Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 7th largest financial group in the world. Across the globe, we’re 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

The MUFG EMEA Internal Audit department is a dynamic team committed to safeguarding the integrity of MUFG’s operations across the region. We play a pivotal role in ensuring the Group adheres to the highest standards of governance, risk management and internal control.

Our team of experienced auditors works collaboratively to provide independent and objective assessments of MUFG’s activities. We identify and evaluate risks, assess the effectiveness of internal controls, and make recommendations for improvement. We partner with the business to promote a culture of control consciousness and continuous improvement.

NUMBER OF DIRECT REPORTS

3+

MAIN PURPOSE OF THE ROLE 

MUFG Internal Audit is seeking a highly motivated and experienced IT Audit Director to lead and manage the audit coverage of Cyber Security and IT Infrastructure for the EMEA region. As a key member of the Internal Audit leadership team, you will play a pivotal role in safeguarding MUFG’s IT environment by providing independent and objective assessments of controls, identifying and evaluating risks and recommending improvements.

KEY RESPONSIBILITIES

The Audit Director – Cyber Security & Infrastructure Audit is responsible for the following:

Leadership

Actively participate in the development and implementation of the long-term vision, strategy and target operating model of Cyber Security and Infrastructure audit coverage within Internal Audit.Create a culture of high performance and continuous improvement. Set high standards of performance and behaviour for self and the team;Be open to new ideas and approaches, foster a change mind-set and empower the team to try new things and experiment;Demonstrate personal leadership and engagement that shows a vision for your teamDemonstrate curiosity – seek out new experiences, ideas and knowledge, seek feedback and learn new things to develop. Learn from mistakes in the organisation and the industry; andWork with Global IT Audit Leadership to drive the development and implementation of global audit coverage strategies.

Audit delivery

Responsible for developing and implementing a risk-based audit plan for Cyber Security and IT infrastructure, aligned with the overall internal audit strategy and MUFG’s risk appetite.Responsible for demonstrating strong accountability and responsibility for the delivery of the portfolio of audits and issue management/validation for the assigned portfolio on time and within EMEA Internal Audit’s KPIs.Responsible for dynamically managing the portfolio audit plan considering whether it remains relevant throughout the year, proposing changes as appropriate.Responsible for leading and managing a team of IT Auditors responsible for conducting comprehensive audits of Cyber Security and IT Infrastructure controls across MUFG’s EMEA operations.Responsible for staying current on emerging IT threats, vulnerabilities and best practices in Cyber Security and IT Infrastructure controls.Responsible for designing and executing complex IT audits, utilising a combination of data analysis, automated auditing tools and manual testing procedures.Responsible for evaluating the effectiveness of IT controls in mitigating cyber security risks, including data security, access controls, system integrity and incident response.Assess the adequacy and efficiency of IT infrastructure controls, including disaster recovery, business continuity and system availability.Displays a sense of urgency to complete tasks within short turnaround timesResponsible for holding the team accountable for non/late delivery of required tasks or quality.

Stakeholder ownership

Communicate effectively with business stakeholders across the EMEA region at all levels, including senior management and IT leadership.Clearly document audit findings, recommendations, and action plans in a concise and professional manner.Present audit results and recommendations to senior management in a clear and compelling way.Monitor the implementation of agreed-upon management action plans and track progress towards remediation.Embed the agile framework to improve frequency and quality of stakeholder interaction during audits and have the teams raise issues as they go;Share feedback from industry network and other external sourcesInfluence enterprise-wide change within the organisation and provide insights on industry risk and control best practices and emerging risksIdentify specific opportunities to partner with stakeholders to demonstrate impact and influence. Influence tangible outcomes and raised standards of controls and behaviours in the Stakeholders Control Environment.Provide assurance on strategic changes within MUFG and areas of Regulatory Focus.

People management

Develop a high performing team through quality of performance and talent management, motivation and inspiration of staff.Promote a positive workforce culture and take accountability for actioning employee survey results.Collaborate with other directors and ExCo to deliver the MUFG Audit Vision and Strategy, and a united vision to our people. Create a common employee experience;Be fully accountable for driving an output-orientated culture through flexibility with hybrid working, embracing new ways of working (inc MS Teams) and ensuring 3 day required office attendance;Drive and create a safe working environment that upholds MUFG and EMEA Internal Audit culture principlesFlex communication and managerial style to more effectively build relationships within the team and with stakeholders;Create trust with staff, role model vulnerability and act on feedback in the right way to facilitate upwards feedback;Be accountable for the line management of all staff allocated to your portfolio team, including those delegated to more junior staff members;Be a role model line manager through regular high-quality career focused 121s and constructive feedback, delivering the tough messages promptly when required;Actively coach others and enable employee development;

WORK EXPERIENCE

Essential:

Minimum 10 years of experience in IT audit, with a focus on Cyber Security and IT Infrastructure controls.Proven leadership experience in managing and motivating IT audit teams.

Preferred:

Proven experience of operating in a similar role/capacity in Financial ServicesDemonstrable understanding and awareness of the regulatory environment applicable to MUFG’s operations in the EMEA region.

SKILLS AND EXPERIENCE

Functional / Technical Competencies:

Essential

In-depth knowledge of IT governance, risk management frameworks, and IT control frameworks (e.g., COBIT, COSO).Strong understanding of cyber security principles, threats, and vulnerabilities.Experience with IT audit methodologies and tools.Excellent communication, presentation, and interpersonal skills.Ability to work independently and manage multiple priorities in a fast-paced environment.Strong analytical and problem-solving skills.

Preferred:

Experience of conducting audits of cloud computing environments.Experience with IT security frameworks such as NIST or CIS controls .Knowledge of common IT vulnerabilities and penetration testing methodologies.Experience with IT infrastructure controls including network security, server security and data center operations.Proficiency in using IT audit tools including automated auditing tools and data analytic tools (such as alteryx).Demonstrable ability to build and lead high-performing IT audit teams.Experience in coaching and mentoring staff to develop their technical and professional skills.Demonstrable project management capabilities with the ability to oversee multiple audit engagements simultaneously.

Education / Qualifications:

Essential

Demonstrable IT audit and Cyber and Infrastructure credentials, e.g. CISA, CISM, CISSP

Preferred:

Qualifications relevant to the Financial Services industry, Technology (specific to governance, risk management, control, cyber security and infrastructure risk management) and/or Internal Audit.

PERSONAL REQUIREMENTS

Excellent communication skillsResults driven, with a strong sense of accountabilityA proactive, motivated approach.The ability to operate with urgency and prioritise work accordinglyStrong decision making skills, the ability to demonstrate sound judgementA structured and logical approach to workStrong problem solving skillsA creative and innovative approach to workExcellent interpersonal skillsThe ability to manage large workloads and tight deadlinesExcellent attention to detail and accuracyA calm approach, with the ability to perform well in a pressurised environmentStrong numerical skillsExcellent Microsoft Office skillsA confident approach, with the ability to provide clear direction to your teamExcellent managerial/leadership experienceThe ability to lead a high performing teamA strategic approach, with the ability to lead and motivate your teamThe ability to articulate and implement the vision/strategy for the EMEA Internal Audit department

We are open to considering flexible working requests in line with organisational requirements.

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.

We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.