Vice President, IAM Governance Manager

MUFG • Full-time • London Ropemaker place, United Kingdom • 2d ago

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

MUFG (Mitsubishi UFJ Financial Group) is one of the world's leading financial groups. Headquartered in Tokyo and with approximately 350 years of history, MUFG is a global network with around 2,300 offices in over 50 countries including the Americas, Europe, the Middle East and Africa, Asia and Oceania, and East Asia. The group has over 150,000 employees, offering services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing.

As one of the top financial groups globally with a vision to be the world's most trusted, we want to attract, nurture and retain the most talented individuals in the market. The size and range of MUFG's global business creates opportunities for our employees to stretch themselves and reap the rewards, whilst our common values, to behave with integrity and responsibility, and to build a culture which is fair, transparent, and honest, underpin everything that we do. We aim to be the financial partner of choice for our clients, whatever their requirements, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

Please visit our website for more information - mufgemea.com.

MAIN PURPOSE OF THE ROLE

This is a critical role to provide oversight of risks and controls relating to Identity and Access Management (IAM). We are embarking on a multi-year remediation program of our IAM processes and controls, this role forms a key part of both our remediation plans during and post-remediation to provide oversight and monitoring of IAM controls to ensure effective operation in line with regulatory and audit expectations. The role will provide reporting and governance over all aspects of identity and access management ensuing that all participants are adhering to controls and standards in the IAM lifecycle. A key aspect of this will be the oversight of the Toxic Combination framework. The role will report to the Head of IAM Governance and you will play a key part in defining and delivering a robust risk management framework over identity and access management processes and controls,

KEY RESPONSIBILITIES

Working with the Identity and Access Management (IAM) team to help define key controls for the IAM function.
Ensuring that controls are effectively designed to mitigate IAM risks as well as ensuring they meet the requirements for internal and external audit as well as other regulatory initiatives and standards.
Developing Key Control Indicators, Key Risk Indicators and continuous control monitoring strategies to assess the performance of key controls.
Developing a testing strategy to formally test key IAM controls.
Work with IAM team to develop remediation strategies and monitor this remediation for effectiveness
Working with technology and business application owners to ensure that commitments are being met in the remediation program.
Co-ordinating and overseeing the Toxic Combination framework. Ensuring full participation from business and technology stakeholders. Managing the violations process to ensure any identified toxic combinations are managed
Chairing the IAM Governance meeting to transparently report the performance of IAM processes and controls and to provide escalation where controls are not being adhered to.
Being the point of contact to ensure IAM risks are addressed via the SDLC process.
Engaging with both internal and external audit in relation to identify and access management risks.
Working alongside the IAM remediation program to ensure the design and delivery of the program is effectively mitigating key risks.

WORK EXPERIENCE

Working knowledge of banking and securities products and services.
Excellent experience and understanding of Information Security and Technology Risk management and the required application of these risk domains within the financial services industry.
Good understanding of the interdependencies between other non-financial risk domains and wider Operational Risk practices.
Proven and demonstrable ability to identify, analyse, understand and concisely communicate Technology Risk, and provide the ‘so what?’ to articulate impact.
Understanding and experience of the Audit and Assurance lifecycles within a regulated financial institution
Strong technical and functional knowledge of external Laws, Regulations, Policies and developments applicable to the Technology and Information Security function.
Solid technical and functional knowledge of financial services internal rules and policies.
Demonstrable experience of leveraging best practice and industry standards to uplift framework, process and procedure.
Good understanding of the overall operational processes and technology challenges within the financial services industry.
Understanding of the Accountabilities, Roles and Responsibilities across Technology and Cyber Security functions
Ability to facilitate clear and effective communication between organisational functions, business units and offices, locally and internationally.

SKILLS AND EXPERIENCE

Functional / Technical Competencies:

Very strong understanding of Identity and Access Management processes and controls including external audit and SOX requirements
Very strong understanding of internal, external audit expectations and SOX requirements
Good knowledge of control frameworks such as NIST, CRI, DORA, SOX.
Good understanding of investment banking business processes and applications to allow credible engagement with application owners and business owners on Toxic Combination and segregation of duties topics
Experience developing continuous control monitoring, key risk indicators and key control indicators, where possible automating reporting and data production
Experience of developing effective and efficient control testing strategies
Excellent written and verbal communication skills.

Education / Qualifications:

Educated to degree level
CISSP, CISM, or equivalent professional qualifications desirable

PERSONAL REQUIREMENTS

Strong team player with the ability to communicate and collaborate with business stakeholders at all levels.
Clear and concise written and oral communication.
Meticulous attention to detail and accuracy
A Self-motivated and proactive approach
Balance risk with opportunity
The ability to operate with urgency and prioritise accordingly
Ability to influence up to senior levels of the organisation
Excellent reporting and presentation skills
Confident in delivering difficult messages to senior management
Organised and results focused
Excellent and innovative communicator with the ability to use data to simplify complex concepts for both technical and non-technical audiences
Collaborate and build partnerships with technical and non-technical members
Think strategically, with structured and logical approach to work
Able to work to tight deadlines
Logical and objective even under pressure
Results driven, with a strong sense of accountability
Strong decision making skills, the ability to demonstrate sound judgement

We are open to considering flexible working requests in line with organisational requirements.

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.

We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.