MUFG
Head of Technology Risk Management - Business Unit Risk Manager, Director
MUFG, New York, New York, us, 10261
Head of Technology Risk Management - Business Unit Risk Manager, Director
Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long‑term relationships, serving society, and fostering shared and sustainable growth for a better world. With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career. Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The Head of Technology Risk Management will lead and oversee the firm’s technology risk management function within the First Line of Defense, reporting directly to the Technology Business Unit Risk and Control Officer (BURCO). This executive role involves developing, implementing, and maintaining an enterprise‑wide information risk management strategy to protect the firm’s assets, information, and reputation. The First Line Business Unit Risk Manager is responsible for managing organizational risks through the design and implementation of appropriate mitigating controls.
Key Partners
Technology CIOs across Infrastructure, Application Development, Engineering and Architecture
Independent risk (second line of defense), internal audit, and external regulators
Required Qualifications
10‑15+ years of technology and risk and control experience, including managing teams, preferably in a large financial institution or other highly regulated environment
Bachelor’s degree (MBA/M.S. preferred) in technology, engineering, risk management, computer science, information systems, or equivalent field
Experience implementing, executing, building or enhancing risk and control frameworks
Experience interacting with regulators on examinations and issues remediation
Experience interacting with second line of defense (SLoD) and third line of defense (TLoD) teams on issues life cycle, examinations, and emerging trend identification
Experience with managing resources (people, tools and/or budget) effectively to execute required functions
Relevant professional certifications a plus (CISA, CRISC, CISSP, AWS/Azure Certified Cloud Practitioner)
Foundational Skills & Experience
Risk management exposure including evaluating the adequacy and efficiency of internal controls, performing risk assessments, identifying issues, developing remediation plans and overseeing remediation
Understanding of the regulatory environment and regulations related to risk, Office of the Comptroller of the Currency (OCC) and Federal Reserve Board (FRB) expectations
Experience with risk metrics definition and reporting/scorecard development utilizing key risk metrics tools preferred
Familiarity with industry best practices and frameworks such as COSO, COBIT, NIST CSF and 800-53, Cybersecurity Horizontal Reviews, and ITIL in a complex environment
Understanding of application development, secure by design, and system development lifecycle (SDLC) practices and framework and the key risks associated
Strong communication, presentation, influencing, and analytical skills
Serving as a trusted advisor to the ITA BURCO and exercising sound judgment in continuous improvement
Responsibilities
Lead a team of control officers to drive work to successful completion, project manage, and pragmatically solve problems
Maintain strong engagement across multiple stakeholders, collaborate with key senior business partners and stay abreast on risk, control agendas
Drive risk culture; influence self‑identification and disclosure of control self‑assurance gaps
Work across functional organizations to identify synergies
Participate on various governance committees to assess and respond to emerging risks and participate in ad‑hoc working groups to resolve new areas of risk
Establish, enhance, and actively monitor key risk metrics
Develop root cause and remediation plans to resolve negative trends or failures
Issue identification: partner with business to proactively identify MSIs and appropriately document issues, review and challenge issue lifecycle validation, and support management to generate various metrics and reports for senior management and board level committees
Stakeholder engagement: engage with Operations & Technology key stakeholders, management, BURMs, SLoD, and TLoD to ensure risks are understood across all LoDs and risk treatment is properly identified and remediated
Professional Certifications
Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
Certified Information Systems Security Professional (CISSP)
AWS/Azure Certified Cloud Practitioner
Benefits The typical base pay range for this role is between $180,000 and $225,000 depending on job‑related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance‑based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package including comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays.
Equal Opportunity Employer We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.
#J-18808-Ljbffr
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long‑term relationships, serving society, and fostering shared and sustainable growth for a better world. With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career. Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The Head of Technology Risk Management will lead and oversee the firm’s technology risk management function within the First Line of Defense, reporting directly to the Technology Business Unit Risk and Control Officer (BURCO). This executive role involves developing, implementing, and maintaining an enterprise‑wide information risk management strategy to protect the firm’s assets, information, and reputation. The First Line Business Unit Risk Manager is responsible for managing organizational risks through the design and implementation of appropriate mitigating controls.
Key Partners
Technology CIOs across Infrastructure, Application Development, Engineering and Architecture
Independent risk (second line of defense), internal audit, and external regulators
Required Qualifications
10‑15+ years of technology and risk and control experience, including managing teams, preferably in a large financial institution or other highly regulated environment
Bachelor’s degree (MBA/M.S. preferred) in technology, engineering, risk management, computer science, information systems, or equivalent field
Experience implementing, executing, building or enhancing risk and control frameworks
Experience interacting with regulators on examinations and issues remediation
Experience interacting with second line of defense (SLoD) and third line of defense (TLoD) teams on issues life cycle, examinations, and emerging trend identification
Experience with managing resources (people, tools and/or budget) effectively to execute required functions
Relevant professional certifications a plus (CISA, CRISC, CISSP, AWS/Azure Certified Cloud Practitioner)
Foundational Skills & Experience
Risk management exposure including evaluating the adequacy and efficiency of internal controls, performing risk assessments, identifying issues, developing remediation plans and overseeing remediation
Understanding of the regulatory environment and regulations related to risk, Office of the Comptroller of the Currency (OCC) and Federal Reserve Board (FRB) expectations
Experience with risk metrics definition and reporting/scorecard development utilizing key risk metrics tools preferred
Familiarity with industry best practices and frameworks such as COSO, COBIT, NIST CSF and 800-53, Cybersecurity Horizontal Reviews, and ITIL in a complex environment
Understanding of application development, secure by design, and system development lifecycle (SDLC) practices and framework and the key risks associated
Strong communication, presentation, influencing, and analytical skills
Serving as a trusted advisor to the ITA BURCO and exercising sound judgment in continuous improvement
Responsibilities
Lead a team of control officers to drive work to successful completion, project manage, and pragmatically solve problems
Maintain strong engagement across multiple stakeholders, collaborate with key senior business partners and stay abreast on risk, control agendas
Drive risk culture; influence self‑identification and disclosure of control self‑assurance gaps
Work across functional organizations to identify synergies
Participate on various governance committees to assess and respond to emerging risks and participate in ad‑hoc working groups to resolve new areas of risk
Establish, enhance, and actively monitor key risk metrics
Develop root cause and remediation plans to resolve negative trends or failures
Issue identification: partner with business to proactively identify MSIs and appropriately document issues, review and challenge issue lifecycle validation, and support management to generate various metrics and reports for senior management and board level committees
Stakeholder engagement: engage with Operations & Technology key stakeholders, management, BURMs, SLoD, and TLoD to ensure risks are understood across all LoDs and risk treatment is properly identified and remediated
Professional Certifications
Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
Certified Information Systems Security Professional (CISSP)
AWS/Azure Certified Cloud Practitioner
Benefits The typical base pay range for this role is between $180,000 and $225,000 depending on job‑related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance‑based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package including comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays.
Equal Opportunity Employer We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.
#J-18808-Ljbffr