Company: MUFG
Location: London





Mitsubishi UFJ Financial Group, Inc. (MUFG) is one of the world’s leading financial groups. Headquartered in Tokyo and with over 360 years of history, MUFG has a global network with around 3,000 offices in more than 50 markets. The Group has over 180,000 employees, and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing.

This role sits in the Operational Risk Management team that reports into the Chief Risk Officer.

The Operational Risk Management team is responsible for running the Operational Risk Management Framework and conducting oversight activities across the EMEA region. Within the scope of responsibilities of ORM is the Second Line of Defence activities for IT Risk and Cyber Security.

The Head of Operational Risk for EMEA is seeking to enhance the organisation’s Technology and Operational Resilience framework and capabilities to ensure the firm remains appropriately protected in the evolving threat landscape, and enable ORMD to provide appropriate input and oversight.




To assist with the development of the firm’s Second Line of Defence capabilities (policies, procedures, and controls) to manage Technology (IT) risk, including Information Security and Cyber risks in London and oversight and challenge of the Operational Resilience Framework across the EMEA region, in line with regulatory requirements, and to support the achievement of the Bank’s strategic objectives.


  • Assist with the design, build and implementation of a Technology Risk and Operational Resilience framework (including Information Security and Cyber Risk) working in conjunction with the First Line teams and Head Office.
  • Support the development and delivery of medium to long term objectives and actions within the framework, including rollout to the First Line of Defence.
  • Participate actively in the delivery of changes, enhancements and projects in conjunction with the technology and resilience teams.
  • Provide robust challenge to the First Line of Defence as they identify, assess, manage and report their risks and issues through various tools and activities including risk and control assessments, key indicators, issue and incident management, and control assurance.
  • Perform Second Line of Defence activities in the evaluation of risks for new products, systems and material change projects.
  • Provide subject matter expertise, and monitor and communicate the risk environment to management, and other key stakeholders, effectively
  • When required, supervise junior members of the team in second line oversight, business-as-usual (BAU) activities and change initiatives.
  • Assist in the creation and maintenance of a good 3LoD model and embedding the risk culture across London and EMEA offices.

Regulatory compliance, affairs and change:

  • Comply with, and ensure that all staff under your responsibility (where applicable) comply with, the entities’ policies and procedures as well as all rules, laws and regulatory requirements emanating from any of the regulatory authorities to which the entities are subject.
  • Remain up to date with regulatory changes; ensure that changes are well understood and plans are developed for implementation as appropriate.


  • Strong knowledge of banking products
  • Excellent knowledge and experience of Technology, Information Security and Cyber risk management and their application within the financial services industry.
  • Excellent knowledge and experience Operational Resilience within the financial services industry.
  • Proven ability to understand, identify, analyse and communicate clearly an organisation’s data and technology risks.
  • Proven experience in applying legal/regulatory guidance into solving practical problems.
  • Solid technical and functional knowledge of the external regulations, policies and developments for Technology, Information Security and Cyber Risk.
  • Solid technical and functional knowledge of financial services internal rules and policies.
  • Good understanding of the overall operational processes and technology challenges within the financial services industry.
  • Ability to facilitate smooth communications between London, HO and EMEA offices.


Functional / Technical Competencies:

  • Cyber Security technology
  • Information assurance
  • Data loss prevention
  • Incident handling and analysis
  • Operational Resilience and/or Business Continuity Planning.
  • Governance, compliance and audit
  • ISO 27001

Education / Qualifications:

  • Educated to degree level
  • CISSP, or equivalent, desirable


  • Strong team player with the ability to collaborate with business stakeholders.
  • Clear and concise written and oral communication.
  • Excellent accuracy and attention to detail.
  • Good time management and ability to prioritise.
  • Strong problem solving skills.
  • Excellent Microsoft Office skills

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.

We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.