Business Controls Department
The Mizuho Americas Business Controls Department (BCD) is a team of first line of defense (1LoD) risk and control professionals performing essential enterprise control functions across the company including Third Party Risk Management, Business Continuity Planning, Data Management Operations, Data Loss Prevention, and Business Risk and Control Services. The functions performed span all lines of business and corporate functions across the Americas region. The department is also accountable for spearheading the company’s efforts to understand and manage data privacy, fraud, conduct, reputational, and strategic risk. The department creates singular accountability and a “one stop shop” for all enterprise control services. The Mizuho Americas BCD is part of the Mizuho Americas Corporate Strategy & Administration Division.
Third Party Risk Management Unit
The Third Party Risk Management Unit (TPRMU) is a 1LoD risk function that is responsible to provide a white-glove service by working closely with all business lines and corporate functions to shepherd them through the Third Party Risk Management (TPRM) process, work directly with the Third Parties to perform Due Diligence and to provide oversight of the Third Party Risk Management function.
Third Party Due Diligence Team (TPDD)
Third Party Due Diligence (TPDD) is a team in the Third Party Risk Management unit of the Mizuho Americas Business Controls Department, that performs Third Party Risk Assessments in the areas of IS, IT, and BCP for all MUSO entities. TPDD Assessors perform an assessment of the existence and effectiveness of controls in place to identify the risks related to third party service providers as incidents related to third parties can lead to business disruptions, impact clients, raise regulatory concerns, cause reputational damage or incur financial loss.
The individual will be a part of the Third Party Due Diligence Team and is expected to work remotely with periodic onsite visits to the office. The level of the position is commensurate with the experience and knowledge of the individual selected for the role.
Roles and Responsibilities:
Perform third party risk monitoring process utilizing BitSight tool to evaluate the cybersecurity posture of Mizuho third and fourth parties.
Perform location risk monitoring process of third parties utilizing Supply Wisdom tool to assess risks associated with specific locations such as political stability, security threats, natural disaster, and other factors that may impact business operations.
Perform due diligence monitoring activities to ensure that remediation plans are worded appropriately, service locations are updated correctly, Certificate of Insurances (COIs) and Service Organization Controls (SOC) Reports are obtained timely, reassessment due dates of multiple engagements are aligned properly and others.
Perform annual assessment for Head Office per the Outsourcing Management of System Development/Operation Procedure.
Collaborate with various stakeholders, including third party providers, business units, Legal, Compliance and other teams.
Conduct risk assessment to ensure compliance with MUSO Third Party Risk Management (TPRM) and Third Party Risk Assessment Procedures.
Perform due diligence review to identify control gaps that identifies the existence and effectiveness of the implemented controls in accordance with MUSO policies and procedures.
Assess the risks associated with third-party relationship and identify findings for Mizuho entities.
Review evidences received from third parties to ensure that the adequacy of controls and provide assurance that the remediation plans effectively closed the identified findings.
Perform on-site reviews.
Lead process improvement activities, participating in information security assessment special projects and other assessment related activities.
Update TPDD Standard Operating Procedure.
Assist in gathering assessment result documents needed for an audit.
Qualifications
Exceptional skills in data analysis and advanced proficiency in Excel (e.g. Functions and Formulas)
Exceptionally high attention to detail and accuracy.
Proficient in using risk assessment tools (e.g. Archer), monitoring tools (e.g. BitSight and Supply Wisdom), and Microsoft Office Suite.
Work independently with minimal supervision and possess consistent sound judgment.
Ability to prioritize tasks and projects to meet deadlines.
Ability to review processes and identify improvements to develop best practices.
Proficient in managing multiple tasks and projects with effective project and time management skills.
Strong interpersonal and critical thinking skills with the ability to collaborate with others to deliver impactful results.
Strong written and verbal communication skills to prepare detailed reports and effectively communicates with stakeholders.
Bachelor’s degree in relevant field such as information security, cybersecurity, business administration, finance, or risk management. Relevant certifications (e.g. CTPRA, CTPRP, CISA, CRISC and/or CISSP certification).
3-5+ years in risk assessment, third-party risk management, vendor management, or related field – Big 4, Consulting or IT internal audit experience.
Knowledge of contract review, data privacy, information security, information technology and Business Continuity Plan principles.
Ability to identify and assess potential risks and vulnerabilities and ensure evidence is sufficient when assessing the relevant controls.
Experience with Shared Assessments evaluations.
Mizuho has in place a hybrid working program, with varying opportunities for remote work depending on the nature of the role, needs of your department, as well as local laws and regulatory obligations.
Company Overview
Mizuho Financial Group, Inc. is the 15th largest bank in the world as measured by total assets of ~$2 trillion. Mizuho’s 60,000 employees worldwide offer comprehensive financial services to clients in 35 countries and 800 offices throughout the Americas, EMEA and Asia. Mizuho Americas is a leading provider of corporate and investment banking services to clients in the US, Canada, and Latin America. Through its acquisition of Greenhill, Mizuho provides M&A, restructuring and private capital advisory capabilities across Americas, Europe and Asia. Mizuho Americas employs approximately 3,500 professionals, and its capabilities span corporate and investment banking, capital markets, equity and fixed income sales & trading, derivatives, FX, custody and research. Visit www.mizuhoamericas.com.
Mizuho Americas offers a competitive total rewards package.
We are an EEO/AA Employer – M/F/Disability/Veteran.
We participate in the E-Verify program.
We maintain a drug-free workplace and perform pre-employment substance abuse testing.
#LI-MIZUHO