Technology Risk Oversight - VP

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world's leading financial groups. Across the globe, we're 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.Join MUFG, where being inspired is expected and making a meaningful impact is rewarded. OVERVIEW OF THE DEPARTMENT/SECTION We are MUFG. 360 years of heritage. A world-class set of businesses. And more than 180,000 employees in 50 markets. It's no surprise that MUFG has grown to become one of the top five banks in the world. Our services include commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. MUFG offers stability in an ever-changing market, providing services to high-profile clients worldwide.The Group's operating companies include MUFG Securities EMEA plc and MUFG Bank. The role sits in the Operational Risk Management team that reports into the Chief Risk Officer.The Operational Risk Management team is responsible for running the Operational Risk Management Framework and conducting oversight activities across the EMEA region. Within the scope of responsibilities of ORM is the Second Line of Defense activities for Technology Risk, Cyber Security and Operational Resilience.The Director of Operational Risk Management, Technology EMEA is seeking to enhance the organisation's Technology Risk framework and associated capabilities to ensure the firm remains appropriately protected in the evolving threat landscape, and enable ORM to provide appropriate check, challenge, input and oversight to the Technology department. NUMBER OF DIRECT REPORTS 0 MAIN PURPOSE OF THE ROLE To assist with the development of the firm's Second Line of Defence capabilities (policies, procedures, risks and controls) to manage Information Security, Technology and Cyber risk in London and support across the EMEA region, in line with regulatory requirements, and to support the achievement of the Bank's strategic objectives. KEY RESPONSIBILITIES Assist with the continuous embedding of the Operational Risk Management framework for Technology Risk and Control within the Technology function, in collaboration with the First Line teams and Head Office. Monitoring regulatory changes in approach to Technology and Cyber and recommend respective changes and enhancements to the Risk and Control framework. Support the development and delivery of medium to long term objectives and actions within the framework, including greater oversight and additional testing of the Technology and Cyber Controls and RCSA. Participate actively in the delivery of changes, enhancements and projects in conjunction with the Technology and Resilience teams. Provide robust challenge to the First Line of Defence as they identify, assess, manage and report their risks and issues through various tools and activities including risk and control assessments, key indicators, issue and incident management, and control assurance. Monitor monthly trends in Technology and Cyber KPI/KRI and threat intelligence and provide challenge and escalation at an SME level. Perform Second Line of Defense project oversight activities in the evaluation of risk for new product, system and other material change projects. Monitor the wider Technology risk ecosystem and confidently communicate status, changes and concerns to management and other key stakeholders effectively. When required, supervise junior members of the team in business-as-usual (BAU) 2LOD activities and change initiatives. Assist in the creation and maintenance of a best practice 3LoD model and work across the region to promote Technology and Cyber awareness and 2nd line value. Regulatory compliance, affairs and change: Comply with and ensure that all staff under your responsibility (where applicable) comply with the entities' policies and procedures as well as all rules, laws and regulatory requirements emanating from any of the regulatory authorities to which the entities are subject. Remain up to date with regulatory changes; ensure that changes are well understood and plans are developed for implementation as appropriate. WORK EXPERIENCE Working knowledge of banking and securities products and services. Excellent experience and understanding of Information Security, Technology and Cyber Risk management and the required application of these risk domains within the financial services industry. Good understanding of the interdependencies between other non-financial risk domains and wider Operational Risk practices. Understanding and experience of the Audit and Assurance lifecycles within a regulated financial institution Strong technical and functional knowledge of external Laws, Regulations, Policies and developments applicable to the Technology, Information Security and Cyber function. Solid technical and functional knowledge of financial services internal rules and policies. Demonstrable experience of leveraging best practice and industry standards to uplift framework, process and procedure. Good understanding of the overall operational processes and technology challenges within the financial services industry. Understanding of the Accountabilities, Roles and Responsibilities across Technology and Cyber Security functions Ability to facilitate clear and effective communication between organisational functions, business units and offices, locally and internationally. SKILLS AND EXPERIENCE Functional / Technical Competencies: Technology and Cyber Governance Risk and Control Frameworks Risk, Issue and Event Management Control Testing Risk and Control Self Assessment Technology, Cyber and Information Security Best Practices Information and Data Governance Principles Risk Governance and Escalation Audit and Assurance ISO 27001 / NIST / COBIT Education / Qualifications: Educated to degree level CISSP, CISM, or equivalent professional qualifications desirable PERSONAL REQUIREMENTS Strong team player with the ability to communicate and collaborate with business stakeholders at all levels. Clear and concise written and oral communication. Excellent accuracy and very strong attention to detail. Results driven, with a strong sense of accountability A proactive, motivated approach. The ability to operate with urgency and prioritise work accordingly Strong decision making skills, the ability to demonstrate sound judgement A structured and logical approach to work Strong problem solving skills A creative and innovative approach to work Excellent interpersonal skills The ability to manage large workloads and tight deadlines Excellent attention to detail and accuracy A calm approach, with the ability to perform well in a pressurised environment PERFORMANCE AND DUTIES The role holder will be assessed in accordance with their employing entity's performance framework and process with relevant input obtained from the dual hatting entity as relevant.As duties and responsibilities change, the job description will be reviewed and emended in consultation with the role holder. The role holder will carry out other duties as are within the scope, spirit and purpose of the role as requested by their line manager or Department Head. MANAGING CONFLICTS OF INTEREST The role holder will have responsibilities for both MUFG Bank and MUFG Securities EMEA plc. The role holder will be required to perform their