Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 7th largest financial group in the world. Across the globe, we're 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The MUFG EMEA Internal Audit department is a dynamic team committed to safeguarding the integrity of MUFG's operations across the region. We play a pivotal role in ensuring the Group adheres to the highest standards of governance, risk management and internal control.
Our team of experienced auditors works collaboratively to provide independent and objective assessments of MUFG's activities. We identify and evaluate risks, assess the effectiveness of internal controls, and make recommendations for improvement. We partner with the business to promote a culture of control consciousness and continuous improvement.
NUMBER OF DIRECT REPORTS
3+
MAIN PURPOSE OF THE ROLE
MUFG Internal Audit is seeking a highly motivated and experienced IT Audit Director to lead and manage the audit coverage of Cyber Security and IT Infrastructure for the EMEA region. As a key member of the Internal Audit leadership team, you will play a pivotal role in safeguarding MUFG's IT environment by providing independent and objective assessments of controls, identifying and evaluating risks and recommending improvements.
KEY RESPONSIBILITIES
The Audit Director - Cyber Security & Infrastructure Audit is responsible for the following:
Leadership
- Actively participate in the development and implementation of the long-term vision, strategy and target operating model of Cyber Security and Infrastructure audit coverage within Internal Audit.
- Create a culture of high performance and continuous improvement. Set high standards of performance and behaviour for self and the team;
- Be open to new ideas and approaches, foster a change mind-set and empower the team to try new things and experiment;
- Demonstrate personal leadership and engagement that shows a vision for your team.
- Demonstrate curiosity - seek out new experiences, ideas and knowledge, seek feedback and learn new things to develop. Learn from mistakes in the organisation and the industry;
- Work with Global IT Audit Leadership to drive the development and implementation of global audit coverage strategies.
Audit delivery
- Responsible for developing and implementing a risk-based audit plan for Cyber Security and IT infrastructure, aligned with the overall internal audit strategy and MUFG's risk appetite.
- Responsible for demonstrating strong accountability and responsibility for the delivery of the portfolio of audits and issue management/validation for the assigned portfolio on time and within EMEA Internal Audit's KPIs.
- Responsible for dynamically managing the portfolio audit plan considering whether it remains relevant throughout the year, proposing changes as appropriate.
- Responsible for leading and managing a team of IT Auditors responsible for conducting comprehensive audits of Cyber Security and IT Infrastructure controls across MUFG's EMEA operations.
- Responsible for staying current on emerging IT threats, vulnerabilities and best practices in Cyber Security and IT Infrastructure controls.
- Responsible for designing and executing complex IT audits, utilising a combination of data analysis, automated auditing tools and manual testing procedures.
- Responsible for evaluating the effectiveness of IT controls in mitigating cyber security risks, including data security, access controls, system integrity and incident response.
- Assess the adequacy and efficiency of IT infrastructure controls, including disaster recovery, business continuity and system availability.
- Displays a sense of urgency to complete tasks within short turnaround times.
- Responsible for holding the team accountable for non/late delivery of required tasks or quality.
Stakeholder ownership
- Communicate effectively with business stakeholders across the EMEA region at all levels, including senior management and IT leadership.
- Clearly document audit findings, recommendations, and action plans in a concise and professional manner.
- Present audit results and recommendations to senior management in a clear and compelling way.
- Monitor the implementation of agreed-upon management action plans and track progress towards remediation.
- Embed the agile framework to improve frequency and quality of stakeholder interaction during audits and have the teams raise issues as they go;
- Share feedback from industry network and other external sources.
- Influence enterprise-wide change within the organisation and provide insights on industry risk and control best practices and emerging risks.
- Identify specific opportunities to partner with stakeholders to demonstrate impact and influence. Influence tangible outcomes and raised standards of controls and behaviours in the Stakeholders Control Environment.
- Provide assurance on strategic changes within MUFG and areas of Regulatory Focus.
People management
- Develop a high performing team through quality of performance and talent management, motivation and inspiration of staff.
- Promote a positive workforce culture and take accountability for actioning employee survey results.
- Collaborate with other directors and ExCo to deliver the MUFG Audit Vision and Strategy, and a united vision to our people. Create a common employee experience;
- Be fully accountable for driving an output-orientated culture through flexibility with hybrid working, embracing new ways of working (inc MS Teams) and ensuring 3 day required office attendance;
- Drive and create a safe working environment that upholds MUFG and EMEA Internal Audit culture principles.
- Flex communication and managerial style to more effectively build relationships within the team and with stakeholders;
- Create trust with staff, role model vulnerability and act on feedback in the right way to facilitate upwards feedback;
- Be accountable for the line management of all staff allocated to your portfolio team, including those delegated to more junior staff members;
- Be a role model line manager through regular high-quality career focused 121s and constructive feedback, delivering the tough messages promptly when required;
- Actively coach others and enable employee development.
WORK EXPERIENCE
Essential:
- Minimum 10 years of experience in IT audit, with a focus on Cyber Security and IT Infrastructure controls.
- Proven leadership experience in managing and motivating IT audit teams.
Preferred:
- Proven experience of operating in a similar role/capacity in Financial Services.
- Demonstrable understanding and awareness of the regulatory environment applicable to MUFG's operations in the EMEA region.
SKILLS AND EXPERIENCE
Functional / Technical Competencies:
Essential:
- In-depth knowledge of IT governance, risk management frameworks, and IT control frameworks (e.g., COBIT, COSO).
- Strong understanding of cyber security principles, threats, and vulnerabilities.
- Experience with IT audit methodologies and tools.
- Excellent communication, presentation, and interpersonal skills.
- Ability to work independently and manage multiple priorities in a fast-paced environment.
- Strong analytical and problem-solving skills.
Preferred:
- Experience of conducting audits of cloud computing environments.
- Experience with IT security frameworks such as NIST or CIS controls.
- Knowledge of common IT vulnerabilities and penetration testing methodologies.
- Experience with IT infrastructure controls including network security, server security and data center operations.
- Proficiency in using IT audit tools including automated auditing tools and data analytic tools (such as Alteryx).
- Demonstrable ability to build and lead high-performing IT audit teams.
- Experience in coaching and mentoring staff to develop their technical and professional skills.
- Demonstrable project management capabilities with the ability to oversee multiple audit engagements simultaneously.
Education / Qualifications:
Essential:
- Demonstrable IT audit and Cyber and Infrastructure credentials, e.g. CISA, CISM, CISSP.
Preferred:
- Qualifications relevant to the Financial Services industry, Technology (specific to governance, risk management, control, cyber security and infrastructure risk management) and/or Internal Audit.
PERSONAL REQUIREMENTS
- Excellent communication skills.
- Results driven, with a strong sense of accountability.
- A proactive, motivated approach.
- The ability to operate with urgency and prioritise work accordingly.
- Strong decision making skills, the ability to demonstrate sound judgement.
- A structured and logical approach to work.
- Strong problem solving skills.
- A creative and innovative approach to work.
- Excellent interpersonal skills.
- The ability to manage large workloads and tight deadlines.
- Excellent attention to detail and accuracy.
- A calm approach, with the ability to perform well in a pressurised environment.
- Strong numerical skills.
- Excellent Microsoft Office skills.
- A confident approach, with the ability to provide clear direction to your team.
- Excellent managerial/leadership experience.
- The ability to lead a high performing team.
- A strategic approach, with the ability to lead and motivate your team.
- The ability to articulate and implement the vision/strategy for the EMEA Internal Audit department.
We are open to considering flexible working requests in line with organisational requirements.
MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.
We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.