Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
MUFG (Mitsubishi UFJ Financial Group) is one of the world's leading financial groups with a global network across more than 50 countries. As part of the EMEA Technology (TEC) function, the Risk & Control pillar partners with the business to ensure technology risks are identified, managed and reported effectively, and that controls are designed and operating to protect our clients, services and data.
NUMBER OF DIRECT REPORTS
MAIN PURPOSE OF THE ROLE
Lead the end-to-end validation of audit and self-identified issue closures across EMEA TEC. The role ensures that remediation is complete, effective and sustainable, and that closure evidence meets Internal Audit (IA), 2LOD and regulatory standards. The post holder will operate as the independent quality gate for issue closure, providing challenge, coaching and independent review of action plans, artefacts and control performance. The role requires active ongoing engagement with engineering teams and internal audit teams through issues lifecycle to ensure work is on track, meeting expectations and positioned to successfully mitigate risk.
KEY RESPONSIBILITIES
- Own the independent validation process for technology audit and risk issues, confirming remediation is complete, risks are mitigated and residual risk is acceptable.
- Define and maintain issue validation standards, templates and evidence checklists aligned to IA methodology, 2LOD requirements and relevant regulations (e.g., DORA, SOX).
- Perform detailed evidence reviews (design and operating effectiveness) including sampling, re-performance and walkthroughs; document outcomes in clear working papers.
- Partner with control owners to agree closure criteria up-front; provide challenge to action plans to ensure root causes are addressed and controls are embedded sustainably.
- Track remediation progress on key issues and identify risks to effective closure
- Support and QA transparent closure packs for IA review.
- Support regulatory interactions and external audits by providing high-quality validation artefacts and concise status reporting.
- Champion a strong risk & control culture across TEC; coach product and engineering teams on effective remediation and durable control design.
WORK EXPERIENCE
Essential:
- Risk Management / Internal Audit / External Audit within a highly regulated international organisation
- Technology Risk Management, Cyber Security, SOX and other regulations
Preferred:
- Banking / Finance experience highly preferred.
- Control frameworks including Cobit, CRI and NIST
SKILLS AND EXPERIENCE
- Deep understanding of IT general controls and application controls, and familiarity with frameworks such as COBIT, NIST, CRI and ISO 27001.
- Demonstrable experience in 1LOD technology risk & controls, Internal Audit, or 2LOD oversight within financial services.
- Hands on experience within Internal and/or External Audit would be highly beneficial.
- Strong knowledge of regulatory requirements relevant to technology (e.g., DORA, SOX 404, EBA/ECB ICT expectations) and audit standards.
- Hands-on experience validating remediation and control effectiveness, including sampling methods, evidence sufficiency and documentation standards.
- Excellent communication and influencing skills with the confidence to challenge senior stakeholders constructively.
- Superior written skills with the ability to craft concise closure rationales and audit-ready documentation.
PERSONAL REQUIREMENTS
- Self-motivated, organised and delivery focused; able to manage multiple high-severity issues to tight deadlines.
- Analytical and objective with meticulous attention to detail; applies sound judgement under pressure.
- Data-literate, curious and comfortable learning new tools and technologies for evidence gathering and analysis.
- Collaborative and inclusive; builds strong partnerships with technology, risk and audit teams.
- Strategic thinker who can distil complex technical topics for non-technical audiences.
We are open to considering flexible working requests in line with organisational requirements.
MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.
We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.
