MUFG Union Bank Information Risk Management - Governance, Risk & Controls, Threat Director in New York, New York

Join a financial group that’s as committed to your future as you are. At MUFG, we share a vision for our future, we share our successes, and we strive to bring out the best in each other in everything we do. Our 14,000 diverse colleagues are connected by a common ambition to create change for the better—from forging more dynamic career paths, to driving progress in our communities, to continuously reshaping the standards of global financial services. Positive impact starts here; see the change you can make as we strive to become the world’s most trusted financial group.

Job Summary:

Reporting to the Governance, Risk & Controls Managing Director, the Threat Director is responsible for (in general, but not limited to) defining and assessing information risks and threats through industry expertise and knowledge of MUFG technology environments. The Threat Director identifies threats on a timely basis, develops a high-level impact assessment with potential required actions, develops specific risk, and threat scenarios and collaborates with the risk and control library team and Line 1 to make any required modifications to the library and controls based upon new threats. Additionally, the Threat director is responsible for leveraging GRC technologies (such as Archer and Open Pages) to maintain the libraries.

Job Responsibilities:

  • Works with Information Risk Management colleagues to ensure the appropriate risk and control framework, governance, policies, methods, standards, processes, reporting, and training are developed, applied, and understood by impacted stakeholders.

  • Communicates information risk matters effectively to senior business management.

  • Drives and oversees consistency in approach, execution, and reporting across the technology and information risk function.

  • Drives program steering committees and, where applicable, participates in support program governance.

  • Drives and oversees the development of information risk strategic program elements.

  • Provides prioritization of risk, creating business value and helping to streamline technology development.

  • Drives the development and implementation of key metrics (KRIs, KPIs), with ownership for providing business value towards monthly dashboard reports.

  • Provides advice and guidance on information risk matters involving legal or regulatory matters; acts as a primary interface between the business areas for these matters.

  • Reviews internal and external IT projects and applications for risk issues and ensures adherence to security policies and industry best practices and security controls, taking full ownership where concerned.

  • Prepares and presents materials for internal and external client communications and takes ownership for follow-ups where necessary.


  • Proven awareness and understanding of risk management, compliance, information protection, regulatory concepts, and requirements.

  • Advanced knowledge of security systems and applications and be able to assist in communicating related policies, procedures, and guidelines.

  • Understanding of industry best practices (e.g., NIST, ISO, COBIT, OWASP, ITIL).

  • Knowledge of the financial services industry and its regulations / laws is required, along with operational aspects of the business and a thorough understanding of control and risk management concepts.

  • Extensive knowledge of Risk Management policies, methods, standards, processes, governance models, and in-depth knowledge of industry standard risk analysis approaches.

  • Excellent understanding of systems architecture, hardware, operations, system life cycle, and information security along with investigative principles, incident response procedures, computer forensics, Information Security practices, and effective risk management.

  • Significant experience in one or more financial industry risk, control, and governance disciplines (e.g., audit, business continuity planning, regulatory compliance).

  • Strong MS Office skills along with strong verbal and written communication skills.

We are committed to leveraging the diverse backgrounds, perspectives and experiences of our workforce to create opportunities for our people and our business. Equal Opportunity Employer Minority/Female/Disability/Veterans.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.

Why Work for MUFG Corporation?

• We are a financially strong and stable bank.

• We value workplace diversity.

• We are committed to the training and development of our employees.

• Innovative vacation benefits

• We offer a matching 401k, a Retirement Plan, a variety of Flexible Health Benefits.

Job: *Risk & Compliance

Title: Information Risk Management - Governance, Risk & Controls, Threat Director

Location: NEW YORK-New York

Requisition ID: 10008803-WD

Other Locations: NEW JERSEY-Jersey City, CALIFORNIA-Monterey Park