Security Assessment and Remediation, Vice President

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 6th largest financial group in the world. Across the globe, we're 160,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

• Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the cyber

• security risk associated with technology infrastructure

• Assesses compliance to cyber security policies and standards related to technology infrastructure
• Defines testing processes for cyber security risks associated with technology infrastructure
• Conducts cyber security assessments on technology infrastructure
• Performs independent review and challenge of the front-line unit cyber security assessments and

• remediation plans on technology infrastructure

• Maintains oversight of the front-line unit remediation efforts for cyber security exposures, gaps,

• and deficiencies on technology infrastructure

• Performs independent review and challenge of front-line unit cyber-related RCSA outputs for

• technology infrastructure

• Manages and conducts independent risk assessments, vulnerability scans, and penetration

• testing results conducted on technology infrastructure

• Bachelor's Degree in Computer Science, Information Security, or similar area, or equivalent work experience.
• 6-8 years of progressive experience in computing and information security, including experience with Internet technology and security issues
• Experience in the banking or finance industries preferred
• Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified Information Security
• Management (CISM), Certified in Risk and Information Systems Controls (CRISC) or other security certifications desired
• Cloud technology certifications in AWS, and Azure, or equivalent work experience.
• Knowledge of information security standards, rules and regulations related to information security and data confidentiality, and desktop, server, application, database, network security principles for risk identification and analysis.
• Strong MS Office skills along with strong verbal and written communication skills
• Subject matter expertise in conducting cyber security risk assessments for technology
• infrastructure
• Prior experience of management of technology infrastructure is preferred
• Experienced with vulnerability scanning and penetration testing tools and technologies
• Understanding of ITIL Service Management processes
• Knowledge of the financial services industry and its regulations / laws strongly preferred
• Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business
• Understanding of respective industry best practices (e.g., NIST, ISO, COBIT, OWASP, ITIL)
• Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches
• Knowledge of current industry trends in information risk management
• Able to collaborate well with internal and external stakeholders
• Able to be a subject matter expert on assessing the maturity of cyber security practices for infrastructure
• Experience in security policy development, security education, network testing, application vulnerability assessments, risk analysis, and compliance testing required