Job Description

About MUFG Global Service (MGS)

MUFG Enterprise Solutions India Private Limited (MUFG Global Service) is the Global Capabilities Centre (GCC) of Mitsubishi UFJ Financial Group (MUFG), the world\'s fifth largest financial institution by assets. Launched in 2020, our operations has expanded to a team of over 400 employees across three offices in Bengaluru and Mumbai. We are a global integrated centre of excellence for strategic cross-functional business solutions by offering and creating value, including: IT performance: Development for applications and middleware, support for infrastructure, cyber security and network monitoring, architecture support for supply chain finance and payments products Risk Advisory: KYC Quality Assurance and Control, AML & KYC Advisory, Governance , Issue Management, Conformance Global Business Services: Business Administration and Credit Analysis support.



Job Responsibilities:

IRMD is a regional first line of defence function supporting MUFG Banks branches in Asia Pacific region. This role is a team member and is a subject matter expert in the principles, processes and technical aspects of domains related to IT Governance, Risk and Compliance (IT GRC), and is responsible for establishing and maintaining first line governance and oversight on the management of IT risks within the Bank.

Job Requirements:

• Experienced team player with the ability to work independently to organise, manage and complete projects within tight deadline.
• Good understanding of IT Governance, Risk and Compliance principles, IT controls in all disciplines of technology domains, as well as Cyber Security related risks.
• Good working knowledge of relevant IT-related laws and regulations of the Asian Pacific region, understanding of industry trends, knowledge on technology like Cloud, Cryptography and IT security products etc.
• Experience managing a first-, second-, or third-line function responsible for technology and information security related risks and controls.
• Good interpersonal skills to effectively work in partnership with colleagues globally.
• Excellent written and verbal communication skills, strong attention to detail.
• Analytical skills with the ability to provide practical solutions for effective risk management.
• Self-driven and independent, able to work well cross-functionally, to think rigorously and make hard decisions and trade-offs when required.
• Good knowledge of people and project management, and infrastructure operations
• Willing to take on new tasks and initiatives to contribute towards continuous improvement.
• Preferably possesses Certified in Risk and Information Systems Controls (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), etc. certification.

Education level:

• At least Bachelor in Computing or similar fields.

Experience:

• Minimum 8 years of relevant experience

IT Governance

• Support the development, review and reporting of key IT risk exposures and metrics (e.g., KRIs, KCIs and KPIs), and provide independent reporting on the IT risk posture or activities to the management team and stakeholders (e.g., second line of defence).
• Support the development, review and maintenance of regional IT risk management framework, standards and procedures to ensure that they are relevant, up to date and aligned with Head Office and regulatory standards.
• Support the roll out and provide guidance to the regional IT teams and branches on global and regional IT risk management methodologies (ISO, NIST CSF, COBIT, COSO, SOX, SOC, etc.) and tools, to enable them to manage their IT risks in a standardised and systematic manner

IT Risk & Audit

• Conduct IT risk assessments, identify and assess IT risks, evaluate countermeasures and recommend effective controls to mitigate IT risks.
• Monitor IT risks, map risk profiles and manage the IT risk register, as well as enhance Key Risk Indicators for reporting to second line of defence and risk management committees.
• Manage audit end to end collaboration with all relevant parties including Head Office, regulators, internal/external auditors and subject matter experts.
• Assist with the management and coordination of audits, regulatory responses and assessments focusing on a broad scope of technology and information security topics. This includes understanding International Auditing Standards as well as understanding processes for documenting self-assessment evidence and records retention practices

IT Compliance

• Execute, manage, improve and implement processes to comply with IT regulatory and corporate requirements.
• Conduct, manage and drive IT Compliance assessments and reviews on IT regulatory and corporate requirements at the regional level.
• Ensure gaps are addressed via remediation plans that adhere to open issues management requirements including timely issue and corrective action plan submission, accurate root cause identification, corrective action monitoring, on time closure, and no failed validations.

Third Party Management for Inter-Affiliates

• Support the implementation of the Third-Party Risk Management (TPRM) framework for the region.
• Support ASO and Branches to review the IT Controls.
• Ensure compliance with regulatory requirement.

General

• Work in partnership with Head Office, various branches and departments to support the implementation of global, regional and local projects.
• Provide advisory for technology compliance and risk management activities.
• Develop and maintain strong stakeholder management with all key stakeholders.

MUFG Global Service (MGS)