Application Development BURM, VP
Company: MUFG
Location: Charlotte
Posted on: January 26, 2023
|
|
Job Description:
Do you want your voice heard and your actions to count?Discover
your opportunity with Mitsubishi UFJ Financial Group (MUFG), the
6th largest financial group in the world. Across the globe, we're
160,000 colleagues, striving to make a difference for every client,
organization, and community we serve. We stand for our values,
building long-term relationships, serving society, and fostering
shared and sustainable growth for a better world.With a vision to
be the world's most trusted financial group, it's part of our
culture to put people first, listen to new and diverse ideas and
collaborate toward greater innovation, speed and agility. This
means investing in talent, technologies, and tools that empower you
to own your career.Join MUFG, where being inspired is expected and
making a meaningful impact is rewarded.This is a remote position. A
member of our recruitment team will discuss location preferences
with you in more detail.This role is a leader and key member of a
first line risk and controls team aligned to application
development, and related functions, within the Technology Business
Unit. You will work with team members and partner with technology
teams to drive effective risk management. The team is responsible
for assessing the technology risk and control environment,
identifying improvement opportunities, reporting and monitoring key
risk metrics, managing issues, and providing governance with
respect to all risk and control matters.As part of an effective
risk and control framework, Operations and Technology for the
Americas (OTA) documents and executes risk and control
self-assessments (RCSA) across processes related to Operations and
Technology. There is a comprehensive coverage and joint
accountability model that promotes early identification and
assessment of operational and technology risk, effective design and
evaluation of controls, and sustainable solutions to mitigate
operational and technology risk.In this role you will focus on
executing RCSAs and managing risks relevant to the supported
Technology functions, ensuring compliance with internal and
external requirements, and contributing to the achievement of
Operations & Technology business objectives. Responsibilities
include engaging with business partners and/or leaders from other
functions, including audit and Information Risk Management (SLOD),
and collaborating with Operations & Technology colleagues to
prepare for and conduct risk management activities. This may also
include engagement with external auditors and/or regulators;
reviewing assessment and/or issue closure content prior to
submission and managing follow-up actions; establishing processes,
templates, and stakeholder matrices for activities; creating
roadmaps aligned to recurring and ad hoc assessments; ensuring
stakeholders execute appropriately and meet issue management
milestones on time; tracking, escalating, and/or remediating risks
and issues; and developing and executing executive-level
reporting.RESPONSIBILITIESManage the execution of front line
controls self-assurance and risk assessment activities (Risk and
Control Self-Assessments [RCSA], business process management [BPM],
ad hoc controls review) and independent risk and audit activities
as neededDrive implementation and sustainability of information
technology control framework and risk culture; influence
self-identification and disclosure of control self-assurance
gapsEnsure gaps are addressed via remediation plans that adhere to
issues management mandates: timely issue and corrective action
submission, accurate root cause identification, corrective action
monitoring, on time closure, no failed validations, and no repeat
issueMonitor and evaluate emerging risk, internal operational
trends, and external risk events for potential impact to control
environmentPrepare risk analysis and risk mitigation
recommendationsSupport technology risk governance by ensuring our
control environment performance is reported and has risk management
plans in place for critical issuesSupport the preparation of risk
and controls governance materials as neededConsult on controls
design and efficiency with technology partners in support of their
commitments to align with all applicable laws, regulations, and
internal policies and proceduresRecruit, develop, and retain key
talent, ensuring team members are effective in carrying out
required risk management functionsEvaluate and benchmark technology
process execution against industry standards (e.g., COBIT, NIST
800-53, FFIEC, etc.)QUALIFICATIONSUndergraduate degree plus 8 years
in technology, information security, operational risk management,
or related rolesPreferred: professional certifications such as
Certified Information System Auditor (CISA), Certified in Risk and
Information Systems Control (CRISC), Certified Information Systems
Manager (CISM), Certified in the Governance of Enterprise
Information Technology (CGEIT), Information Technology
Infrastructure Library (ITIL), Control Objectives for Information
and Related Technology (COBIT), etc.8 plus years of experience in
information technology, information security, and/or operational
risk management, (Includes operations, operational risk management,
compliance, audit, and third party risk management within
technology and/or information security), or a combination thereof,
or other highly regulated environmentKnowledge and implementation
experience with industry best practices and frameworks such as:
Committee of Sponsoring Organizations of the Treadway Commission
