Vice President, IAM Governance Manager

Do you want your voice heard and your actions to count? Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long‑term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career. Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

This is a critical role to provide oversight of risks and controls relating to Identity and Access Management (IAM). We are embarking on a multi‑year uplift of our IAM processes and controls, this role forms a key part of both our remediation plans during and post‑remediation to provide oversight and monitoring of IAM controls to ensure effective operation in line with regulatory and audit expectations. The role will deliver reporting, governance and escalation over all aspects of identity and access management, ensuring that all participants are adhering to controls and standards in the IAM lifecycle.

A key aspect of this will be the oversight of implementation and operation of the Toxic Combination framework. Reporting to the Head of Technology Risk Governance, you will play a key and highly visible role in the management of IAM risks across the MUFG business.

• Working with the Identity and Access Management team to help define key controls for the IAM function.
• Ensuring that controls are effectively designed to mitigate IAM risks as well as ensuring they meet the requirements for internal and external audit as well as other regulatory initiatives and group standards.
• Developing Key Control Indicators, Key Risk Indicators and continuous control monitoring strategies to assess the performance of key controls.
• Developing a testing strategy to formally test key IAM controls.
• Work with IAM team to develop remediation strategies and monitor this remediation for effectiveness.
• Co‑ordinating and overseeing the Toxic Combination framework.
• Ensuring full participation from business and technology stakeholders.
• Managing the violations process to ensure any identified toxic combinations are managed and escalated.
• Co‑ordinating IAM Governance meeting to transparently report the performance of IAM processes and controls and to provide escalation where controls are not being adhered and where any potential violations need to be approved.
• Being the point of contact to ensure IAM risks are addressed via the SDLC process.
• Engaging with both internal and external audit in relation to identity and access management risk and controls.

• Experience in Identity and Access Management, preferably in financial services sector.
• Experience in delivering multi‑year remediation Identity and Access Management programs.
• Experience working with the business stakeholders to define a Toxic Combination framework.
• Very strong understanding of internal, external audit expectations and SOX requirements.
• Very strong understanding of Identity and Access Management processes and controls including external audit and SOX requirements.
• Good knowledge of control frameworks such as NIST, CRI, DORA, SOX.
• Good understanding of investment banking business processes and applications to allow credible engagement with application owners and business owners on Toxic Combination and segregation of duties topics.
• Experience developing continuous control monitoring, key risk indicators and key control indicators, where possible automating reporting and data production.
• Experience of developing effective and efficient control testing strategies.
• Excellent written and verbal communication skills.

• Self‑motivated and proactive.
• Balance risk with opportunity and ability to prioritise.
• Ability to influence up to senior levels of the organisation.
• Excellent reporting and presentation skills.
• Confident in delivering difficult messages to senior management.
• Organised and results focused.
• Excellent and innovative communicator with the ability to use data to simplify complex concepts for both technical and non‑technical audiences.
• Collaborate and build partnerships with technical and non‑technical members.
• Think strategically, with structured and logical approach to work.
• Able to work to tight deadlines.
• Logical and objective even under pressure.
• Results driven, with a strong sense of accountability.
• Strong decision making skills, the ability to demonstrate sound judgement.
• Meticulous attention to detail.

We are open to considering flexible working requests in line with organisational requirements. MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.