MUFG Union Bank Cyber Risk Assessor in Tempe, Arizona
Cyber Risk Assessor - 10044873-WD
Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2020).In the Americas, we’re 13,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, developing positive relationships built on integrity and respect. It’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. We’re a team that accepts responsibility for the future by asking the tough questions and owning the solutions. Join MUFG and be empowered to make your voice heard and your actions count.
The Cyber Security Risk and Control Assessment,SME works as part of a team of assessors to perform technology and process cybersecurity assessments per defined internal frameworks, methodologies, policy and standards. Within this role, the Assessment SME applies knowledge of industry and control best practices, recommends controls, plans and performs technical assessments, evaluates the design and operational effectiveness of controls, identifies and quantifies control deficiencies, and communicates outcomes to stakeholders and key personnel. Additionally, the Assessment SME works to drive and support regulatory, risk, business, and programmatic objectives.
Demonstrates high-level awareness of the financial services industry
Demonstrates expertise in the FFIEC FCAT framework and NIST control family
Demonstrates awareness of the regulatory environment impactful to banking, i.e., GLBA, FFIEC FCAT, SOX
Demonstrates experience with and/or in-depth understanding of commonly deployed banking technologies and operational best practices i.e., Applications, Infrastructure
Demonstrates understanding of governance, risk management and compliance
Demonstrates professional accountability to maintain and promote regulatory standards, internal policy and standards
Demonstrates self-directed disciplines to ensure career development and professional integrity
Execute technical risk assessment activities for scoped environments and security related controls
Perform and document test plans
Send engagement letters
Populate test templates
Determine design and operating effectiveness of controls
Review conclusions with system owners
Report localized results
Calculate residual risk
Support team objectives in the ongoing development of controls used for testing, scope statements, test procedures, control conditions and supporting collaterals
Recommend improvements in policy and control objectives
Develop control test approaches
Document control test standard operating procedures (SOPs)
Support FLOD/SLOD assessments, audits and external exams
Provide effective, accurate and timely reporting
Ensure accurate and complete documentation
Complete training as assigned and in advance of due dates
Ensure timely and accurate completion of all employment administrative activities
Bachelor's Degree in Computer Science or related fields; applicable specialized training; or equivalent experience
CISA, CRISC, CISM, CIA, CISSP or other relevant professional certifications are desirable
3 to 5 years of experience in cybersecurity assessment activities or IT audit
Prior information technology (IT) experience in mid or large-scale companies
Prior experience in regional, national or multinational financial institutions
Understanding of one or more compliance frameworks: NIST, FFIEC, GLBA, SOX, PCI, etc.
Experience with one or more of the following control areas:
Identity and Access Management
Incident Response and Logging
Network infrastructure (technologies, architectures, operations)
Various network and host-based security products and services
Active Directory, servers, services, desktops and mobile devices
Unix, Linux, AIX
IBM Mainframe, Top Secret
SQL, Oracle, DB2 Databases
An analytical approach to problem resolution with good judgement
General project management skills
Ability to perform technical risk assessments and synthesize observations at a macro level, identifying indicators of changing risk and/or symptoms of process or control deficiencies
Ability to identify and propose process and technology controls in dynamic environments
Ability to interact and communicate effectively with management, risk peers, and staff at all levels across business and technology functions.
Strong oral and written communication; including the ability to write clear, concise, non-technical reports
The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified .
We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.
A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it’s the bank’s policy to only inquire into a candidate’s criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.
Job : Technology
Primary Location : ARIZONA-Tempe
Job Posting : Jul 1, 2021, 11:28:52 AM
Shift: : Day
Schedule: : Full Time
Req ID: 10044873-WD