MUFG Union Bank Jobs

Mobile mufg Logo

Job Information

MUFG Union Bank Assistant Vice President, Operational Risk Management in Singapore

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world. Across the globe, we’re 180,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

Job Responsibilities:

  • This is a regional second line role, the person will be working as an individual contributor, reporting into the technology risk team lead overseeing and supporting APAC branches (excl. Japan and China) to uplift regional technology risk management standard through close collaboration with regional and local first line of defence.

  • The person will be responsible for the review and challenge of key IT and cyber security risks to the Bank and influencing business and IT partners to take sound risk management decisions.

  • This role is a key member of ORM IT Risk team and subject matter expert in the principles, processes and technical aspects of domains related to IT Risk and Cyber Security.

Job responsibilities include but not limited to:

  • Support regional technology risk management standard roll out to the branches by providing guidance to local risk team to ensure timely and effective assessment, monitoring, escalation of technology risk

  • Providing “Subject matter Expertise” from the second line of defence in the principles, processes and technical aspects of domains related to Cyber and IT Security. This includes but not limited to Cyber & IT Security Maturity Assessment such as FFIEC CAT and NIST Cybersecurity Framework.

  • Working in close partnership with Tokyo Head Office and Systems Office for Asia (ASO – First Line of defence), Internal Audit Office for Asia (AIAO), various APAC branches to manage technology risk initiatives in accordance with regulatory requirements, MUFG internal policies, and industry best practices.

  • Support global and regional Technology risk projects

Second Line of Defence for Technology Risk Management will include but not limited to;

Technology Risk Governance, Oversight and Support

  • Develop, review and maintain the Technology Risk Management Governance standards, processes and methodologies in line with regulatory requirements, MUFG policies, and industry best practices

  • Perform thematic and targeted assurance reviews for prioritised areas, effectively articulate key risks/gaps, and guide first line of defence to establish improvement plans to address the gaps

  • Roll-out of regional standards to Asian branches to lift the branch technology risk management framework and to enable them to manage technology risk in a standardized and systematic manner

Risk Management and Audit

  • Review and provide effective challenge to security risk assessments performed by the first line of defence through committee meetings

  • Provide guidance on IT risk regulations, risk assessments and industry best practices to regional and local first and second line of defence so that they can focus their resources on key or high priority IT risk activities

  • Monitor and report key risk indicators and prepare risk reports and dashboards to support management and risk committees on operational risk oversight

  • Conduct FFIEC 2nd line risk assessment to all regional branches

  • Open issue management for Technology Risk Management incl. support to branches for regulatory and audit issues

  • Manage audit end to end through collaboration with all relevant parties including Head Office, regulators, internal/external auditors and subject matter experts

  • Work in partnership with head office, regional offices and branches to explore tools to automate and facilitate review and tracking of IT self-assessments, risk assessments, risk exceptions and acceptances


  • Execute necessary training on policies and standards to develop an effective risk culture for Technology Risk management

  • Provide advisory for technology compliance and risk management activities

  • Lead efforts on increasing IT risk awareness in the Bank to strengthen our first line of defence

Job Requirements:

  • Strong understanding of IT governance, risk and cyber security concepts with minimum 5 years of relevant experience. Experience in Financial service would be preferred.

  • Familiarity and implementation experience with IT risk and cyber security industry best practices and frameworks, as well as regulatory requirements and guidelines in Asia

  • Experience in executing technology and /or security risk assessment and testing methodologies evaluating the adequacy and efficiency of security controls, and identifying issues resulting from internal and or external compliance reviews

  • Experience in creation and review of work papers to document testing and/or issue closure for technology issue management including management of regulatory matters

  • Experience with automating and or the ability to conceptualising automated control solutions is highly desired

  • Experience with IT and cyber security risk metrics definition and reporting, scorecard development utilising key risk metrics tools (e.g. IBM OpenPages, Tableau, Access, etc.)

  • Ability to work effectively in a team environment, and takes initiatives to collaborate and challenge status quo, and adaptable to embrace new changes

  • Strong interpersonal and analytical skills attributes

  • Self-motivated and able to work independently and source for information, systematically evaluate options and recommend solutions

Education, Professional Qualifications and Experience

  • Degree in Information Security, Computer Engineering, Information Systems, Computer Science or equivalent

  • Professional certifications related to IT risk and cyber security such as CISSP, CISA, CISM, ISO/IEC 27000 series, COBIT, ITIL, etc. will be advantageous

  • IT professional with at least 5 years of relevant experience in cyber security, technology risk management, IT audit and/or related areas, within the Banking and Finance industry

MUFG Bank Ltd & MUFG Securities Asia Limited (collectively referred to as “MUFG”) is an equal opportunity employer. We view our employees as our key assets as they are fundamental to our long-term growth and success. MUFG is committed to hiring based on merit and organsational fit, regardless of race, religion or gender.