MUFG Union Bank Jobs

Mobile mufg Logo

Job Information

MUFG Union Bank Security Assessment & Remediation Analyst in Tempe, Arizona

Security Assessment & Remediation Analyst - 10044150-WD


Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2020).In the Americas, we’re 13,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, developing positive relationships built on integrity and respect. It’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. We’re a team that accepts responsibility for the future by asking the tough questions and owning the solutions. Join MUFG and be empowered to make your voice heard and your actions count.

Job Summary:

The 3rd Party Risk Due Diligence Assessment analyst will be responsible for being a Cybersecurity Third Party Risk Subject Matter Expert (SME) in Tempe conducting remote and on-site cybersecurity Due Diligence assessments in a dynamic, fast-paced, and global environment. The individual will also be responsible for conducting contract reviews related to cybersecurity and participating in high profile technical projects which involve a Third Party.

Major Responsibilities:

  • Coordinate with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements.

  • Perform Information Security remote/table-top assessments.

  • Perform Information Security onsite assessments at vendor locations when required.

  • Assess completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls; analyze the information to identify information security weaknesses or non-compliance with MUFG and industry standards.

  • Produce detailed documentation of assessments and perform threat analysis of gaps identified.

  • Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.

  • Validate evidence from vendors, before Remediation Plans are closed.

  • Escalate issues associated with vendors as needed to management.



  • 3-5 years' experience, ideally in information security.

  • Experience performing information security assessments; provide information security guidance to business stakeholders; interpreting and applying information security policy and standards.

  • Experience working with the SIG (Standard Information Gathering) questionnaire, SOC2 reports, Penetration Test results, PCI (Payment Card Industry) reports as well as other Information Security documentation.

  • Knowledge of NIST 800-53 Controls.

  • Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains; these information security areas include risk management, access control, cryptography, physical security, security architecture and design, network security, application & operations security and compliance/incident management.

  • Experience in network testing, application vulnerability assessments, risk analysis, and compliance testing strongly preferred.

  • Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), or other security certifications desired.

  • Knowledge of information security standards, rules and regulations related to information security and data confidentiality, and desktop, server, application, database, network security principles for risk identification and analysis.

  • Experience in network testing, application vulnerability assessments, risk analysis, and compliance testing strongly preferred.

The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified .

We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.

A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it’s the bank’s policy to only inquire into a candidate’s criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.

Job : Technology

Primary Location : ARIZONA-Tempe

Job Posting : Jun 8, 2021, 5:46:55 AM

Shift: : Day

Schedule: : Full Time

Req ID: 10044150-WD