Control Assessment Automation Specialist, Vice President
New York, NY

Job Description

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world with total assets of over $2.4 trillion (as ranked by SNL Financial, April 2016) and 140,000 colleagues in nearly 50 countries. In the U.S., we're 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that's working to fulfill its vision to be the world's most trusted financial group.

Job Summary:

Integrated Services for the Americas (ISA) is the Technology & Operations function for MUFG Americas. ISA plans, develops, maintains, operates, and safeguards digital and business operations. Its 3,000 colleagues specialize in process engineering, software development, enterprise information management, technology operations, operational risk management, and project management. The goal is to deliver superior solutions to our stakeholders at the quality they define and to be, above all, trusted stewards of the bank's computing assets and processes.

ISA Risk & Controls Office (RCO) is accountable for appropriately assessing and effectively managing risk and responsible for implementing effective internal controls and maintaining processes for identifying, assessing, controlling and mitigating the risks associated with their activities separate from independent risk management (2nd line of defense, or SLoD) and consistent with bank established risk appetite and risk limits.

* ISA Risk Appetite Statement and the Risk & Controls Library
* Centralized oversight of assessments, risk acceptances and policy variances to demonstrate conformance with the ISA risk appetite statement and escalation to the 2nd line
* Process Ownership for IT Risk Management processes: Compliance with Information Risk Policies, Standards, Laws and Regulations; Risk and Threat Identification and Management; Risk Assessments and Controls Testing; Risk Monitoring and Reporting; Risk Issue Management; IT Compliance
* Oversight of the ISA STL aligned Control Officers and the FLU Control Officers for FLU's with Information Risk ("Business Unit Managed IT"). Responsibility includes defining granular accountability within the IT Risk Management processes across the operating model, i.e. identifying and mapping regulatory requirements and assigning open issues to the appropriate STL Control Officer, FLU Control Officer and/or Technology Management Process Owner as per the Risk, Threats and Controls Library
* Serving as a center of excellence for information risk management and performing specialized IRM tasks for Business Unit Managed IT. Risk Culture, Training, Awareness and Communications (security awareness in Enterprise Information Security)

Major Responsibilities:

As a Control Assessment Automation Specialist for our ISA Risk Control Office you'll form part of a new assessment team providing critical assurance for control operation and testing posture for the firm. You'll have an eye for detail and a good technical understanding of IT processes at a financial institution while being able to meet deadlines to provide unique and scalable solutions.

The successful candidate will be able to see both the bigger picture from an architecture and roadmap perspective and also be able to zoom into logic for individual automated control performance tests and debug / improve as necessary. The role is hands on requiring a development skillset and awareness of related technologies and techniques such as leveraging and developing APIs, cloud platforms, robotics process automation and data science.

* Monitor FLU compliance with the Information Risk Governance framework (RGF) and with enterprise-wide policies and standards via automated performance testing.


* Understanding of Technology Risk Management, Assessments, Identification


* Engineer our control performance testing harness / calculation engine, provide APIs for ingestion of testing data and querying / extensibility of testing results


* Can demonstrate understanding of controls within IT processes (such as Access Management, Change management, Disaster Recovery).


* Automate control performance by gathering data via numerous methods including vendor or platform provided APIs / data marts, robotics techniques or operating system level scripting languages to scrape data.