Head of AI & Data Privacy Risk

Overview

As the AI & Data Privacy Line 2 Risk Leader, you will be responsible for establishing and leading the enterprise-wide risk management strategy for Artificial Intelligence (AI), Machine Learning (ML), and data-driven technologies. This role ensures that AI systems and data practices are ethical, secure, compliant, and aligned with privacy & regulatory expectations and values of MPMS.

The role will work cross-functionally with technology, legal, L1 risk teams, data science, and business teams to identify, assess, and mitigate risks associated with AI models, data privacy & governance, and emerging technologies.

This role is ideal for a seasoned risk professional, will contribute to our overall AI governance strategy, data privacy policies & procedures, executing & enabling a future fit risk management practise in both domains to enable our client & customer ambitions.

Key Accountabilities and main responsibilities

Strategic Focus

Design and implementation of enterprise-wide AI Policy and Data Risk Governance Model.

Drive adherence and execution of the AI Risk Assessments, to determine the adequacy & effectiveness of their internal controls.

Design educational workshops and provide consultation to senior management and key stakeholders for ethical use of AI and Data.

Drive capability uplift across Senior Leadership team in line with ongoing improvements in risk culture.

Operational Management

Develop and implement a comprehensive AI risk management framework.

Ensure adherence to AI principles for every valid AI use case, providing L2 oversight and assurance on the AI Risk & Information Security Assessments conducted by the business teams.

Define risk appetite and controls for AI/ML systems across their lifecycle (design, training, deployment, monitoring).

Provide subject matter inputs to support the effective management of AI risks.

Lead AI model validation, assurance & approval processes.

Develop and maintain the organization’s data quality, privacy framework, lineage, policies, and procedures for ethical use.

Oversee data governance programs and ensure alignment with regulatory requirements (e.g., GDPR, PII, CCPA, APRA CPS 234/230).

Lead privacy risk assessments and data protection impact assessments (DPIAs).

Monitor third-party data risks and vendor compliance.

Champion privacy by design and default in technology and business processes.

Liaise with regulatory authorities and manage responses to inquiries or investigations.

Lead privacy incident response and breach notification procedures & transparency.

Develop and deliver privacy training and awareness programs across the organization.

Provide expert guidance to teams on privacy risks and mitigation strategies.

People Leadership

Lead a team of L2 AI Risk Manager & Data Privacy Officers managing enterprise-wide risk deliveries of our strategic objectives and goals for both the domains.

Lead the development and delivery of effective engagement strategies for ERCC & BRCC meetings, town halls, new hire onboarding, and employee training programs, ensuring they resonate with and inspire the team.

Timely decisions that align with the strategy and vision of the organisation

Foster strong, influential partnerships with SLT to guide strategic priorities, ensuring alignment with organizational success and driving focus on key initiatives.

Lead internal and external communication efforts to reinforce key messages and build trust.

Collaborate with IT, cybersecurity, legal, and business units to align AI risk & data privacy with broader risk and compliance objectives.

Advise on third-party data sharing, cross-border transfers, and vendor risk

Working with your sponsor to develop effective and implement as needed risk management plans to minimise the consequence of adverse events

Governance and Risk

Provide independent Line 2 oversight to ensure robust governance and effective risk management of AI, data privacy, and emerging technology initiatives, aligned with regulatory expectations and organizational risk appetite.

Establish and maintain strong governance frameworks, enabling proactive identification, assessment, and mitigation of risks while embedding a culture of accountability, transparency, and ethical practices across the enterprise.

Experience & Personal Attributes

Graduate qualification in any discipline, with relevant tertiary or postgraduate qualifications in IT, Computer Science, or Information Security (desirable but not essential).

At least 12+ years of experience in technology & security risk management including reasonably deep knowledge and experience in managing AI & Data Risk in Financial Services sector, preferably with investment banking or superannuation industry.

Professional experience in audit, and/or consulting would be beneficial

Strong leadership in risk management and compliance frameworks, with deep expertise in Technology, Data, and Information Security risks.

Preferable certification in CRISC, CISM, CISA, CISSP, ISO 27001 Lead Auditor.

Knowledge of frameworks such as NIST, AI NIST, PCI DSS, COBIT, CIS, and ISO 27001, 42001 would be an advantage.

Strong understanding of regulatory standards set out by APRA, EU DORA, UK FCA, PRA, SEBI & HKMA authorities.

Program management / transformation experience, ideally in digital, data, or AI.

Personal Attributes

Strategic and outcome focused.

Comfortable with ambiguity and complexity, able to collaborative & influence

Passionate about the role of AI & Data in shaping the future of work

Strong team leadership skills.

Excellent organisational skills with the ability to coordinate others

Proficiency in MI & analytics and tools such as Alteryx, Power BI, and Tableau.

MUFG Pension & Market Services is a global, digitally enabled business that empowers a brighter future by connecting millions of people with their assets – safely, securely and responsibly.

Through our two businesses MUFG Retirement Solutions and MUFG Corporate Markets, we partner with a diversified portfolio of global clients to provide robust, efficient and scalable services, purpose-built solutions and modern technology platforms that deliver world class outcomes and experiences.

A member of MUFG, a global financial group, we help manage regulatory complexity, improve data management and connect people with their assets, through exceptional user experience that leverages the expertise of our people combined with scalable technology, digital connectivity and data insights.

Our Group Risk & Compliance function manages all aspects of risk and compliance across the organisation. It oversees the risk management framework to ensure effective operational risk management, guidance from risk and compliance teams, and implementation of global risk management strategies. This function ensures that we consistently meet regulatory compliance and governance standards.

MUFG Pension & Market Services is continuing to build a dynamic, client-focused, caring, and inclusive culture based on entrepreneurial spirit, effective risk management, empathy, and trust, underpinned by core values.

We work collaboratively, supporting and valuing the talents and perspectives of our people, and promoting a flexible work environment where their wellbeing is prioritized. We believe diversity drives better client outcomes, improvement, and growth.

Join us on the MUFG Pension & Market Services journey to achieve our full potential. We treat everyone fairly and equitably, regardless of diverse characteristics. Candidates must have the relevant work rights. Successful applicants must complete background screening before employment.