MUFG Union Bank Governance, Risk & Control, Managing Director in New York, New York

/Join a financial group that’s as committed to your future as you are. At MUFG, we share a vision for our future, we share our successes, and we strive to bring out the best in each other in everything we do./

/ /

/Our 14,000 diverse colleagues are connected by a common ambition to create change for the better—from forging more dynamic career paths, to driving progress in our communities, to continuously reshaping the standards of global financial services. Positive impact starts here; see the change you can make as we strive to become the world’s most trusted financial group./

/ /

/Visit// more information./

_Job Summary:_

Reporting to the Information Risk Management Officer / Head of Information Risk Management, the Governance, Risk & Controls Managing Director is responsible for building and maintaining a team of individuals to:

  • Define and maintain information risk management framework components including: governance, policies & standards aligned with regulations and best practices, threat & risk & control libraries, risk scenarios, risk assessment methods, tools, and risk reporting and KRIs.

  • Ensures the above is understood and applied across the first and second line of defense.

  • Analyzes data across the enterprise to identify and drive the mitigation of risks.

  • Provides regulatory interface on information risk matters.

_Major Responsibilities:_

People Management Responsibilities:

  • Identifies, recruits, and manages a team of information, technology, cyber, business continuity and various other applicable business services risk subject matter experts that know the businesses conducted within the company.

  • Provides senior level leadership to subordinates including assigning and managing work, monitoring performance, and conducting performance appraisals.

  • Ensures all committed deliverables and associated timeframes are met.

  • Controls budgets; ensures financials and staffing levels are in line with approved budget on an ongoing basis.

  • Understands workload in order to easily flex with the changing internal and external environments in which we work.

Process Responsibilities:

  • Defines, implements, and maintains an information risk management framework defining the principles that will be implemented and followed across the three lines of defense to manage information risk across the enterprise.

  • Maintains an understanding of the businesses of the company and how they work as well as the threats, controls, industry standards, and best practices to effectively maintain a framework that is appropriate, implementable, and relevant.

  • Drives governance including defining, implementing, and maintaining policies, methods, standards, tools, and reporting / KRIs. Delivers KRI reporting as appropriate.

  • Defines, implements, and maintains risk assessment criteria, tools, and methodologies. Enables the analysis of risk data to identify common themes to enable consistent and compliant mitigation solutions that reduce risk.

  • Defines, implements, and maintains a threat, risk, and control library including the risk rating of the controls. Drives the first line of defense to identify owners and document procedures for each.

  • Addresses and aligns regulatory and legal requirements in regards to information risk management policies, standards, methods, governance, and reporting.

  • Ensures a clear corporate understanding of roles and responsibilities across the three lines of defense as they pertain to the framework including policies, methods, standards, high-level process, reporting, and overall governance.

  • Identifies and governs technology requirements in support of the information risk management program.


  • Works in close cooperation and collaboration with the heads of Information Risk Management as well as key business partners (e.g. Risk, Compliance, Technology).


  • Chairs / participates in industry committees / forums to maintain awareness of trends and best practices.

  • Understands and monitors changes in applicable regulatory requirements to enhance internal plans / strategies / policies / practices on an ongoing basis.

Business Expertise:

  • Broad view of the financial services industry.

  • Significant experience in one or more financial industry risk, control, and governance disciplines (e.g., audit, business continuity planning, regulatory compliance).

  • In-depth understanding of information and technology principles and best practices across the industry as well as project management principles.

  • In-depth knowledge of industry standard risk analysis, assessment and mitigation approaches: Control Objectives for Information and Related Technology (COBIT), Committee of Sponsoring Organizations of the Treasury commission (COSO), and International Organization for Standardization (ISO).

  • Extensive knowledge of information risk management policies, methods, standards, tools, and processes.

  • Knowledge of compliance, legal, internal / external audit and regulatory requirements.

Problem Solving:

  • In-depth knowledge of information and technology risks and controls to mitigate them.

  • Experienced at building and navigating the governance structures of the company.

  • Ability to manage and analyze data.

  • Experience raising awareness of information and technology risk throughout an organization.

  • Understanding of metrics development and reporting.

  • Strong problem solving and program execution skills.

  • Ability to prioritize and drive difficult decisions among business partners.

  • Big picture - can step back and understand the context of problems before applying analytical skills to address the issues.

  • Visionary at the strategic and operational levels.

  • Requires the ability to solve very complex risk issues that span legal, compliance, and regulatory obligations across various lines of business areas of the company.

Interactions / Interpersonal Skills:

  • Strong client relationship management experience and influencing skills.

  • Strong interpersonal and oral / written communication skills. Adept at developing and delivering presentations.

  • Able to build relationships with people at all levels. Able to influence and galvanize support of others. Builds rapport and trust among stakeholders

  • Strong ability to lead and manage staff. Strong team building skills including promoting cooperation and good working relationships among team members.

  • Remains positive and supportive during change.

  • Proven leadership and managerial experience within an information technology or risk management function.

  • Strong experience in dealing with regulators.

_Experience Requirements and Education/:/_

Education:Bachelor's degree in Computer Science, Financial Engineering, or related discipline, or equivalent work experience is required. Masters is preferred, but not required.

Experience:12-15 years related experience.

Certifications:1 or more of GSEC, CISSP, CISM, CISA, CRISC, CGEIT preferred, but not required.

/We are proud to be an Equal Opportunity/Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category./

Job: *Risk & Compliance

Title: Governance, Risk & Control, Managing Director

Location: NEW YORK-New York

Requisition ID: 10008035-WD