Taken en verantwoordelijkheden
Main Purpose of the role :
IT Risk Management combines coverage of cyber security, information security (digital), IT resilience risk management topics and provides expertise to vendor / outsourcing, operations and product / services risk cycles.
This includes improving the bank's overall Information Technology Risk Management cycle, ensuring that all relevant risks are consistently identified, assessed, monitored, reported and managed across the organization in compliance with both internal and external (regulatory) rules, policies and guidelines.
IT Risk within the Bank is defined as the risk of losses related to destruction / disruption / malfunction / misuse of IT, or unauthorized alteration / leakage of electronic data, or threats / vulnerabilities to IT security (including cybersecurity), or external factors (e.g. disasters).
This second line of defense function forms part of the Operational Risk Management which is responsible for :
Identification, assessment, monitor and reporting of risks.
Support and advice in design and deployment of the overall risk management framework, including risk strategy, policies, appetite and tolerance.
Risk monitoring, control and reporting.
Challenge and escalation of risk and / or control issues to Management.
The role requires a person with proven qualitative and quantitative skills who is capable of organizing dispersed data to produce clear, concise and meaningful reports for internal and external stakeholders.
The person should be able to demonstrate excellent communication and presentation skills, think independently and critically to create own views, while efficiently manage time and work priorities.
The Associate Vice President IT Risk has a regular interaction with senior professionals across divisions within MBE and MUFG Group and has a direct reporting line to the Director Operational Risk and strong alignment with Vice President IT Risk.
Provide expert advice and guidance to the business units to ensure identification, measurement, assessment and consistent management of all IT risks.
Maintain IT Risk Library (Events, Scenarios and Control objectives) which is being designed based on COBIT / FFIEC / SOX.
Preparation of 2.LoD IT Risk reports comprising the Bank's risk profile, exposures and control performance.
Implement and improve controls, review and challenge the design and effectiveness of controls using audit methodologies.
Support, perform and / or facilitate KRI Monitoring, Risk Control Self Assessments, Business Impact Analysis, System Risk Assessments and Scenario-
based Risk Assessments.
Support IT audits and provide expertise, hands-on work and recommendations for risk mitigation and remediation.
Escalation of (potential) risk events and regulatory breaches in accordance with the Bank's risk governance framework.
Documentation of relevant policies and procedures.
Support and participate in required projects or initiatives in facilitating the identification and evaluation of risks and controls, providing expertise and recommending proportional cost effective and efficient solutions.
Being critical and promote changes to systems, processes and working practices in order to achieve operational improvement.
Contribute to increased risk awareness in the organisation by providing appropriate training.
Monitor adherence to MUFG's framework of rules and policies as well as local laws and regulations and ensure embedding of risk management principles and practices in the Bank's daily business operations.
Cooperation with Compliance regarding country-specific legal and regulatory requirements relating to IT Risk Management.
Pro-actively develops and maintains relationships with a wide range of key contacts in all areas of MUFG.
International working environment!
Skills and Experience :
At least 2 years of work experience in operational and / or IT risk management, IT security, IT audit roles.
Practical experience and knowledge in COBIT, ITIL, FFIEC and SOX implementation and ability to perform IT risk assessments and review / monitor relevant controls.
Academic degree in Engineering or other relevant field of study.
Preferably completed at least one of the CISSP, CRISC, CISM or CISA certificate programmes or engaged in the process.
Analytical abilities / deep IT security and high level overall IT knowledge / problem Solving.
Understanding of relevant EBA, ECB, DNB guidelines and regulation in EU.
Ability to participate in projects across divisions.
Advanced Excel (VBA).
Fluent language skills in English.
Personal Requirements :
Proven analytical skills and high attention to detail.
Excellent communication and presentation skills, with ability to explain a complex topic in a structured and clear manner.
Team player with ability to collaborate in cross-division teams and display organizational sensitivity.
Takes initiative, works structurally and translates ideas into practical solutions.
Think independently and critically to create own views.
Ability to handle a significant and diverse workload.
Sense of humor and ability to work in multicultural environment.
Over onze klant
MUFG Bank Europe N.V. ( MBE ) is a fully-owned subsidiary of Mitsubishi UFJ Financial Group ( MUFG ), one of the largest ranked financial groups in the world in terms of assets, offering a wide range of financial services, including commercial banking, trust banking, securities services, project finance, consumer finance and asset management.
MUFG has the largest overseas network of any Japanese bank, over 1,000 branches and offices in more than 40 countries and a total of 140,000 employees.
The bank's vision is to be the world's most trusted financial group.
Good remuneration package, commuting costs and above all a great company to work for in an exciting position!