10036037-WD - OTA Risk and Control Automated Testing Developer, AVP
Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018). In the Americas, we’re 14,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, developing positive relationships built on integrity and respect. It’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. We’re a team that accepts responsibility for the future by asking the tough questions and owning the solutions. Join MUFG and be empowered to make your voice heard and your actions count.
OTA Risk and Control Automated Testing Developer, AVP
As part of an effective risk and control framework, Operations and Technology for the Americas (OTA) documents and executes risk and control assessments across processes related to Operations and Technology. There is a comprehensive coverage and joint accountability model within the Risk and Control Office of OTA that promotes early identification and assessment of operational and technology risk, effective design and evaluation of controls, and sustainable solutions to mitigate operational and technology risk. Control Testing is an integral part of the bank’s compliance with Policies and Standards, identifying whether controls are operating as intended to mitigate associated risk.
- Member of Centralized Control Testing team oversees timely completion of Control Testing activities associated with Risk and Control Self-Assessment (RCSA)/Policy and Standard Control Testing (PSCT) and other assessment programs
- Design, engineer and implement automated and continuous control testing for Technology and Operations controls
- Partner with stakeholders, including Process Owners and Control Officers, to document and enhance control language, enabling automated control tests that validate controls are being performed in compliance with Bank policies, procedures and regulatory requirements to mitigate Technology risk to the firm
- Collaborate with Process Owners, Control Officers and Business Unit Risk Managers to develop, validate and implement logic for Automated Control Testing, identifying relevant data sources and measurement criteria for respective controls in accordance with internal and industry testing methodologies
- Support the implementation of Continuous Control Monitoring (CCM) by designing, documenting and implementing logic for control breaks, alerting, disposition and closure
- Support the creation of a workflow to enable real-time remediation of control breaks, including assigning control breaks to relevant partners
- Development and maintenance and of internal documentation related to Automated Control Testing and CCM
- Support reporting of program status to senior management on progress of control testing automation and CCM, identifying and escalating control gaps preventing adoption of the programs
- Create dashboards for Control Testing results for both manual and automated control testing
- Develop and distribute reporting on Control Testing progress and results
- Support program management of strategic Automated Control Testing and CCM platform by identifying and prioritizing controls for inclusion in the program
- Define criteria/intake process for inclusion of controls in Automated Control Testing and CCM platform
- Support iterative review and challenge of Automated Control Testing and CCM logic, working with appropriate partners across the lines of defense
- Participate in walkthroughs for Technology and Operations controls and prepare meaningful documentation
- Prepare materials for ongoing team meetings and meetings with OTA senior management
- Work collaboratively with Risk and Control team to ensure program is executing against technology risk governance procedures
- 2-5 years of experience in IT Risk and Controls performing Audit and Control Checks or Implementation of Control Measures
- Experience in designing, implementing and operationalizing continuous control testing and monitoring of Technology controls.
- Experience working in a full Software Development Lifecycle using Agile project delivery
- At least 2 years of actual programming experience in Python, and or JVM languages (Java/Scala)
- Strong analytical skills working with data, dashboards and reporting
- Experience in creating complex queries using Structured SQL
- Ability to support work streams with sometimes limited oversight/information from inception to completion
- Ability to constructively work both independently and in collaborative environments involving all levels of management and employees
- Strong written and verbal communication skills to articulate information clearly and effectively
- Experience with problem solving in a team environment by thinking outside of the box, providing innovative solutions with and without technology
- Ability to manage multiple priorities concurrently, prioritize and efficiently complete responsibilities while maintaining the highest quality
- Ability to identify obstacles and work in conjunction with others to identify options/solutions
- Bachelor's Degree in Computer Science, Information Systems, Technology Management or equivalent preferred
- Experience in multiple IT Risk and Control domains such as Identity and Access Management, Privileged Access, Vulnerability Management, Audit Logging, Privacy, Data Loss Prevention, Enterprise Architecture, Release Management and Incident Response
- Knowledge of Test-Driven Development (TDD), Behavior Driven Development (BDD) and/or Domain Driven Design
- Solid Understanding of Unit Testing, Continuous Integration (CI), Continuous Delivery (CD) and Jenkins
- Experience and solid understanding of any NoSQL databases, design and architecture
- Understanding of the regulatory environment and regulations related to Technology Risk in the financial industry (e.g. OCC and FRB expectations)
- Experience with process documentation, risk and control assessments and designing/executing ITGC test scripts
- Combined experience in IT external audit, IT internal audit, Technology Risk and/or ITGC assessment for compliance with SOX
- Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC)
- Big Four IT audit experience
- Experience in a project management role
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.
We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.
A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.