MUFG Union Bank Information Risk Management - Governance & Framework, Director in New York, New York

Join a financial group that’s as committed to your future as you are. At MUFG, we share a vision for our future, we share our successes, and we strive to bring out the best in each other in everything we do. Our 14,000 diverse colleagues are connected by a common ambition to create change for the better—from forging more dynamic career paths, to driving progress in our communities, to continuously reshaping the standards of global financial services. Positive impact starts here; see the change you can make as we strive to become the world’s most trusted financial group/./

/ /

/ Summary: /

/ /

Reporting to the Governance, Risk & Control Managing Director, the Governance & Framework Director is responsible for (in general, but not limited to) building and maintaining a team of subject matter experts to support him / her in: developing, implementing, and maintaining risk management policies & standards and analytical & reporting processes; issue management and oversight; and establishing information risk libraries & methodologies. .

/ /

/ Major Responsibilities: /

/ /

People Management Responsibilities:

  • Identifies, recruits, and manages a team of policy, library & methods, analytical & reporting, and issue management subject matter experts.

  • Provides senior level leadership to subordinates including assigning and managing work, monitoring performance, and conducting performance appraisals.

  • Ensures all committed deliverables and associated timeframes are met.

  • Controls budgets; ensures financials and staffing levels are inline with approved budget on an ongoing basis.

  • Understands workload in order to easily flex with the changing internal and external environments in which we work.

Process Responsibilities:

The Governance & Framework Director, along with the respective subject matter expert(s), is responsible for the following:

  • Building and maintaining information risk management policies and standards. This includes: ensuring all policies and standards are kept relevant and in good standing; supporting the alignment of policies and standards to both regulations and controls; and defining supporting policy implementation guidance.

  • Developing, implementing, and maintaining an analytics and reporting process to ensure compliance to IRM framework and effective risk reporting. This includes: coordinating with stakeholders (for reporting processes); executing forensic analysis; performing independent review and challenge of the front line unit risk report content; reporting status of GLBA, PCI, and HIPPA to the Board; and performing independent information risk management reporting to the Board and Executive Committees.

  • Developing, implementing, and maintaining an issue management and oversight process. This includes: defining the issues management criteria, tools, and methodologies; establishing and maintaining an enterprise-wide risk issues library; performing an independent review and challenge of first line issue identification and corrective action; and tracking first line corrective action.

  • Building information risk libraries and methodologies. This includes: maintaining enterprise-wide risk and threat libraries based on input from the front line units and industry intelligence, maintaining mapping of risks and threats to the list of information risk controls, detailed risk scenarios, & playbooks; leveraging GRC technologies to manage and report; and providing advice, interpretation guidance, & support on risk and threat libraries.

  • Defining and determining thresholds for information key risk indicators.

  • Determining critical themes and escalating to drive risk reduction.

General Responsibilities / Requirements:

  • Stakeholder management and working across various parts of the organization.

  • Communicates information risk matters to senior management.

  • Education : Bachelor's Degree required.

  • Certifications : 1 or more of GSEC, CISSP, CISM, CISA, CRISC, CGEIT preferred, but not required

  • Experience : 10 years related experience.

  • Knowledge:

  • Thorough knowledge of information risk management governance, policies, & libraries, analytics & reporting, and issue management.

  • Knowledge of the financial services industry and its regulations / laws.

  • Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business.

  • Understanding of respective industry best practices (e.g., NIST, ISO, COBIT, OWASP, ITIL).

  • Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches.

  • Knowledge of current industry trends in information risk management.

  • Skills : Strong MS Office skills along with strong verbal and written communication skills.

  • Abilities:

  • Able to collaborate well with internal and external stakeholders.

  • Able to enforce and communicate related policies, procedures, and guidelines.

  • Able to be a leader across the organization, a valued partner, and subject matter expert for information risk management governance, policies, libraries, analytics & reporting, and issue management.

  • Why Work for MUFG? *

We are a financially strong and stable bank.

We value workplace diversity.

We are committed to the training and development of our employees.

Innovative vacation benefits.

We offer a matching 401K, a Retirement Plan, and a variety of Flexible Health Benefits.

/ /

/ The above statements are intended to describe the general nature and level of work being performed. They are not intended to /

/ be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. /

/ /

T o learn more about MUFG, review all current career opportunities, and apply please visit us online:

/ /


/ We are proud to be an Equal Opportunity/Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category. /


Job: *Risk & Compliance

Title: Information Risk Management - Governance & Framework, Director

Location: NEW YORK-New York

Requisition ID: 10008257-WD

Other Locations: NEW JERSEY-Jersey City, CALIFORNIA-Monterey Park