Vice President,Risk and Control – Digital Engineering

Do you want your voice heard and your actions to count? Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.Accountable for defining, creating and governing the Digital Engineering Risk and Control strategy in accordance with the wider EMEA Technology IT Risk and Control vision and strategy and risk appetiteAccountable for defining the Digital Engineering Solutions and Services risk appetite and framework in accordance with the overall Technology departments risk appetite and tolerance framework, managing the departments operational, regulatory and financial riskDefine and evolve the Digital Engineering Services and Solutions Key Risk Indicators’ and Controls and govern accordinglyPresent the department’s risk landscape, providing proactive oversight and prioritisation to ensure timely closure of issueRun the departments Risk/Control/ Audit monthly forum committee presenting high quality risk reports and insights to Head of Digital Engineering Services and Solutions and the Extended Leadership TeamResponsible for providing visibility of the Extended Leaderships Teams EOL roadmap, the departments position and Product Owners remediation plan and progressPrimary contact for all risk, control and audit issues across all Digital Engineering Solutions and Services teamsProvide assurance over the department’s controls design and effectiveness, ensuring controls are proportionate and embedded in day‑to‑day department activityProvide proactive assurance around risk management through appropriate data driven monitoring and through the implementation of structured sampling techniques to validate that controls are functioning as intended before failureEducate and lead the Digital Engineering Staff defining best practice operations and governance in line with industry and company standardsWork in partnership with the Digital Engineering Solutions and Services Product and Platform owners, challenging and advising on risk management for new products, processes and change programmes. Provide risk-based decision making, supporting the department to make informed, risk-based decisions by providing an aggregated view of risk exposuresRun the departments Risk/Control/ Audit monthly forum committee presenting high quality risk reports and insights to Head of Digital Engineering Services and Solutions and the Extended Leadership TeamResponsible for providing visibility of the Extended Leaderships Teams EOL roadmap, the departments position and Product Owners remediation plan and progressDrive and adhere to strategic direction of accountable pillars, while supporting the rest of the departmentResponsible for managing Issue Management on behalf Digital Engineering Services and Solutions departmentHandle potential sensitive information relating to Cyber Security events and assessments on behalf of Digital Engineering Services and SolutionsWork across all areas of the Digital Engineering Services and Solutions department to ensure the Digital Engineering Control & Governance team provides necessary support services, oversight function and governance capabilities to all other extended leadership teams and stakeholders.Responsible for building strong relationships across the Bank and Securities functions, underpinned by trust and the core values of the bank. Developing strong relationships with key stakeholders such as IT Risk & Control, Cyber Security, other technology pillars, Operational Risk, Internal Audit, Compliance and external parties where applicableA senior role, that plays a pivotal part in strengthening a proactive, inclusive risk culture leading with example of the right leadership, culture and behaviours that are required in the bank.KEY RESPONSIBILITIESOversee Digital Engineering Services and Solutions relationship with IT Risk and 3rd parties for all external audits and assessments.Oversee Digital Engineering Services and Solutions relationship with IT Risk for all internal audits which have an Infrastructure or Service Management aspect.Ensure strong governance, structures and processes are in place to support effective operational risk and control management across the departmentAccountable for managing Open Issues on behalf of the Digital Engineering Services and Solutions department, tracking and ensuring proactive remediation and timelySupport Digital Engineering Solutions and Services extended leadership teams with creation/attestation of key controls against the Operational Risk Framework.Manage engagement with stakeholders to design, plan and deliver remediation actions for control deficiencies. Oversee risk identification and mitigation efforts, ensuring understanding of strategic goalsEnsure departments adherence to internal policies and external regulatory requirementManage complex risk related loss events, conducting root cause analysis, working with Product and Platform owners to develop response plansPerform applicable operational control checks across Infrastructure and engage with other areas of Technology when requiredWork in partnership with the departments Incident management and Threat and Vulnerability team to detect and address vulnerabilitiesEnsure that the team operates in a controlled manner in accordance with standards and procedures whilst adhering to all related security and compliance proceduresIn conjunction with IT Risk, Security and Control, ensure that all regulatory requirements are fully complied with, including SOX assessments and appropriate defences and controls are in place to deal with all cyber risksExecute