Senior Information Security Risk Analyst, Associate Vice President - Hybrid - Jersey City, NJ/Tempe, AZ/ Irving, Texas

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 6th largest financial group in the world. Across the globe, we're 160,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

• Conduct information security assessment of information systems as per our methodology
• Identify, document and communicate key control deficiencies to stakeholders
• Assist stakeholders with recommendations to address key control deficiencies
• Evaluate management responses to ensure remediation tasks adequately address identified gaps
• Maintain familiarity with industry trends and security best practices
• Contribute to the teams' continuous improvement efforts
• Adhere to and complying with all applicable, federal and state laws, regulations and guidance. Adhere to Bank policies and procedures. Complete required training
• Validate evidence, before identified risks are closed
• Escalate issues to management as needed

• Bachelor's degree in computer science, Technology, or Related Fields.
• Master's Degree preferred

• At least 5-7 years' experience in risk assessment and information security practices
• Experience with large complex financial institutions or another highly-regulated industry
• Understanding of the compliance requirement framework such as GLBA, SOX, PCI, HIPAA etc.,
• Background engaging with both internal and external audit functions
• Ability to identify, interpret and apply IT controls in changing environments
• Familiarity with one or more of the following areas is highly desirable:
• AWS, Azure, other cloud technologies
• IP networks infrastructure (network topology, switches, routers, firewalls, intrusion detection / prevention)
• Windows Active Directory (policies, structure, elements)
• Databases (SQL, Oracle, DB2, monitoring tools)
• Vulnerability and Policy Compliance scanning tools (such as Qualys, Rapid7, Imperva, DB Protect, eIQ Nessus, etc.)
• Standards / Frameworks (CoBIT 5, ITIL, ISO 15504, ISO 20000, ISO 27000, ISO 31000, ISO 38500, NIST series 800-53 guidance)
• Access control (Identity Access Management user access provisioning and recertification.
• Logging (System Event / Audit log collection)
• Data Encryption / Masking techniques (At-rest, in-transit, in-motion)
• Physical security principles
• Critical thinking, analytical, and project management skills
• Ability to interact and communicate effectively with leadership and staff across both business and technology functions
• Preferred Certifications: CISA, CISM, CISSP, CRISC, PMP