Technology Resilience Risk Oversight

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career. Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

OVERVIEW OF THE DEPARTMENT/SECTION

We are MUFG. 360 years of heritage. A world-class set of businesses. And more than 180,000 employees in 50 markets. It’s no surprise that MUFG has grown to become one of the top five banks in the world. Our services include commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. MUFG offers stability in an ever-changing market, providing services to high-profile clients worldwide. The Group’s operating companies include MUFG Securities EMEA plc and MUFG Bank.

The role sits in the Operational Risk Management team that reports into the Chief Risk Officer. The Operational Risk Management team is responsible for running the Operational Risk Management Framework and conducting oversight activities across the EMEA region. Within the scope of responsibilities of ORM is the Second Line of Defense activities for Technology Risk, Cyber Security, Third Party Risk Management and Operational Resilience.

MAIN PURPOSE OF THE ROLE

To assist with the development of the firm’s Second Line of Defence capabilities (policies, procedures, risks and controls) to manage Technology and Resilience risk in London and support across the EMEA region, in line with regulatory requirements, and to support the achievement of the Bank's strategic objectives.

KEY RESPONSIBILITIES

• Assist with the continuous embedding of the Operational Risk framework for the Technology risks and resilience controls within the Technology function working in conjunction with the First Line teams and Head Office.
• Monitoring regulatory changes in approach to Technology and recommend changes enhancements to the Control framework.
• Support the development and delivery of medium to long term objectives and actions within the framework, including greater oversight and additional testing of the Technology Resilience and Continuity Controls and RCSAs.
• Participate actively in the delivery of changes, enhancements, and projects in conjunction with the Technology and Technology Resilience teams.
• Provide robust check and challenge to the First Line of Defence as they identify, assess, manage and report their risks and issues through various tools and activities including risk and control assessments, key indicators, issue and incident management, and control assurance.
• Engage with the First Line technology resilience teams to support the management and review of events which cause business disruption.
• Deep dive on the Technology and Business Continuity KPI/KRI’s monitoring monthly trends and threats. Provide challenge on a SME level to the 1st line.
• Perform Second Line of Defence activities in the evaluation of risks for new products, systems and material change projects.
• Provide subject matter expertise, monitor and communicate the risk environment to management, and other key stakeholders effectively.
• When required, supervise developing members of the team in second line oversight, business-as-usual (BAU) activities and change initiatives.
• Assist in the creation and maintenance of a good Three Lines of Defence model and work across the region to promote Technology and Resilience Awareness and 2nd line challenge.

Regulatory compliance, affairs and change:

• Comply with and ensure that all staff under your responsibility (where applicable) comply with, the entities’ policies and procedures as well as all rules, laws and regulatory requirements emanating from any of the regulatory authorities to which the entities are subject.
• Remain up to date with regulatory changes; ensure that changes are understood and plans are developed for implementation as appropriate.

WORK EXPERIENCE

• Knowledge of banking and securities products and services.
• Excellent knowledge and experience of Technology risk management and application within the financial services industry.
• Proven and demonstrable ability to understand, identify, analyse and communicate clearly an organisation’s Technology Resilience and business continuity Risks.
• Proven experience in interpreting, understanding and applying legal / regulatory requirements to technology and technology resilience.
• Proven experience with reviewing and improving resilience strategies, controls aligned to traditional, hybrid and cloud-based architecture.
• Solid technical and functional knowledge of external regulations, policies and developments for Technology Resilience.
• Solid technical and functional knowledge of financial services internal rules and policies.
• Good understanding of the overall operational processes and technology challenges within the financial services industry.
• Experience of facilitating smooth communications between London, EMEA Offices and other regions globally.

SKILLS AND EXPERIENCE

• Functional / Technical Competencies: Technology resilience, continuity and remediation best practice (including industry frameworks such as ISO 22301 and ISO27001).
• Experience with legislation such as DORA/GDPR.
• Resilience by Design Principles.
• Experience in designing or reviewing disaster recovery strategies and business continuity controls for critical IT applications and systems.
• Governance, compliance and audit.
• An ability to facilitate smooth communications between London and other Regions, Tokyo Head Office (HO) and EMEA offices.

Education / Qualifications:

• Educated to degree level or equivalent industry experience.
• Professional certifications such as CBCI/CBCP, MBCI or CISSP are desirable.

PERSONAL REQUIREMENTS

• Strong team player with the ability to collaborate with business stakeholders.
• Clear and concise written and oral communication.
• Results driven, with a strong sense of accountability.
• Excellent interpersonal skills.
• Excellent accuracy and attention to detail.
• Good time management and ability to prioritise.
• Strong problem solving and critical thinking skills.
• Strong analytical skills to evaluate risk, understand and communicate underlying causes to different audiences.
• Excellent Microsoft Office skills.
• Good familiarity with GRC tools desirable.

PERFORMANCE AND DUTIES

The role holder will be assessed in accordance with their employing entity’s performance framework and process with relevant input obtained from the dual hatting entity as relevant. As duties and responsibilities change, the job description will be reviewed and amended in consultation with the role holder. The role holder will carry out other duties as are within the scope, spirit and purpose of the role as requested by their line manager or Department Head.

MANAGING CONFLICTS OF INTEREST

The role holder will have responsibilities for both MUFG Bank and MUFG Securities EMEA plc. The role holder will be required to perform their duties and responsibilities on an entity neutral basis, without favour.