(COSO), COBIT, National Institute of Standards and Technology
(NIST)-800-53, and ITIL in complex environmentsKnowledge of
critical domestic and international banking regulations (Reg W,
Basel II, Federal Financial Institutions Examination Council
(FFIEC), General Data Protection Regulation (GDPR), etc.) and
experience with enforcement agencies oversight activities
(regulatory examinations, matters requiringattention (MRAs),
consent orders, etc.) within a global systemically important
financial institution's information technology and security
environmentsExperience with developing and executing technology
risk assessment/testing methodologies, evaluating the design and
effectiveness of internal controls; and identifying issues
resulting from internal and/or external compliance
examinationsExperience with process documentation, risk and control
assessments, issue management, and process improvement (e.g., Lean
Six Sigma)Understanding of the regulatory environment and
regulations related to technology risk, and Office of the
Comptroller of the Currency (OCC) and Federal Reserve Board (FRB)
expectationsCombined experience in IT external audit, IT internal
audit, and technology risk and/or ITGC assessment for compliance
with Sarbanes-Oxley (SOX)Understanding of data quality, data
quality monitoring, and data maturity models, and experience with
critical data elements (CDEs) and data lineagePrior supervisory
and/or management role with a focus on talent developmentExperience
with information technology risks, regulations or regulatory
bodies, and risk/control frameworks, including COSO, COBIT, FFIEC,
NIST, and ITILExperience with developing and executing technology
and/or information security risk assessment/testing methodologies
evaluating the design and effectiveness of internal controls; and
identifying issues resulting from internal and/or external
compliance examinationsExperience with risk metrics definition and
reporting/scorecard development utilizing key risk metrics tools
(IBM Open Pages, Tableau, structured query language (SQL), Access
etc.)Experience in creation and review of work papers to document
testing and/or issue closure, and experience in the management of
regulatory mattersExperience in working in an agile, scrum, or
DevSecOps methodology including the Atlassian stack
(Jira/Confluence) is preferredStrong and diverse modern technology
background and experience across diverse domains, illustrating the
ability to drive transformation outcomes with specific focus on how
to 'enable' them in a highly regulated enterprise industry context
including:Conceptual / working understanding of scripting languages
(e.g., Bash, Ruby, Perl and Python)Conceptual / working
understanding with continuous integration and continuous deployment
(CI/CD) concepts, tools, and technologies including code
repositories (e.g. Git), Jenkins and MavenConceptual / working
understanding of software containerization platforms/container
orchestration tools (e.g., Docker, Kubernetes, AWS Elastic
Kubernetes Service (EKS) and Red Hat OpenShift)Conceptual / working
understanding of modern master data management, big data platforms,
data streaming, analytics and reporting solutions (e.g., AWS
Elastic Map Reduce (EMR))Deep understanding of secure application
development best practices and implementation of security
principles across global organizations (i.e., "secure by design"),
to meet business goals and legal/regulatory requirementsKnowledge
of current and emerging cloud security trends,
"Software/Platform/Infrastructure as a Service" security and
architecture concepts, including network segmentation, perimeter
security, event monitoring; and remediation methods to bring cloud
infrastructures into compliance for security
complianceUnderstanding of risk management, including experience
executing risk assessments, testing and evaluating processes and
controlsStrong project management skills; includes an ability to
independently drive work, and pragmatically solve problemsThe
typical base pay range for this role is between $115K - $145K
depending on job-related knowledge, skills, experience and
location. This role may also be eligible for certain discretionary
performance-based bonus and/or incentive compensation.
Additionally, our Total Rewards program provides colleagues with a
competitive benefits package (in accordance with the eligibility
requirements and respective terms of each) that includes
comprehensive health and wellness benefits, retirement plans,
educational assistance and training programs, income replacement
for qualified employees with disabilities, paid maternity and
parental bonding leave, and paid vacation, sick days, and
holidays.The above statements are intended to describe the general
nature and level of work being performed. They are not intended to
be construed as an exhaustive list of all responsibilities duties
and skills required of personnel so classified.We are proud to be
an Equal Opportunity/Affirmative Action Employer and committed to
leveraging the diverse backgrounds, perspectives and experience of
our workforce to create opportunities for our colleagues and our
business. We do not discriminate on the basis of race, color,
national origin, religion, gender expression, gender identity, sex,
age, ancestry, marital status, protected veteran and military
status, disability, medical condition, sexual orientation, genetic
information, or any other status of an individual or that
individual's associates or relatives that is protected under
applicable federal, state, or local law.#LI-Remote
Keywords: MUFG, Charlotte , Application Development BURM, VP, Executive , Charlotte, North Carolina
Click
here to apply!
|