MUFG Union Bank Jobs

Mobile mufg Logo

Job Information

MUFG Union Bank Cyber Threat and Risk Management Specialist, AVP - Hybrid in Monterey Park, California

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world. Across the globe, we’re 180,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

This is a hybrid position. There are flexible work from home options available. A member of our recruitment team will discuss the options with you in more detail.

Job Summary

Reporting to the Information Risk Assessment - Infrastructure Director, the Infrastructure -the Assistant Vice President is responsible for assisting with defining detailed information risk scenarios based on knowledge of industry intelligence and the enterprise internal environment. Additionally, the Risk Scenarios & Threat Analysis Associate works with the risk assessment teams within Information Risk Management to determine potential risks associated with new threats and assists with partnering with the first line units to develop and test playbooks for selected scenarios both internally and externally with the industry. The position also supports management in consolidating and reporting on results and driving the first line units to address issues found through the testing, identifying, assessing, and monitoring information risk associated with cloud and internal technology infrastructure and assessing compliance with policy / standard / procedure-related to technology infrastructure.

Major Responsibilities:

Generally:

  • Stakeholder management and working across various parts of the organization

  • Communicates information risk matters to management

  • Supports maintaining and updating the Risk, Threats, and Scenarios Library

Specifically:

  • Assists with defining information risk/threat scenarios based on industry intelligence and the enterprise internal environment

  • Assists with partnering with the first line units to develop playbooks to address key information risk/threat scenarios

  • Participates in tabletop exercises and playbook rehearsals to assess enterprise readiness to deal with key information risk scenarios

  • Assists other members of the Information Risk Management organization on the planning of assessments and testing activities based on the critical information risk themes

  • Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the information risk associated with technology infrastructure residing both internally and in public clouds, with focus on the following processes:

  • Enterprise Architecture

  • Data Encryption & Protection

  • Security Incident response

  • Security Information and Event Management (SIEM)

  • Threat and Vulnerability Mgmt

  • Capacity Management

  • Network Security

  • Service Level Management

  • Assesses compliance to cloud and internal information risk policies and standards related to technology infrastructure

  • Defines testing processes for information risks associated with cloud and internal technology infrastructure

  • Conducts targeted and advisory information risk assessments on cloud and internal technology infrastructure

  • Performs independent review and challenge of the front line unit cloud information risk assessments and remediation plans on technology infrastructure

  • Maintains oversight of the front line unit remediation efforts for cloud and internal information risk exposures, gaps, and deficiencies on technology infrastructure

  • Performs independent review and challenge of front line unit RCSA outputs for cloud and internal technology infrastructure

  • Manages and conducts independent risk assessments, vulnerability scans, and penetration testing results conducted on technology infrastructure

  • Stakeholder management and working across various parts of the organization

  • Communicates information risk matters to senior management

Qualifications:

Education : Bachelor's Degree or equivalent work experience required

Certifications: At least one security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP), AWS Architecture or Information Security certifications

Experience:

  • 2 + years of related experience

  • Subject matter expertise in conducting and designing cyber and cloud information risk assessments for technology infrastructure

  • Prior experience of management of cloud based and/or internal technology infrastructure is preferred

  • Experienced with vulnerability scanning and penetration testing tools and technologies

  • Understanding of ITIL Service Management processes

  • Knowledge of the financial services industry and its regulations / laws

  • Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business

  • Understanding of respective industry best practices (e.g., NIST, CSA, ISO, COBIT, OWASP, ITIL)

  • Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches

  • Knowledge of current industry trends in information risk management

  • Experience with public cloud infrastructure or information security management (especially AWS or O365)"

  • Strong MS Office skills along with strong verbal and written communication skills

  • Able to collaborate well with internal and external stakeholders

  • Able to be a subject matter expert on assessing general technology processes relating to infrastructure

#LI-Hybrid

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity/Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.

Some MUFG roles require that individuals be fully vaccinated against COVID-19, subject to exemptions for medical or religious reasons, as well as any other reason required by applicable law or order. Should you be selected for an interview, your recruiter will provide additional information.

#LI-Hybrid

DirectEmployers