risk governance across all Digital Engineering Solutions and Services verticals.Provide support to Digital Engineering Services and Solutions for pen test findingsProduce and manage Digital Engineering Solutions and Services owned Key Risk Indicators.Support disaster recovery exercises, ensuring new services are documented and deployed with BCP/DR in mindProvide advisory assistance to IT Risk and Control relating to My Access Live (MaL) and Access Management processes, acting as input into review processes with particular emphasis on Digital Engineering related platformsInput into Incident Management Process where appropriateSupport new applications as and when released to the businessEscalate potential service issues to the ManagementProduce regular risk management data for Management. Chair the Departments Risk Oversight CommitteeDrive and adhere to strategic direction of accountable pillars, while supporting the rest of the department.Support development of team with a strong focus on building future capabilitiesLead and champion MUFG’s inclusive, diverse, and values-led culture while fostering a growth mindset to embrace new technologies, industry advancements, and innovative use casesEnsure appropriate risk awareness training is in place across the department to fulfil current and future requirementsLead and promote a dynamic, delivery driven culture that works alongside business units to provide responsive resolutions and value driven solutionsBuild and nurture strong relationships with internal and external stakeholders, including business teams, to promote collaboration, understand industry’s best practices, and influence positive change across the organizationSupport location strategies prescribed from MUFG and enable transitions (where appropriate) seamlesslyWORK EXPERIENCEEssential:Extensive experience leading and managing risk and control and teams across multiple regions within a within a regulated environment.Extensive proficiency in scenario analysis and developing mitigation strategiesExperience representing risk and control on behalf of a large Technology department to an Executive level audienceA strong track record of engaging credibly with Executives providing confident challenge and clear, decision‑ready insight.Experience of working alongside network, server, database, desktop; asset management and storage functionsExperienced in dealing with vendors and third-party suppliersStrong track record of managing teams and building effective partnerships with peersExperience with comprehensive disaster recovery architecture and operations, including storage area network and redundant, highly available server and network architecturesExperience with regulatory compliance issues as they apply to InfrastructureSKILLS AND EXPERIENCEEssential:Extensive experience leading a risk & control function in a financial services organisation.Extensive experience working with Risk Management tools e.g Open PagesUnderstanding of the COBIT, NIST 2 frameworkExtensive experience leading internal audit and external audit bodies.Proven track record of managing risk related issues for large departments, through the lifecycle of creation, reporting and remediation.Experience with industry-specific regulatory requirements and their impact on operational risk. In-depth understanding of compliance obligations related to AML, data privacy, cybersecurity, and FCA regulations.Excellent knowledge of regulations such as SOX and external assessments such as CBESTExtensive prior experience working within Infrastructure environment and high-level understanding of the environment, platforms and technology.Solid Understanding of threat & vulnerability management processes and technologiesExtensive exposure of Incident Management and Problem management and route cause analysisProven ability to communicate effectively with Senior Management providing governance oversightAbility to balance strategic goals with practical risk management solutions. Interpret and analyse risk data and provide relevant insightsPrior experience of managing people and leading a Risk and Control team with line management responsibilitiesExperience of sitting within a Management Team directly reporting to L2 Management or aboveDesirableKnowledge of authentication services technologyEducation/ QualificationEssentialITIL ExpertCRISCCISA / CISMEducated to a degree level or equivalent.DesirableFRMPRMCFAMBAPrince 2 FoundationPERSONAL REQUIREMENTSExcellent communication skills with strong leadership and people management skills to manage a team of technical specialists, inspiring trust and motivationAbility to manage constructive conflict effectivelyAbility to build strong and lasting relationships across the bankResults driven, with a strong sense of accountability, focused on business outcomesStrong decision-making skills, the ability to demonstrate sound judgementA structured and logical approach to workA creative and innovative approach to workExcellent interpersonal skillsThe ability to manage large workloads and tight deadlinesExcellent attention to detail and accuracyA calm approach, with the ability to perform well in a pressurised environmentA confident approach, with the ability to provide clear direction to your teamAbility to lead a high performing teamA strategic approach, with the ability to lead and motivate your teamConscientious, methodical and logical approach to workWe are open to considering flexible working requests in line with organisational requirements.MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law….