Vice President, Business Unit Risk & Control Manager - Cybersecurity

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

MUFG  (Mitsubishi  UFJ  Financial  Group)  is  one  of  the  world's  leading  financial  groups.  Headquartered  in Tokyo and with approximately 350 years of history, MUFG is a global network with around 2,300 offices in over 50 countries including the Americas, Europe, the Middle East and Africa, Asia and Oceania, and East Asia. The  group  has  over  150,000  employees,  offering  services  including  commercial  banking,  trust banking, securities, credit cards, consumer finance, asset management, and leasing.

As one of the top financial groups globally with a vision to be the world's most trusted, we want to attract, nurture  and  retain  the  most  talented  individuals  in  the  market.  The  size  and  range  of  MUFG's  global business  creates  opportunities  for  our  employees  to  stretch  themselves  and  reap  the  rewards,  whilst  our common values, to behave with integrity and responsibility, and to build a culture which is fair, transparent, and  honest,  underpin  everything  that  we  do.  We  aim  to  be  the  financial  partner  of  choice  for  our  clients, whatever  their  requirements,  building  long-term  relationships,  serving  society,  and  fostering  shared  and sustainable growth for a better world.

Please visit our website for more information - mufgemea.com.

NUMBER OF DIRECT REPORTS

4-5

MAIN PURPOSE OF THE ROLE 

This is a critical role to provide oversight of risks and controls relating to Identity and Access Management (IAM). We are embarking on a multi-year uplift of our IAM processes and controls, this role forms a key part of both our remediation plans during and post-remediation to provide oversight and monitoring of IAM controls to ensure effective operation in line with regulatory and audit expectations. The role will deliver reporting, governance and escalation over all aspects of identity and access management ensuing that all participants are adhering to controls and standards in the IAM lifecycle. A key aspect of this will be the oversight of implementation and operation of the Toxic Combination framework. Reporting to the Head of Technology Risk Governance you will play a key and highly visible role in the management of IAM risks across the MUFG business.

KEY RESPONSIBILITIES

• Working with the Identity and Access Management team to help define key controls for the IAM function. Ensuring that controls are effectively designed to mitigate IAM risks as well as ensuring they meet the requirements for internal and external audit as well as other regulatory initiatives and group standards.
• Developing Key Control Indicators, Key Risk Indicators and continuous control monitoring strategies to assess the performance of key controls.
• Developing a testing strategy to formally test key IAM controls.
• Work with IAM team to develop remediation strategies and monitor this remediation for effectiveness
• Co-ordinating and overseeing the Toxic Combination framework. Ensuring full participation from business and technology stakeholders. Managing the violations process to ensure any identified toxic combinations are managed and escalated.
• Co-ordinating IAM Governance meeting to transparently report the performance of IAM processes and controls and to provide escalation where controls are not being adhered and where any  potential violations need to approved
• Being the point of contact to ensure IAM risks are addressed via the SDLC process.
• Engaging with both internal and external audit in relation to identity and access management risk and controls.

WORK EXPERIENCE

•           Experience in Identity and Access Management, preferably in financial services sector

•           Experience in delivering multi-year remediation Identity and Access Management programs

•           Experience working with the business stakeholders to define a Toxic Combination framework

• Very strong understanding of internal, external audit expectations and SOX requirements
• Very strong understanding of Identity and Access Management processes and controls including external audit and SOX requirements
• Good knowledge of control frameworks such as NIST, CRI, DORA, SOX.
• Good understanding of investment banking business processes and applications to allow credible engagement with application owners and business owners on Toxic Combination and segregation of duties topics
• Experience developing continuous control monitoring, key risk indicators and key control indicators, where possible automating reporting and data production
• Experience of developing effective and efficient control testing strategies
• Excellent written and verbal communication skills

PERSONAL REQUIREMENTS

• Self-motivated and proactive
• Balance risk with opportunity and ability to prioritise
• Ability to influence up to senior levels of the organisation
• Excellent reporting and presentation skills
• Confident in delivering difficult messages to senior management
• Organised and results focused
• Excellent and innovative communicator with the ability to use data to simplify complex concepts for both technical and non-technical audiences
• Collaborate and build partnerships with technical and non-technical members
• Think strategically, with structured and logical approach to work
• Able to work to tight deadlines
• Logical and objective even under pressure
• Results driven, with a strong sense of accountability
• Strong decision making skills, the ability to demonstrate sound judgement
• Meticulous attention to detail.

We are open to considering flexible working requests in line with organisational requirements.

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.

We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.