Risk & Control Testing & Assessment AVP

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.

Job Overview:

The AVP will lead efforts to identify, assess, and oversee technology-related risks and controls within the Technology Control Testing team, with a primary focus on evaluating the design and operational effectiveness of controls as part of the RCSA program. This role will drive execution and oversight of control testing activities, ensuring that controls are appropriately designed to mitigate key risks and operate effectively in practice. Responsibilities may include Quality Assurance (QA) or Portfolio Oversight for a designated entity, maintaining alignment with regulatory expectations and supporting the future state initiatives.

Responsibilities:

Portfolio Oversight (Entity/MUBK)

• Portfolio Management: Coordinate and oversee control testing activities across the assigned portfolio. Plan, schedule, and monitor testing performed by designated analysts for all IT controls. Partner with stakeholders to refine control language and maintain test scripts that validate compliance with bank policies, procedures, and regulatory requirements. Participate in control walk-throughs and produce clear, well-structured documentation. Support tracking and reporting of testing progress.
• Quality Control (QC): Review work papers and evidence prepared by testers for completeness and accuracy. Ensure adherence to RCSA testing methodology and documentation standards. Confirm that all testing results and supporting evidence are accurately recorded in the GRC repository (OpenPages).
• Issue Management: Identify and document control failures, initiate issue records, and collaborate with control owners on remediation plans.
• Stakeholder Communication: Act as the primary liaison for IT control owners, providing timely updates on testing progress, preliminary observations, and final results. Escalate issues or delays to management as appropriate to maintain transparency.
• Team Development: Provide guidance, training, and mentoring to testers on RCSA procedures and best practices to ensure consistency and quality.
• Status Reporting: Deliver regular updates to the VP and governance forums on testing progress, issues, and trends.

QA & Governance

• Quality Assurance Oversight: Independently review and calibrate testing outcomes across all portfolios to ensure consistency and accuracy in pass/fail determinations.
• Governance & Methodology: Maintain and update testing methodology and SOPs in alignment with enterprise RCSA standards.
• Training & Calibration: Lead QA-related training initiatives for testers and AVPs, including workshops and refreshers on updated processes.
• Metrics & Reporting: Develop and report QA metrics, identify trends, and recommend improvements to leadership.
• Support RCSA Redesign Projects: Contribute expertise to projects such as RCSA redesign and CRI integration, translating diagnostic statements into test scripts.

Qualifications:

• At least 5+ years' experience in risk management, control testing, or related fields, within the financial services industry
• Strong working knowledge of RCSA frameworks, regulatory standards (e.g., COSO, NIST CSF, ISO), GRC tools (e.g. OpenPages), and supporting integrated tools (e.g. Power BI, SharePoint).
• Experience in working with multiple IT risk and control domains such as identity and access management, vulnerability management, SDLC, change /release/ incident management and technology operations within large enterprise environments.
• Hands-on experience performing or leading RCSA activities including ability to identify controls gaps, risk identification, control design, and control effectiveness testing.
• Demonstrated leadership, stakeholder management, and written and verbal communication skills including ability to articulate complex control issues clearly.
• Strong organizational and time management skills, ability to manage multiple priorities and mentor junior staff providing quality assurance, guidance, and knowledge sharing.
• Strong decision-making skills and confidence in exercising sound judgement when assessing control effectiveness. Meet deadlines for control testing and documentation and proactively escalate.
• Analytical mindset with high degree of attention to detail, meticulous documentation habits and commitment to continuous improvement.
• Maintain high standards of evidence and reporting to support audit and regulatory requirements.
• Leverage automation and analytics tools (e.g., OpenPages enhancements, RNG dashboards) to improve efficiency and visibility.
• Strengthen feedback loops between QA and execution teams to drive corrective actions and best practices.

Education:

Bachelor's degree in computer science, information systems, technology, or equivalent work experience preferred.

Other Qualifications:

As per MUFG's work policy for all personnel, candidates must work onsite for 4 days and 1 day remotely out of either Jersey City, NJ or Tempe, AZ office.

The typical base pay range for this role is between $93K - $116K depending on job-related knowledge, skills, experience, and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.

MUFG Benefits Summary

We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual's associates or relatives that is protected under applicable federal, state, or local law.