Risk & BCP Lead

Overview The “Risk & BCP Lead – MPMS India” will ensure robust and holistic Business Continuity Management (BCM) processes are in place and maintained in full compliance with MUFG Pension & Market Services corporate policy and all relevant regulatory requirements for the India region. The “Risk & BCP – Lead” has responsibility for creation and continual enhancement of the Business Continuity Management (BCM) program which includes Crisis Management, Business Continuity Planning, and IT Disaster Recovery for India teams (Hub & MUFG Intime).  This role requires an upgraded capacity for anticipating and responding to opportunities and threats. It acquires the ability to recognize and address critical / high risk vulnerabilities before having a material influence. This role will have a strong focus on building out our Risk & Compliance capability to have relevant processes in place to accommodate the evolving digital & regulatory landscape. 
Key Accountabilities and main responsibilities Strategic Focus 

• Design and implementation of a customized BCM Framework and Methodology including supporting templates and documentation for the region.
• Direct annual Business Impact Analysis (BIAs) for all Global departments operating & supported from the region.
• Direct and review BCM compliance and quality assurance, in line with requirements under the MUFG Pension & Market Services' risk management framework including OH&S, legislation, statutes, regulations and policies
• Direct annual testing of Global & local BC plans and emergency communication systems.
• Review critical new and legacy vendors and business partners, material to both CM & RS and CTO Global businesses, to determine the adequacy of their internal business continuity controls.
• Design educational workshops and provide consultation to senior management and key stakeholders.  Capability uplift across Senior Leadership team in line with ongoing improvement in risk culture program.
• Drive continuous improvement in all aspects of the Global BCM program. Promote a culture of organisational resilience and awareness across India teams ensuring the Senior leadership team and COO/ CEO have full awareness and visibility as needed.
• Design for organizational resilience by determining critical business services, support systems, applications, and third parties (as required) to plan for business continuity.

Operational Management 

• Management of ‘real’ major disruption BCM events for the region that are declared by the MUFG Pension & Market Services Crisis Management Team.
• Manage the process of updating all Business Continuity Plans at least annually, in alignment with BIAs and as significant operational changes occur.
• Manage the Risk & BCM processes in line with the SEBI, RBI and other regulatory expectations in the region.
• Manage the update to the IT Disaster Recovery (DR) Plans as appropriate for CM, RS, CTO and Intime at least annually, in alignment with BIAs, and because of internal system changes.
• Provide independent assurance, oversight, and subject matter expertise (SME) to support the effective management of non-financial risks (NFRs).
• Ensure that emergency communication systems and protocols are accurately maintained.
• Partner with L1 technology teams to manage the day-to-day monitoring, reporting, and resolution of key technology risks, controls, issues, incidents, events, and risk acceptances.

• Document, track to completion and regularly report on actions arising out of the Emergency Communications, Business Continuity Planning and IT. Disaster Recovery plan tests and exercises including governance over critical suppliers DR testing activities.
• Support L1 teams by reviewing incidents, escalations, and conducting root cause analyses to identify and address underlying issues.
• Facilitate general awareness and role specific training to India staff and key personnel.
• Provide regular program status reports to Senior Leadership team and COO/CEO.

People Leadership

• Foster strong, influential partnerships with SLT to guide strategic priorities, ensuring alignment with organizational success and driving focus on key initiatives.
• Lead internal and external communication efforts to reinforce key messages and build trust.
• Lead the development and delivery of effective engagement strategies for ERCC & BRCC meetings, town halls, new hire onboarding, and employee training programs, ensuring they resonate with and inspire the team.

Governance & Risk

• Conduct independent reviews & assessments of material vendors & their risk management activities against the contractual obligations and regulatory requirements, specially related to system resilience and availability.
• Monitor and report technology risk exposures, limits, appetite, overall risk profile, controls, issues and incidents and associated actions for relevant risk committees.
• Ensure technology programs and initiatives are aligned with the organisation’s risk appetite and regulatory requirements.

The above list of key accountabilities is not an exhaustive list and may change from time-to-time based on business needs.
Experience & Personal Attributes Experience 

• Graduate qualification in any discipline, with relevant tertiary or postgraduate qualifications in IT, Computer Science, or Information Security (desirable but not essential).
• 10+ years of experience in operational risk management, IT resilience, audit, and/or consulting, with proven expertise in business continuity management, technology, cyber, and information security.
• 8+ years of professional experience in large, complex financial services environments; exposure to markets, investment banking, and/or retirement solutions is desirable but not essential.
• Strong leadership in risk management and compliance frameworks, with deep expertise in Technology, Data, and Information Security risks.
• Preferable certification in CRISC, CISM, CISA, CISSP, ISO 27001 Lead Auditor. 
• Knowledge of IT/Cyber Risk frameworks such as NIST, PCI DSS, COBIT, CIS, and ISO 27001 would be beneficial.
• Strong understanding of regulatory standards in India set out by SEBI and RBI along with APRA (CPS 230), DORA, FCA, and PRA requirements in UK & EMEA for managing operational resilience would be beneficial.
• Experience in 2nd Line of Defence (L2) risk or internal audit is beneficial.
• Experience implementing risk management frameworks, tools, and techniques, including scenario analysis and stress testing.
• Proficiency in data analytics, MI development, and tools such as Alteryx, Power BI, and Tableau.

Personal Attributes

• Excellent written and verbal communication skills, with the ability to engage at all levels and tailor messaging to different audiences.
• Strong organisational and planning skills, with the ability to manage conflicting priorities.
• Ability to navigate complex situations, prioritize critical issues, and make effective commercial decisions in a practical manner.
• Proven ability to influence and engage stakeholders at senior levels, driving alignment and gaining buy-in on strategic risk initiatives.

MUFG Pension & Market Services is a global, digitally enabled business that empowers a brighter future by connecting millions of people with their assets – safely, securely and responsibly. 

Through our two businesses MUFG Retirement Solutions and MUFG Corporate Markets, we partner with a diversified portfolio of global clients to provide robust, efficient and scalable services, purpose-built solutions and modern technology platforms that deliver world class outcomes and experiences. 

A member of MUFG, a global financial group, we help manage regulatory complexity, improve data management and connect people with their assets, through exceptional user experience that leverages the expertise of our people combined with scalable technology, digital connectivity and data insights.