IT Governance Risk and Compliance

About Us:

MUFG Bank, Ltd. is Japan's premier bank, with a global network spanning in more than 40 markets. Outside of Japan, the bank offers an extensive scope of commercial and investment banking products and services to businesses, governments, and individuals worldwide. MUFG Bank's parent, Mitsubishi UFJ Financial Group, Inc. (MUFG) is one of the world's leading financial groups. Headquartered in Tokyo and with over 360 years of history, the Group has about 120,000 employees and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. The Group aims to be the world's most trusted financial group through close collaboration among our operating companies and flexibly respond to all the financial needs of our customers, serving society, and fostering shared and sustainable growth for a better world. MUFG's shares trade on the Tokyo, Nagoya, and New York stock exchanges.

MUFG Global Service Private Limited:

Established in 2020, MUFG Global Service Private Limited (MGS) is 100% subsidiary of MUFG having offices in Bengaluru and Mumbai. MGS India has been set up as a Global Capability Centre / Centre of Excellence to provide support services across various functions such as IT, KYC/ AML, Credit, Operations etc. to MUFG Bank offices globally. MGS India has plans to significantly ramp-up its growth over the next 18-24 months while servicing MUFG's global network across Americas, EMEA and Asia Pacific.

Position Title: AVP, IT Governance Risk and Compliance

Corporate Title: Assistant Vice President

Location: MUFG Global Services Pvt. Ltd., Bhartiya Centre for Information Technology, Thani Sandra, Main Road, Bengaluru, Karnataka.

Shift Timing: 9 AM -5 PM IST (Need to be flexible)

Hybrid Mode (2-3 Days WFO in a week)

Job Profile:

Position details:

IRMD is a regional first line of defense function supporting MUFG Bank's branches in Asia Pacific region. This role is a team member and is a subject matter expert in the principles, processes and technical aspects of domains related to IT Governance, Risk and Compliance (IT GRC), and is responsible for establishing and maintaining first line governance and oversight on the management of IT risks within the Bank.

Roles and Responsibilities:

IT Governance:

- Support the development, review and reporting of key IT risk exposures and metrics (e.g., KRIs, KCIs and KPIs) and provide independent reporting on the IT risk posture or activities to the management team and stakeholders (e.g., second line of defense).
- Support the development, review and maintenance of regional IT risk management framework, standards, and procedures to ensure that they are relevant, up to date and aligned with Head Office and regulatory standards.
- Support the roll out and provide guidance to the regional IT teams and branches on global and regional IT risk management methodologies (ISO, NIST CSF, COBIT, COSO, SOX, SOC, etc.) and tools, to enable them to manage their IT risks in a standardized and systematic manner.

IT Risk & Audit:

- Conduct IT risk assessments, identify and assess IT risks, evaluate countermeasures, and recommend effective controls to mitigate IT risks.
- Monitor IT risks, map risk profiles and manage the IT risk register, as well as enhance Key Risk Indicators for reporting to the second line of defense and risk management committees.
- Manage audit end to end collaboration with all relevant parties including Head Office, regulators, internal/external auditors, and subject matter experts.
- Assist with the management and coordination of audits, regulatory responses and assessments focusing on a broad scope of technology and information security topics. This includes understanding International Auditing Standards as well as understanding processes for documenting self-assessment evidence and records retention practices

IT Compliance:

- Execute, manage, improve, and implement processes to comply with IT regulatory and corporate requirements.
- Conduct, manage and drive IT Compliance assessments and reviews on IT regulatory and corporate requirements at the regional level.
- Ensure gaps are addressed via remediation plans that adhere to open issues management requirements including timely issue and corrective action plan submission, accurate root cause identification, corrective action monitoring, on time closure, and no failed validations.

Risk and Control Self-Assessment:

- Design, facilitate, and oversee RCSA activities, ensuring comprehensive identification, documentation, and assessment of key technology controls.
- Ensure RCSA outcomes are integrated into the broader risk management framework and used to inform control testing priorities.

Third Party Management for Inter-Affiliates:

- Support the implementation of the Third-Party Risk Management (TPRM) framework for the region.
- Provide oversight to ASO and Branches IT Risk and Control assessment.
- Ensure compliance with regulatory requirements.

General:

- Work in partnership with the Head Office, various branches, and departments to support the implementation of global, regional and local projects.
- Provide advisory for technology compliance and risk management activities.
- Develop and maintain strong stakeholder management with all key stakeholders.

Job Requirements:

- At least bachelor's in computing or similar fields.
- Experienced team player with the ability to work independently to organize, manage and complete projects within tight deadlines.
- Good understanding of IT Governance, Risk and Compliance principles, IT controls in all disciplines of technology domains, as well as Cyber Security related risks.
- Good working knowledge of relevant IT-related laws and regulations of the Asian Pacific region, understanding of industry trends, knowledge on technology like Cloud, Cryptography, and IT security products etc.
- Strong experience in Risk & Control Self-Assessment.
- Experience managing a first-, second-, or third-line function responsible for technology and information security related risks and controls.
- Good interpersonal skills to effectively work in partnership with colleagues globally.
- Excellent written and verbal communication skills, strong attention to detail.
- Analytical skills with the ability to provide practical solutions for effective risk management.
- Self-driven and independent, able to work well cross-functionally, to think rigorously and make hard decisions and trade-offs when required.
- Good knowledge of people and project management, and infrastructure operations
- Willing to take on new tasks and initiatives to contribute towards continuous improvement.
- Preferably possesses Certified in Risk and Information Systems Controls (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), etc. certification.
- Minimum 5 years of relevant experience

---