Risk & Controls Testing & Assessment, VP

Risk & Controls Testing & Assessment, VP

Vacancy expired!

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2020). In the Americas, we're 13,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, developing positive relationships built on integrity and respect. It's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. We're a team that accepts responsibility for the future by asking the tough questions and owning the solutions. Join MUFG and be empowered to make your voice heard and your actions count.

Job Summary

In this role you will assist in implementing and managing frameworks designed to identify, evaluate, and manage related risks and controls across the company or a particular business or function. Responsibilities include integrating that framework with business operations and keeping key stakeholders across the organization informed about new or existing operational and/or technology assets and third-party vendor engagements; leading or supporting various programs, including Risk and Control Self-Assessment (RCSA), process, risk, and control, and other risk policies, standards, and processes. The primary focus of this role will be assessing the operating effectiveness of key controls documented within the RCSA through the execution of control testing performed in alignment with internal policies and standards.

As part of an effective risk and control framework, Operations and Technology for the Americas (OTA) documents and executes risk and control assessments across processes related to Operations and Technology. There is a comprehensive coverage and joint accountability model that promotes early identification and assessment of operational and technology risk, effective design and evaluation of controls, and sustainable solutions to mitigate operational and technology risk.

Major Responsibilities:

• Serve as member of centralized control testing team overseeing timely completion of control testing activities associated with RCSA, Policy and Standard Control Testing (PSCT), and other assessment programs
• Report to senior management on control testing progress for all in-scope controls across assessment programs and entities
• Facilitate interactions between required key stakeholders to drive completion or resolution of identified issues related to control testing
• Coordinate with risk assessment teams to identify and report information risk- and project-related issues through appropriate methods (i.e., risk assessments, controls testing) to senior management, appropriate committees, and the Second Line of Defense (SLoD)
• Manage development of new documentation for processes, including but not limited to, procedures process flows, and risk and control identification, as required
• Manage updates to process documentation to reflect the current state of procedures, process activities, and process flows related to process area
• Evaluate and perform an end-to-end analysis of the risk and control environment to identify significant gaps and weaknesses in partnership with stakeholders, including process owners and control officers
• Manage the determination control design and effectiveness ratings
• Communicate control gaps and deficiencies and risk exposures to senior management and SLoD, as appropriate
• Communicate status reports to process / entity leads to ensure timely completion of assessment activities
• Manage iterative review and challenge of assessment results, work with appropriate stakeholders across the lines of defense, and resolve and manage conflicts or incongruities alongside process teams
• Liaise with the risk and control managers across all technology risk governance processes
• Partner with control colleagues across OTA and engage with other lines of defense as needed including risk, compliance, legal, and audit
• Participate in cross business and function governance to effectively manage risk
• Prepare and present materials for ongoing team meetings and meetings with OTA senior management
• Maintain and develop internal documentation related to control testing governance
• Partner with stakeholders, including process owners and control officers, to document controls, enhance control language and develop/maintain test scripts that validate controls are being performed in compliance with bank policies, procedures, and regulatory requirements to mitigate technology risk to the firm
• Lead control walkthroughs and prepare meaningful documentation
• Execute testing of key controls based on internal and industry standards and guidelines for design and effectiveness
• Provide ongoing communication to internal stakeholders throughout the control testing process to keep them apprised of progress and findings, escalating when appropriate
• Manage iterative review and challenge of control testing results, working with appropriate stakeholders across the lines of defense (LoDs) to build consensus
• Manage control testing activities, including logistical scheduling and document retrieval to support control testing in accordance with internal requirements
• Provide project management support in tracking and coordinating the execution of policy and standards control testing activities
• Collaborate with process owners, control officers, and Business Unit Risk Managers (BURMs) to develop logic for automated control tests, identifying relevant data sources and measurement criteria for respective controls
• Communicate program status to senior management and stakeholders, identifying and escalating control gaps preventing adoption of automated testing
• Liaise with the LoDs to build consensus on effectiveness thresholds for testing
• Evaluate and establish protocols to enable continuous control monitoring, leveraging automated control testing parameters
• Liaise with risk assessment team and other stakeholders to ensure control testing is in alignment with broader risk assessment activities
• Create synergies by identifying opportunities to repurpose control testing results to satisfy assessment requirements across the bank
• Develop and distribute status reporting and communication related to control testing activities
• Work collaboratively with risk and control team to execute against technology risk governance procedures
• Prepare materials for ongoing team meetings and meetings with OTA senior management

Qualifications

• Bachelor's degree in accounting, finance, computer science, information systems, or equivalent preferred
• Preferred: degree from a competitive school, demonstrating a strong academic and extracurricular track record
• Preferred Certifications: Certified Public Accountant (CPA), Certified Internal Auditor (CIA)
• Additional Certification Considerations: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC)
• 6-8 years of experience in risk and control management; Minimum of 3 years of control testing experience
• 7+ years of experience in an audit, accounting, risk management role in operations or information technology/information security, and/or operational risk management (includes operations, operational risk management, compliance, audit, and third party risk management within technology and/or information security), or a combination thereof
• Preferred: Public accounting audit experience
• Also Considered: Professional in Project Management (PMP), Six Sigma Black Belt or Green Belt professional certifications
• Preferred: experience with process documentation, risk assessments and evaluation of control operating effectiveness
• Preferred: proficient with Microsoft Office (Project, PowerPoint, Excel, Word)
• Experience with process documentation, risk assessment, evaluation of control operating effectiveness and designing/executing test scripts for operations and/or technology controls
• Understanding of the regulatory environment and regulations related to technology and operations risk, and Office of the Comptroller of the Currency (OCC) and Federal Reserve Board (FRB) expectations
• Experience with problem solving in a team environment by thinking outside of the box, providing innovative solutions with and without technology
• Experience with managing resources effectively to execute required functions
• Prior supervisory and or management role with a focus on talent development
• Preferred: knowledge in technology and/or operations areas including, but not limited to: payments, wire transfer, commercial loans, trade services, access management, network security, enterprise architecture, release management and incident response
• Preferred: experience in an audit, risk management or project management role
• Ability to manage multiple priorities concurrently, prioritize, and efficiently complete responsibilities while maintaining the highest quality
• Ability to support work streams with sometimes limited oversight/information from inception to completion
• Ability to identify obstacles and work in conjunction with others to identify options/solutions
• Ability to constructively work both independently and in collaborative environments involving all levels of management and employees
• Strong written and verbal communication skills to articulate information clearly and effectively

The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified .

We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.

A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.