MUFG Union Bank Jobs

Mobile mufg Logo

Job Information

MUFG Union Bank Data Protection / Insider Threat Engineer, Vice President - Remote in Austin, Texas

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world. Across the globe, we’re 180,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

This is a remote position. A member of our recruitment team will discuss location preferences with you in more detail.

This role can be remote in any of these States: Arizona Texas, North Carolina, Washington, Oregon, California, Illinois, Kentucky, Georgia, New York, Connecticut, Massachusetts, New Jersey, District of Columbia, Utah, Nebraska, Minnesota, Missouri. Arkansas, Indiana, Ohio, Tennessee, Alabama, Florida, South Carolina, Virginia

Job Summary:

In this role you will focus on the tools, processes, and methods needed to design, implement, and test complete systems and to adapt existing systems as the environment evolves. Your responsibilities will include preventing and protecting against unauthorized access; maintaining the integrity and confidentiality of critical data against internal and external threats; ensuring enterprise-level endpoint protection and encryption; and simplifying the security toolset by implementing superior products that cover many security vectors without impeding system performance or diminishing user experience. In this role, you will be responsible for maturing and enhancing our existing insider threat governance framework by collaborating on efforts to design and implement improved standard operating procedures, policies, guidelines, regulatory reporting and technologies within MUFG’s unique security landscape.

Major Responsibilities

  • Perform management activities such as design, implementation, monitoring, capacity planning, scalability testing, fail-over testing, backup/recovery planning, disaster recovery, and performance and security baselines

  • Implement tasks/projects critical to the organization’s data protection technologies

  • Deploy and support data protection monitoring and prevention tools (e.g.: Cloud Access Security Broker (CASB), Splunk, Data Leakage Protection (DLP), Database Monitoring, tokenization, and encryption)

  • Create procedures to support the analysis of events/incidents for remediation suggestions to relevant areas

  • Research and document security best practices to proactively identify security gaps including vendor review, technology evaluations, demos, and proof of concept trials

  • Identify, isolate, and document solution defects and work with the owner/vendor to bring issues to resolution

  • Create and regularly evaluate process, quality control, and configuration management document

  • Assist with the development and implementation of global insider threat use cases surrounding data exfiltration, internal fraud, privilege escalations, as well as IT sabotage for desktops, laptops, servers, mobile, virtual and multi-cloud environments

  • Collaborate on efforts to support the growth and maturity of ITO's enhanced monitoring capabilities of critical data and high valued assets

  • Establish enterprise-level KPIs and KRI’s to ensure effectiveness, efficiency, and overall customer satisfaction. This includes defining key metrics and trends in the day-to-day operations and implementing changes to support the reduction of time to detect, respond, and remediate key technical Insider threat operation security risks

  • Perform bank-wide risk assessments including the Risk Control Self-Assessment (RCSA), Risk Governance Assessment (RGA), and Operational Risk Partner Review and Challenges

  • Assist the ITO manager with the internal control and quality assurance programs

  • Provide review and challenge to processes to ensure controls are operational and executable as designed. Assist the ITO manager on compliance policy and procedure administration, management reporting, CFPB and OCC deliverables and operating plan updates

  • Participate in framework processes such as annual audit review/certifications and annual review of model validations

  • Recommend enhancements through the identification of self-identified issues and align enhancement feedback with the group's strategic initiatives

  • Contribute to regulatory and audit exams, committee reporting, issue remediation and other key projects

  • Key lead on various ad-hoc projects as needed. Develop Insider Threat standards metrics, playbooks, standard operating procedures/policy development to gauge how MUFG is following cyber standards, policies, and technical requirements

Qualifications

  • 4+ years' overall technical experience in either reverse engineering/malware analysis, threat intelligence, incident response, security operations, or related information security field

  • Previous experience in security operations, insider threat analysis and/or mitigation programs.

  • Experience working with common cybersecurity, governance, or compliance related frameworks through developing, implementing and training cybersecurity and/or governance standards.

  • Excellent writing and presentation skills with demonstrated ability to communicate clearly and concisely with peers and all levels of leadership. Have strong creative problem solving and analytical thinking Cybersecurity//Insider risk management governance, including development, maintenance, and implementation of Insider Threat policies and standards.

  • 3+ years’ experience with a combination of technical, investigations, network and system responsibilities

  • Have a working knowledge of common cybersecurity frameworks (e.g., NIST CSF, ISO 27001, COBIT, CCPA/CPRA) especially as it relates to building and operating a data protection and compliance program and/or managing internal security controls, risk assessments, business processes or operational auditing

  • Experience in the financial/government sector is a plus

  • An ability to act independently, prioritizing and organizing day to day tasks and needs as appropriate

  • Possess excellent communication and presentation skills

  • Demonstrated capabilities to do data analytics and draw risk conclusions based on activities seen

  • Experience with O365, Splunk, Symantec/DLP, Exabeam, and other cloud technology solutions

  • Documentation writing skills that present both a business and technical viewpoint

  • Security and IT metrics experience a plus; report creation abilities strongly desired

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity/Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.

Some MUFG roles require that individuals be fully vaccinated against COVID-19, subject to exemptions for medical or religious reasons, as well as any other reason required by applicable law or order. Should you be selected for an interview, your recruiter will provide additional information.

#LI-Remote

DirectEmployers