MUFG Union Bank Head of Information Risk Management (FLOD) First Line of Defense, Managing Director in Monterey Park, California

Join a financial group that’s as committed to your future as you are. At MUFG, we share a vision for our future, we share our successes, and we strive to bring out the best in each other in everything we do. Our 14,000 diverse colleagues are connected by a common ambition to create change for the better—from forging more dynamic career paths, to driving progress in our communities, to continuously reshaping the standards of global financial services. Positive impact starts here; see the change you can make as we strive to become the world’s most trusted financial group

Head of Information Risk Management (FLOD) First Line of Defense, Managing Director

Job Summary

Information Risk Management, Managing Director is responsible for the First Line of Defense (FLOD) framework within the TIO (Front Line Unit -FLU) and accountable for identifying and mitigating risks associated with TIO activities and operational responsibilities. Manage multiple teams dedicated to TIO and services for lines of business across the Americas. Accountable for creating an exciting and energizing environment focused on its people, processes, and technologies during a period of tremendous growth, integration, and change; leading with a balanced approach to quality, risk, and cost; driving efficiency and effectiveness throughout the organization; building a strong bench of future leaders. Identifies, manages, and mitigates risk


People Management Responsibilities:

• Manages multiple teams/functions of Information Risk subject matter experts (SMEs): Technology Risk management (TRM), Business Continuity Management (BCM), Information Security (IS) and Third Party Risk Management (TPRM)

• Provides senior level leadership to subordinates including assigning and managing work, monitoring performance, and conducting performance appraisals

• Ensures all committed deliverables and associated timeframes are met

• Controls budgets; ensures financials and staffing levels are inline with approved budget on an ongoing basis

• Understands workload in order to easily flex with the changing internal and external environments in which we work

Process Responsibilities:

• Accountable for Technology Infrastructure & Operations (FLU) compliance with Enterprise-wide information risk policies and standards defined by the Second Line of Defense (Information Risk Management) and applicable legal and regulatory requirements

• Accountable for identification of risk exposure, risk assessment, risk measurement, threat analysis, and mitigation of risk associated with TIO activities and operational responsibilities, consistent with the Bank’s Enterprise-wide risk appetite

• Accountable for ensuring appropriate risk controls are implemented and placed into operation, and for the ongoing internal and external testing, assessments, and audit of Technology Infrastructure risk controls, including those associated with the GLBA, PCI, and HIPAA information security programs

• Accountable for assigning responsibility for all TIO risk-related activities to FLU Risk Officers across TIO departments and continuous oversight


• Works in close cooperation and collaboration with Information Risk Management leads/counterparts including 2nd and 3rd lines of defense as well as key business partners (e.g. Risk, Compliance, Legal, and Technology)


• Chairs / participates in industry committees / forums to maintain awareness of trends and best practices

• Understands and monitors changes in applicable regulatory requirements to enhance internal plans / strategies / policies / practices on an ongoing basis


• Experience: 15 - 20 years of related experience

• Business Expertise:

o Broad understanding of the financial services industry

o Significant experience in one or more financial industry risk, control, and governance disciplines (e.g., audit, business continuity planning, regulatory compliance)

o In-depth understanding of information and technology principles and best practices across the industry as well as project management principles

o In-depth knowledge of industry standard risk analysis, assessment, and mitigation approaches: Control Objectives for Information and Related Technology (COBIT), Committee of Sponsoring Organizations of the Treasury Commission (COSO), and International Organization for Standardization (ISO)

o Extensive knowledge of information risk management policies, methods, standards, tools, and processes

o Knowledge of compliance, legal, internal / external audit and regulatory requirements

• Problem Solving:

o In-depth knowledge of information and technology risks and controls to mitigate them

o Experienced at building and navigating the governance structures of the company

o Ability to manage and analyze data

o Experience raising awareness of information and technology risk throughout an organization

o Understanding of metrics development and reporting

o Strong problem solving and program execution skills

o Ability to prioritize and drive difficult decisions among business partners

o Big picture - can step back and understand the context of problems before applying analytical skills to address the issues

o Visionary at the strategic and operational levels

o Requires the ability to solve very complex risk issues that span legal, compliance, and regulatory obligations across various lines of business

• Interactions / Interpersonal Skills:

o Strong client relationship management experience and influencing skills

o Strong interpersonal and oral / written communication skills. Adept at developing and delivering presentations

o Able to build relationships with people at all levels. Able to influence and galvanize support of others. Builds rapport and trust among stakeholders

o Strong ability to lead and manage staff. Strong team building skills including promoting cooperation and good working relationships among team members

o Remains positive and supportive during change

o Proven leadership and managerial experience within an information technology or risk management function

o Strong experience in dealing with regulators

• Education: Bachelor's degree in Computer Science, Financial Engineering, or related discipline; Master's is preferred

• Certifications: At least one security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP)

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity/Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.

Job: *Systems / Technology

Title: Head of Information Risk Management (FLOD) First Line of Defense, Managing Director

Location: CALIFORNIA-Monterey Park

Requisition ID: 10010349-WD