Senior Manager, Technology & Cyber Risk

Overview Reporting to the General Manager, Technology Risk & Compliance, the Senior Manager Technology & Cyber Risk will be a trusted advisor in risk identification, remediation, and regulatory compliance across enterprise-wide IT applications, infrastructure, cloud, and data services. This role will sit within the 2LOD, leading a team to drive operational risk effectiveness and strengthen governance across the group.  Operating within the CRO function, the focus is on planning and governing risks and enhancing control effectiveness. This role will be a strategic partner within IT and across Technology business functions, build and maintain strong relationships at senior levels and have a results-driven mindset. You will achieve clear, measurable technology objectives while driving sustainable enhancements in IT Risk & Controls, ensuring both robust design and effective implementation across global technology teams.
Key Accountabilities and main responsibilities Strategic Focus 

• Contribute to the strategic execution of the Technology Risk & Compliance function within the 2nd Line of Defense, ensuring alignment with organizational objectives.
• Oversee the development and integration of Technology Risk Governance, driving consistent application across the organization.
• Manage Governance, Risk, and Compliance (GRC) initiatives across all Technology domains, ensuring comprehensive risk management and compliance frameworks are in place.

Operational Management 

• Provide independent assurance, oversight, and subject matter expertise (SME) to support the effective management of non-financial risks (NFRs).
• Guide the development and implementation of comprehensive frameworks for managing Cyber and Information Security risks, ensuring operational alignment and effectiveness.
• Partner with L1 technology teams to manage the day-to-day monitoring, reporting, and resolution of key technology risks, controls, issues, incidents, events, and risk acceptances.
• Prepare and deliver monthly executive reports to support the Technology Director in risk oversight and decision-making.
• Ensure the alignment and effective application of MUFG MPMS’s risk management strategy and operational risk frameworks, specifically in the context of Information Security and Cyber risks.
• Conduct independent risk and control assessments, deep-dive reviews, and collaborate on solutions to remediate risks related to IT applications, infrastructure, and cloud services.
• Review and analyse security testing reports, such as vulnerability and penetration testing, and escalate high-risk vulnerabilities or potential IT system risks.
• Monitor end-of-life assets and their remediation plans to proactively address underlying risks.
• Support L1 teams by reviewing incidents, escalations, and conducting root cause analyses to identify and address underlying issues.
• Effectively support the daily management of the Governance, Risk, and Compliance (GRC) systems, including open issues, events, corrective actions, and findings, ensuring effective and timely resolutions.
• Contribute to the development of frameworks, policies, standards, and controls related to Technology, Information Security, and Cyber, while establishing key risk metrics for ongoing monitoring and reporting.
• Ensure data risks are properly assessed and incorporated into the overall risk profile.
• Hold L1 teams accountable for identifying, addressing, and resolving control gaps, issues, and internal audit findings in a timely manner.

People Leadership 

• Foster strong, influential partnerships with SLT to guide strategic priorities, ensuring alignment with organizational success and driving focus on key initiatives.
• Lead internal and external communication efforts to reinforce key messages and build trust.
• Lead the development and delivery of effective engagement strategies for ERCC & BRCC meetings, town halls, new hire onboarding, and employee training programs, ensuring they resonate with and inspire the team. 

Governance & Risk 

• Conduct independent technology reviews & assessments of material vendors & their risk management activities against the contractual obligations and regulatory requirements. 
• Monitor and report technology risk exposures, limits, appetite, overall risk profile, controls, issues and incidents and associated actions for relevant risk committees.
• Ensure technology programs and initiatives are aligned with the organisation’s risk appetite and regulatory requirements.

The above list of key accountabilities is not an exhaustive list and may change from time-to-time based on business needs.
Experience & Personal Attributes

• Graduate qualification in any discipline, with relevant tertiary or postgraduate qualifications in IT, Computer Science, or Information Security (desirable but not essential).
• At least 14+ years of experience in operational risk management, compliance, audit, assurance, and/or consulting, with proven expertise in technology, cyber, and information security.
• At least 10+ years of professional experience in large, complex financial services environments; exposure to markets, investment banking, and/or retirement solutions is desirable but not essential.
• Strong leadership in risk management and compliance frameworks, with deep expertise in Technology, Data, and Information Security risks.
• Preferable certification in CRISC, CISM, CISA, CISSP, ISO 27001 Lead Auditor. 
• In-depth knowledge of IT/Cyber Risk frameworks such as NIST, PCI DSS, COBIT, CIS, and ISO 27001.
• Strong understanding of regulatory standards, including APRA (CPS 234, CPS 230, CPS 235), DORA, FCA, and PRA requirements for managing operational risks.
• Experience in 2nd Line of Defence (L2) risk or internal audit is beneficial.
• Experience implementing risk management frameworks, tools, and techniques, including scenario analysis and stress testing.
• Proficiency in data analytics, MI development, and tools such as Alteryx, Power BI, and Tableau.
• Excellent written and verbal communication skills, with the ability to engage at all levels and tailor messaging to different audiences.
• Strong organisational and planning skills, with the ability to manage conflicting priorities.
• Ability to navigate complex situations, prioritize critical issues, and make effective commercial decisions in a practical manner.
• Proven ability to influence and engage stakeholders at senior levels, driving alignment and gaining buy-in on strategic risk initiatives.

MUFG Pension & Market Services is a global, digitally enabled business that empowers a brighter future by connecting millions of people with their assets – safely, securely and responsibly. 

Through our two businesses MUFG Retirement Solutions and MUFG Corporate Markets, we partner with a diversified portfolio of global clients to provide robust, efficient and scalable services, purpose-built solutions and modern technology platforms that deliver world class outcomes and experiences. 

A member of MUFG, a global financial group, we help manage regulatory complexity, improve data management and connect people with their assets, through exceptional user experience that leverages the expertise of our people combined with scalable technology, digital connectivity and data insights.