MUFG Union Bank IT Policy and Security Awareness Training AVP in New York, New York
Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world. Across the globe, we’re 180,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
This is a hybrid position. There are flexible work from home options available. A member of our recruitment team will discuss the options with you in more detail.
MUSA is seeking an IT Policy and Security Awareness Training Analyst to manage BAU activities and support operational controls based upon CUSO and International policies, standards and procedures and ensure that MUSA staff is adequately trained on Information Security best practices:
Manage and support the effectiveness of Information Security Staff Awareness and Training program to ensure employees and consultants are adequately trained and informed of IT risks and controls.
Support the Compliance Management function by operating as the Staff Awareness and Training process owner and SME, and partnering with other similar SMEs from the other MUFG entities.
Work and coordinate with the various MUSA business and technology groups (e.g., application, infrastructure and information security) to understand their responsibilities and what type of training is required to support process improvement and ensure regulatory compliance.
Review new or updated Consolidated United States Operations (CUSO) IT policies and standards, and ensure they are approved by IT Management and effectively communicated to MUSA IT.
Partner and collaborate with MUS International Information Security teams to stay in sync and abreast of new or changes to international policies or standards that could impact MUSA.
Work with Technology teams to enhance their procedures for RCSAs.
Ensure that identified Security and Awareness Training related issues are prioritized and remediated in an appropriate timeframe.
On an as-needed basis, support the execution of BAU processes as necessary to help ensure IT Security related risks are mitigated to an acceptable level.
Manage and execute the Firm’s Phishing campaign and produce monthly key metrics for Management reporting.
Identify areas of improvement to bolster the overall Information Security program based on the results from periodic Phishing campaigns.
The successful candidate should have the following qualifications:
Bachelor of Management of Information Services, Computer Science or Computer Engineering degree from accredited college or university [or equivalent work experience]
Certifications are highly preferred but not mandatory: CISSP, CISA, CRISC, CISM, CDPSE
5+ years of Information Security related experience with business analysis or technical/functional design and implementation experience of configuring and integrating phishing campaigns
Working knowledge of Information Security principles and best practices (i.e., Cyber Security, Data Privacy, Identity Access Management, Privileged Access Management, etc.)
Proven experience implementing and monitoring success criteria for staff awareness and training programs as well as stealth phishing campaigns.
Proven experience supporting large Information Security projects and phishing campaigns with diverse departmental structures and geographically distributed workforce
Ability to quickly digest client’s internal information security policies & standards, authority/approval constructs related to Staff Awareness and Training.
Must have the ability to work closely with multi-cultural and globally distributed stakeholders to overcome resistance and effect change.
Must have the ability to work effectively as a member of a team.
Familiarity with best practices and standards, such as: NIST Cybersecurity Framework, FFEIC Handbooks, ISO27001:2013, ISO22301:2012, NFPA 1600, NIST 800-53, and NIST 800-61.
Strong organizational skills, excellent interpersonal skills, team player, and ability to clearly document risk and controls.
Motivated self-starter with ability to work independently, adapt to changing priorities, handle multiple assignments and adhere to strict guidelines.
Strong analytical acumen and logical thought process required.
Communicates clearly and succinctly whether in oral or written form; effectively communicates in a variety of settings - formal and informal; attentive and active listener; straightforward and composed.
Working knowledge of Microsoft Office products including PowerPoint, Word, Excel, Project, and Microsoft Access.
The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.
We are proud to be an Equal Opportunity/Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.
Some MUFG roles require that individuals be fully vaccinated against COVID-19, subject to exemptions for medical or religious reasons, as well as any other reason required by applicable law or order. Should you be selected for an interview, your recruiter will provide additional information.