MUFG Union Bank Information Risk Management, Applications General Technology, Vice President in New York, New York

Join a financial group that’s as committed to your future as you are. At MUFG, we share a vision for our future, we share our successes, and we strive to bring out the best in each other in everything we do. Our 14,000 diverse colleagues are connected by a common ambition to create change for the better—from forging more dynamic career paths, to driving progress in our communities, to continuously reshaping the standards of global financial services. Positive impact starts here; see the change you can make as we strive to become the world’s most trusted financial group.

Job Summary:

Reporting to the Information Risk Assessment - Applications Director, the General Technology, Vice President is responsible for: defining risk assessment and control testing processes for third party applications, conducting 2nd line assessments and control testing for third party applications as required, and reviewing and challenging third party application assessments and testing performed by the 1st line.

Major Responsibilities:

  • Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the risks associated with third party applications

  • Assists in the development of the IRM control inventory, specifically for controls related to third party applications

  • Works closely with the Governance team to help define appropriate policies and standards relevant to third party applications

  • Assesses compliance to cyber policies and standards related to third party applications

  • Performs independent review and challenge of the front line unit risk assessments and control testing for third party applications

  • Reviews risk mitigation strategies and tracks remediation efforts as issues are identified

  • Conducts 2nd line risk assessments and control testing for third party applications; includes source code reviews, secure SDLC processes, application vulnerability management

  • Stakeholder management and working across various parts of the organization

  • Communicates information risk matters to senior management


  • Bachelor's Degree or equivalent work experience required

  • At least one security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP)

  • 5 years of related experience

  • Proven knowledge of general technology application assessment methodologies and tools

  • Proven knowledge of application security assessment methodologies and technologies

  • Experienced in application security related standards, and best practices such as secure code reviews, secure SDLC, and application vulnerability management

  • Prior experience with application development and SDLC related processes is preferred

  • Knowledge of the financial services industry and its regulations / laws

  • Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business.

  • Understanding of respective industry best practices (e.g., NIST, ISO, COBIT, OWASP, ITIL)

  • Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches

  • Knowledge of current industry trends in information risk management

  • Strong MS Office skills along with strong verbal and written communication skills

  • Able to collaborate well with internal and external stakeholders

  • Able to be a subject matter expert on assessing general technology processes relating to applications

We are committed to leveraging the diverse backgrounds, perspectives and experiences of our workforce to create opportunities for our people and our business. Equal Opportunity Employer Minority/Female/Disability/Veterans.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.

Why Work for MUFG Corporation?

• We are a financially strong and stable bank.

• We value workplace diversity.

• We are committed to the training and development of our employees.

• Innovative vacation benefits

• We offer a matching 401k, a Retirement Plan, a variety of Flexible Health Benefits.

Job: *Risk & Compliance

Title: Information Risk Management, Applications General Technology, Vice President

Location: NEW YORK-New York

Requisition ID: 10009217-WD

Other Locations: NEW JERSEY-Jersey City, CALIFORNIA-Monterey Park