John O'Neill Email and Phone Number

The role of Head of TPRM (Third Party Risk Management, Outsourcing Oversight) to drive development and delivery of a new Risk culture and management of our Outsourced and 3rd party services in line with Policy and regulatory requirements across MUFG EMEA Banking group, and where applicable MUFG Securities international affiliates group. The team’s mandate is to establish and maintain a framework and governance model for the management and remediation of associated Technology and Business Risk related to outsourcing and 3rd party vendor risk.• Lead the design, build and implementation of an Outsourcing and 3rd Party framework (including Intercompany Agreement) working in conjunction with the 3 line of defence teams and Head Office• Remain up to date with Outsourcing and TPRM regulatory changes; ensure that changes are well understood and plans are developed for implementation as appropriate• Act as an ambassador for Third Party Risk Management (TPRM) across the organisation to monitor, mitigate and report on risk from third party relationships especially vendors and clients• Build and develop effective relationships with key internal/external stakeholders.• Champion the Third-Party Risk Framework and best practices across the organisation whilst acting as a Centre of Excellence for Third Party Risk in EMEA• Responsible for ensuring TPRM risks are monitored, recognised and reported (e.g. KPIs, KRI)• Work with the Operational Resilience teams to ensure our outsourced and 3rd Party services for Important Business Services (IBS) are controlled, monitored and delivered within appetiteThe role also functionally assist in in IT RiskManages the relationship and requirements of 2nd and 3rd lines of defence, covering technology audit monitoring from inception to final remediation, documenting and running the controls environment across technology and managing first line risk and will be responsible for strengthening the internal audit function within technology

Technology & Cyber Risk and Operation Resilience Oversight.Responsible for running the Operational Risk Management Framework and conducting oversight activities across the EMEA region. Within the scope of responsibilities of the Second Line of Defence activities for IT Risk and Cyber Security. Enhancing the organisation’s Technology Risk and Cyber Security framework and capabilities to ensure the firm remains appropriately protected in the evolving threat landscape, and enable ORMD to provide appropriate input and oversight of the organisation’s operational resilience preparations.Leading the development of the firm’s Second Line of Defence capabilities (policies, procedures, and controls) to manage Technology (IT) risk, including Information Security and Cyber risks in London and across the EMEA region, in line with regulatory requirements, and to support the achievement of the Bank's strategic objectives.

Global Head of IS, Technology Risk and Compliance, I manage all activities required to identify and control the NWM businesses exposure to the risk from the lack of control in Technology or Information Security. This enables NWM Technology and business to comply with all Audit and Regulatory obligations including SOX, MAS and the US 17a-5 requirements. My role was to implement a strong Technology and IS control framework within the 1st line of defence, using it to identify risk issues and then support remediation activities. My team proactively identify and test for potential exposures to both IS or IT Risk. I also worked with both the 2nd and 3rd line of defence to manage and respond to any audit or regulatory enquiries related to Technology in NWM

Manage the overall Information Security and Technology Operational Risk function across IB Technology. Ensuring that Technology meet Group policies and procedures with respect to Information Security, technology compliance and operational risk. This includes responsibility for Technology compliance, co-ordinating and tracking internal and external Audit actions and ensuring technology controls monitoring and reporting. Provide business-aligned specialist security skills to application teams and to the business.