MUFG Union Bank Information Risk Management - Applications, General Technology, Vice President in Monterey Park, California
Join a financial group that’s as committed to your future as you are. At MUFG, we share a vision for our future, we share our successes, and we strive to bring out the best in each other in everything we do. Our 14,000 diverse colleagues are connected by a common ambition to create change for the better—from forging more dynamic career paths, to driving progress in our communities, to continuously reshaping the standards of global financial services. Positive impact starts here; see the change you can make as we strive to become the world’s most trusted financial group.
Reporting to the Information Risk Assessment - Applications Director, the General Technology / Third Party Vice President is responsible for: defining risk assessment and control testing processes for third party applications, conducting 2nd line assessments and control testing for third party applications as required, and reviewing and challenging third party application assessments and testing performed by the 1st line.
Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the risks associated with third party applications
Assists in the development of the IRM control inventory, specifically for controls related to third party applications
Works closely with the Governance team to help define appropriate policies and standards relevant to third party applications
Assesses compliance to cyber policies and standards related to third party applications
Performs independent review and challenge of the front line unit risk assessments and control testing for third party applications
Reviews risk mitigation strategies and tracks remediation efforts as issues are identified
Conducts 2nd line risk assessments and control testing for third party applications; includes source code reviews, secure SDLC processes, application vulnerability management
Stakeholder management and working across various parts of the organization
Communicates information risk matters to senior management
Bachelor's Degree or equivalent work experience required
At least one security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP)
5 years of related experience
Proven knowledge of general technology application assessment methodologies and tools
Proven knowledge of application security assessment methodologies and technologies
Experienced in application security related standards, and best practices such as secure code reviews, secure SDLC, and application vulnerability management
Prior experience with application development and SDLC related processes is preferred
Knowledge of the financial services industry and its regulations / laws
Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business.
Understanding of respective industry best practices (e.g., NIST, ISO, COBIT, OWASP, ITIL)
Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches
Knowledge of current industry trends in information risk management
Strong MS Office skills along with strong verbal and written communication skills
Able to collaborate well with internal and external stakeholders
Able to be a subject matter expert on assessing general technology processes relating to applications
We are committed to leveraging the diverse backgrounds, perspectives and experiences of our workforce to create opportunities for our people and our business. Equal Opportunity Employer Minority/Female/Disability/Veterans.
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.
Why Work for MUFG Corporation?
• We are a financially strong and stable bank.
• We value workplace diversity.
• We are committed to the training and development of our employees.
• Innovative vacation benefits
• We offer a matching 401k, a Retirement Plan, a variety of Flexible Health Benefits.
Job: *Risk & Compliance
Title: Information Risk Management - Applications, General Technology, Vice President
Location: CALIFORNIA-Monterey Park
Requisition ID: 10009218-WD
Other Locations: NEW JERSEY-Jersey City, NEW YORK-New York