MUFG Union Bank Vice President, IT Governance, Risk and Compliance Lead in Singapore
Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world. Across the globe, we’re 180,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
IRMD is a regional first line of defence function supporting MUFG Bank’s branches in Asia Pacific region. This role will lead a team and is a subject matter expert in the principles, processes and technical aspects of domains related to IT Governance, Risk and Compliance (ITGRC), and is responsible for establishing and maintaining first line governance and oversight on the management of IT risks within the Bank.
Lead and manage the development, review and reporting of key IT risk exposures and metrics (e.g. KRIs and KPIs), and provide independent reporting on the IT risk posture or activities to the management team and stakeholders (e.g. second line of defence).
Develop, review and maintain regional IT risk management framework, standards and procedures to ensure that they are relevant, up to date and aligned with Head Office and regulatory standards.
Roll out and provide guidance to the regional IT teams and branches on global and regional IT risk management methodologies (ISO, NIST CSF, COBIT, COSO, SOX, SOC, etc.) and tools, to enable them to manage their IT risks in a standardised and systematic manner.
IT Risk & Audit
Conduct IT risk assessments; identify and assess IT risks, evaluate countermeasures and recommend effective controls to mitigate IT risks.
Monitor IT risks, map risk profiles and manage the IT risk register, as well as enhance and enhance Key Risk Indicators for reporting to second line of defence and risk management committees.
Manage audit end to end through collaboration with all relevant parties including Head Office, regulators, internal/external auditors and subject matter experts.
Assist with the management and coordination of audits, regulatory responses and assessments focusing on a broad scope of technology and information security topics. This includes understanding International Auditing Standards as well as understanding processes for documenting self-assessment evidence and records retention practices
Execute, manage, enhance and implement processes to comply with IT regulatory and corporate requirements.
Conduct, manage and drive IT Compliance assessments and reviews on IT regulatory and corporate requirements at the regional level.
Ensure gaps are addressed via remediation plans that adhere to open issues management requirements including timely issue and corrective action plan submission, accurate root cause identification, corrective action monitoring, on time closure, and no failed validations.
Third Party Management for Inter-Affiliates
Execute, manage, enhance and implement the Third Party Risk Management (TPRM) framework for the region.
Conduct due diligence, ongoing monitoring and reporting on the oversight of the TPRM.
Maintain compliance with regulatory requirement.
Work in partnership with Head Office, various branches and departments to support the implementation of global, regional and local projects.
Provide advisory for technology compliance and risk management activities.
Develop and maintain strong stakeholder management with all key stakeholders.
At least 10-15 years of relevant experience in IT Governance, Risk and Compliance, with 3-5 years of people management experience
Strong understanding of IT Governance, Risk and Compliance principles, IT controls in all disciplines of technology domains, as well as Cyber Security related risks Experienced team leader and team player with the ability to work independently to organise, manage and complete projects within tight deadline.
Experience managing a first, second, or third line function responsible for technology and information security related risks and controls.
Good working knowledge of relevant IT-related laws and regulations of Singapore and the Asian Pacific region, understanding of industry trends, knowledge on technology like Cloud, Cryptography and IT security products etc, is preferred.
Good interpersonal skills to effectively work in partnership with colleagues globally.
Excellent written and verbal communication skills, strong attention to detail.
Analytical skills with the ability to provide practical solutions for effective risk management.
Self-driven and independent, able to work well cross-functionally, to think rigorously and make hard decisions and trade-offs when required.
Good knowledge of people and project management and infrastructure operations
Willing to take on new tasks and initiatives to contribute towards continuous improvement.
Preferably “Certified Information Systems Security Professional” (CISSP), or “Certified Information Systems Auditor” (CISA) or “Certified Information Systems Manager” (CISM).
We regret to inform that only shortlisted applicants will be notified.
MUFG Bank Ltd & MUFG Securities Asia Limited (collectively referred to as “MUFG”) is an equal opportunity employer. We view our employees as our key assets as they are fundamental to our long-term growth and success. MUFG is committed to hiring based on merit and organsational fit, regardless of race, religion or gender.