Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 7th largest financial group in the world. Across the globe, we’re 160,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

IRMD is a regional first line of defence function supporting MUFG Bank’s branches in Asia Pacific region. This role is a team lead and is a subject matter expert in the principles, processes and technical aspects of domains related to IT Governance, Risk and Compliance (ITGRC), and is responsible for establishing and maintaining first line governance and oversight on the management of IT risks within the Bank.

Roles & Responsibilities:

• To develop and implement a Controls Testing Capability which will be responsible for evaluating compliance to Technology Standards and providing early visibility of potential risks.

• With the goal to improve clients and regulators confidence and to maximize risk reduction, the Control Assurance Lead is required to lead a regional capability that will identify, document and test key controls across

• The Technology Controls Assurance Lead will define the methodology for controls testing and implement the central controls library and establish the controls testing capability.

• This new team will provide governance, oversight, and assurance, as well as advocating and imparting lessons and good practice to shape the design and implementation of controls related to technology assets and processes. In addition, determining whether the controls are designed and operating effectively.

• Define and implement the Controls Testing methodology to be implemented across APAC region.

• Build a central Controls Library for Technology and ensure Controls are adequately defined and kept current and in a consistent manner that they can be tested.

• Ensure the Controls Library covers all mandatory elements from the Banks’ Technology Standards.

• Lead the Controls testing capability, ensuring that Controls are tested and reported on time.

• Lead the delivery of metrics reporting (KRI and KCI) that accurately measures the performance.

• Lead the control testing engagement and reporting services to ensure control testing services exceed stakeholder (business, 2LoD and Audit) expectations and deliver tangible benefits.

• Ensure that control testing outcomes, including the identified issues are reported to appropriate forums.

• Drive compliance with the Bank’s risk framework and policies (e.g., ORMF, IT RMF, etc.).

• Ensure the Controls testing capability is efficient and that controls testing is prioritized to maximize ROI.

• Implement a Controls Testing capability that sufficiently covers the Banks Technology Standards and provides senior management with early visibility of potential risks and issues.

• Ensure Controls Testing capability meets the expectations of key regulatory requirements e.g., SOX requirements.

• Drive the continuous improvement of risk and control processes, ensuring that Standards and Processes that are dependencies for Control Testing are fit for purpose.

• Ensure all team members have clear goals, responsibilities and drive a high-performance culture.

• Provide strong leadership, management and coaching for colleague(s).

• Provide proactive self-orienting and self-motivating leadership, and work with limited direction.

• Lead through example and build the appropriate culture and values. Set appropriate tone and expectations, and work in collaboration with risk and control partners.

• Build the right mix of SME and risk & control skills.

• Provide leadership and steering in the Technology Risk Forums.

• Support liaison with Internal Audit and any third party or regulatory inspections.

• Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.

• Work with 1LoD stakeholders and 2LoD risk management team to drive efficiency, effectiveness and reduce duplication.

• Provide thought leadership on control design, assessment, testing processes and drive continuous improvement.

• Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction.

• Manage and drive continuous improvement of the Technology control environment through proactive risk management and control testing.

• Provide timely and accurate reporting to appropriate committees.

• Ensure appropriate oversight and facilitate resolution of high impact risk and issues.

• Tracking and reporting of risk assessments (e.g., audits, risk assessments, etc.) and their outputs to ensure oversight and escalation mechanisms are in place to provide MI on obligations.

• Work with ASO teams to identify emerging risks and ensure they are appropriately addressed and subjected to formal governance.

• Support continuous improvement of the internal risk profile reporting, issue management processes and supporting tools.

• Display exemplary conduct and live by the Global Values and Code of Conduct.

• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across MUFG.

• Effectively and collaboratively identify, escalate, and resolve conduct and compliance matters.

• Provide timely and accurate risk & control information to support regulatory meetings and RFIs.

Job Requirements:

• Minimum 8 years of relevant experience in Technology Risk in a Control and/or Assurance capacity.

• Experience in quality Assurance ,Testing and Controls Models (e.g., COBIT, COSO.)

• Experience in managing a team

• Experience in IT Standards, Procedures, Policies and SDLC

• Good working knowledge in Controls Models (e.g., COBIT, COSO, etc.)

• Experienced team player with the ability to work independently to organise, manage and complete projects within tight deadline.

• Good understanding of IT Governance, Risk and Compliance principles, IT controls in all disciplines of technology domains, as well as Cyber Security related risks.

• Good working knowledge of relevant IT-related laws and regulations of the Asian Pacific region, understanding of industry trends, knowledge on technology like Cloud, Cryptography and IT security products etc..

• Experience managing a first-, second-, or third-line function responsible for technology and information security related risks and controls.

• Good interpersonal skills to effectively work in partnership with colleagues globally.

• Excellent written and verbal communication skills, strong attention to detail.

• Analytical skills with the ability to provide practical solutions for effective risk management.

• Self-driven and independent, able to work well cross-functionally, to think rigorously and make hard decisions and trade-offs when required.

• Good knowledge of people and project management and infrastructure operations

• Willing to take on new tasks and initiatives to contribute towards continuous improvement.

• Preferably “Certified in Risk and Information System Controls” (CRISC), or “Certified Information Systems Auditor” (CISA) or “Certified Information Systems Manager” (CISM).

We regret to inform that only shortlisted applicants will be notified.

MUFG Bank Ltd & MUFG Securities Asia Limited (collectively referred to as “MUFG”) is an equal opportunity employer. We view our employees as our key assets as they are fundamental to our long-term growth and success. MUFG is committed to hiring based on merit and organsational fit, regardless of race, religion or gender.

At MUFG, our colleagues are our greatest assets. Our Culture Principles provide a roadmap for how each of our colleagues must think and act to become more client-obsessed, inclusive and innovative. They reflect who we are, who we want to be and what we expect from one another. We are excited to see you take the next step in exploring a career with us and encourage you to spend more time reviewing them!

Our Culture Principles

• Client Centric

• People Focused

• Listen Up. Speak Up.

• Innovate & Simplify

• Own & Execute