and aligning them with policies/standards, regulations and industry best practice frameworks. This role will also be responsible for developing and maintaining the Information Risk Assessment Methodology that will be utilized by the 1st and 2nd line of defense to determine Inherent and Residual Risk ratings. The Library & Methods Vice President works closely with relevant first and second line stakeholders to identify and document key enterprise risks, threats and controls, and updating the libraries on a regular and timely basis. The Library & Methods Vice President should have knowledge of Governance, Risk & Compliance technologies (such as Archer) to maintain the various libraries.
Defines methods and processes to establish and maintain enterprise wide information risk, threat and control libraries
Drives the building of enterprise-wide risk, threat and control libraries through working with relevant first and second line stakeholders
Drives the maintenance of enterprise-wide risk, threat and control libraries based on input from the first and second line stakeholders and industry intelligence on a regular and timely basis
Drives the mapping of risks, threat and controls to the list of information risk management policies / standards, regulations and industry best practice frameworks (e.g. NIST-CF, ISO, COBIT, etc.), detailed risk scenarios, and playbooks
Works closely with training & communication stakeholders to develop training material and deliver training programs
Leverages Governance, Risk & Compliance technologies to manage libraries and support reporting functions
Works with the front line units to gather first line control owners, control operating and testing procedures, and aligns them with the controls in the library
Works with the second line to gather the second line testing procedures and aligns them with the controls in the library
Is aware of new information risk regulations in order to align them to the risk, threat and control libraries to support the assessment of compliance and / or impact on a regular and timely basis
Stakeholder management and working across various parts of the organization
Communicates information risk matters to senior management
Bachelor's Degree required
At least one security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP)
5 years of related experience
Proven knowledge of risk, threat and control library development and maintenance; proven knowledge of risk / threat / control analysis criteria, tools, and maintenance methodologies
Working knowledge of Governance, Risk & Compliance technologies (e.g., Archer)
Knowledge of the financial services industry and its regulations / laws
Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business
Understanding of respective industry best practices (e.g., NIST, ISO, COBIT, OWASP, ITIL)
Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches
Knowledge of current industry trends in information risk management
Strong MS Office skills along with strong verbal and written communication skills
Able to collaborate well with internal and external stakeholders
Able to enforce and communicate related policies, procedures, and guidelines
Able to be a subject matter expert on risk and threat libraries, analysis criteria, tools, and methodologies
We are committed to leveraging the diverse backgrounds, perspectives and experiences of our workforce to create opportunities for our people and our business. Equal Opportunity Employer Minority/Female/Disability/Veterans.
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.
Why Work for MUFG Corporation?
• We are a financially strong and stable bank.
• We value workplace diversity.
• We are committed to the training and development of our employees.
• Innovative vacation benefits
• We offer a matching 401k, a Retirement Plan, a variety of Flexible Health Benefits.
Job: *Risk & Compliance
Title: Information Risk Management - Library & Methods, Vice President
Location: NEW JERSEY-Jersey City
Requisition ID: 10008922-WD
Other Locations: NEW YORK-New York, CALIFORNIA-Monterey Park