Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The purpose of this role is to design, implement, and operate a data-driven Continuous Control Monitoring (CCM) capability across technology and cyber risk domains. The role is accountable for:
This role supports regulatory compliance (DORA, SOX), enhances the ability to understand and calibrate key cyber risks using industry standard frameworks (NIST, CRI, MitreAttack) enhances the organisation’s ability to move from periodic control testing to continuous assurance.
Key Responsibilities:
Define and implement the CCM framework, operating model, and roadmap.
Translate regulatory and internal control requirements into continuous monitoring use cases.
Align CCM with broader Technology Risk Framework, RCSA, and control testing programs.
Partner with control owners to:
Identify key preventative and detective controls.
Prioritise controls based on risk criticality, audit focus, and failure impact.
Identify and onboard authoritative data sources (e.g. ServiceNow, IAM, PAM, CI/CD, monitoring tools).
Design and implement automated data ingestion and transformation pipelines.
Enable scalable CCM through data lake / GRC tooling integration.
Drive reduction of manual controls and reliance on retrospective testing.
Drive engagements with 2nd and 3rd lines of defence.
Integrate CCM with:
Control testing programs.
Audit and regulatory assurance.
Enable shift from sample-based testing to full population monitoring.
Support evidence generation for internal and external audits.
Skills and Experience:
Strong understanding of IT controls, control frameworks (e.g. COBIT, NIST,CRI) and key technology risks impacting financial services.
Background in 1LOD risk and controls, audit or 2LOD in a technology environment is required.
High levels of experience with data platforms (data lakes, BI tools), control automation and monitoring tools. Data sourcing from common platforms such as ServiceNow, IAM, GRC tooling, common visualisation tools.
Project management and reporting.
Personal Requirements:
Self-motivated and proactive.
Balance risk with opportunity and ability to prioritise.
Ability to learn new technologies and tooling particularly in relation to data analytics.
Organised and results focused.
Excellent and innovative communicator with the ability to use data to simplify complex concepts for both technical and non-technical audiences.
Demonstrate global perspective.
Collaborate and build partnerships with technical and non-technical members.
Think strategically, with structured and logical approach to work
Able to work to tight deadlines.
Logical and objective even under pressure.
Good understanding of financial technologies and the banking environment.
Good understanding of technology control frameworks and regulations.
Results driven, with a strong sense of accountability.
Strong decision making skills, the ability to demonstrate sound judgement.
Meticulous attention to detail.
We are open to considering flexible working requests in line with organisational requirements.
MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.
We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.