Mitsubishi UFJ Financial Group, Inc. (MUFG) is one of the world’s leading financial groups. Headquartered in Tokyo and with over 360 years of history, MUFG has a global network with around 3,000 offices in more than 50 markets. The Group has over 180,000 employees, and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. Please visit our website for more information - mufgemea.com.
The department covers Cyber Security, Information Security, IT Audit, IT Risks, IT Controls, Access Management and the portfolio for change for all these areas.
MAIN PURPOSE OF THE ROLE
To ensure effective management and control of technology risks, liaising with all Technology departments and some business functions within the MUS international business and MUFG group as necessary.
In addition, the candidate will be expected to deliver against the IT control library which will be used to document expected and existing controls which will further assist in identifying control gaps, risks and defining relevant treatment plans to mitigate identified risks.
Strong organisational skills are required as this role will cover a variety of IT process assurance and produce monthly reports to the senior management.
Engage with internal IT teams, external and internal audit to support the formal process for the management of ongoing audits to ensure good information flow and timely delivery of evidence required for internal and external audit to progress their audits.
In this role, you will be responsible for IT risk and control across MUFG’s banking arm and securities business under a dual-hat arrangement. Under this arrangement, you will act and make decisions on behalf of both the bank and the securities business, subject to the same remit and level of authority, and irrespective of the entity which employs you.
- Ensuring polices, standards and procedures are implemented and followed within the department
- Accountable for the delivery of assigned IT risk or governance related initiatives (COBIT, Annual IT risk evaluation, FFIEC, SOX audit etc.)
- Responsible for ensuring high quality deliverables for audit and risk related response especially when data is going out to outside of Technology
- Responsible for supporting and recommending IT process enhancements
- Responsible for Technology related audit finding and risk remediation progress tracking and reporting
- Ensure coherence of the bank IT security policies, by periodic IT control assessment and validation of effectiveness and design of the process.
- Responsible as a liaison to the 2nd and 3rd line function who provide assurance for Technology and MUFG. Additionally as the liaison between any external audit parties.
- Review and revise technology policies and standards on an annual basis.
- Conduct risk and control self-assessments for technology processes.
- Support technology owners to identify, document and monitor self-identified issues, with action plans, using Open Pages.
- Monitor and report monthly KRIs.
- Provide monthly reporting to various risk and management committees relating to risks, issues, controls, and assessments.
- Liaise with technology and business teams as necessary to ensure all systems meet security standards and/or agree appropriate measures to mitigate the risk.
- Maintain an up to date, working knowledge of current laws, regulations and best practices relating to technology controls.
- Provide Risk & Control awareness training to staff as necessary
SKILLS AND EXPERIENCE
Functional / Technical Competencies:
- Strong technical background with 3 + years’ experience in risk management with proven IT risk and/or IT governance skills is essential.
- Ability to make sense of complex situations and rapidly prioritise issues to take effective decisions in a commercial manner.
- Ability to manage multiple tasks to tight deadlines without sacrificing quality.
- Ability to build relationships with stakeholders at all levels.
- Ability to communicate complex information to a variety of audiences.
- Ability to work on own without direction.
- Has strong planning, communication (both written and oral) and presentation skills.
- Able to work in a cross-cultural and cross-functional environment.
Education / Qualifications:
- Certified in Risk and Information Systems Control (CRISC) or other relevant qualifications beneficial.
- Excellent communication skills
- Results driven, with a strong sense of accountability
- A proactive, motivated approach.
- The ability to operate with urgency and prioritise work accordingly
- Strong decision making skills, the ability to demonstrate sound judgement
- Excellent interpersonal skills
- The ability to manage large workloads and tight deadlines
- Excellent attention to detail and accuracy
- A calm approach, with the ability to perform well in a pressurised environment
- Excellent Microsoft Office skills
We are open to considering flexible working requests in line with organisational requirements.
MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.
We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.