3rd Party Risk Management Lead

    • Tempe, AZ

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018) with total assets of over $2.9 trillion (106.2 (JPY) as of March 30, 2018) and 150,000 colleagues in more than 50 countries. In the U.S., we're 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that's working to fulfill its vision to be the world's most trusted financial group.
Job Summary:
The 3rd Party Risk Due Diligence Assessment Team Technical Lead will be responsible for being the primary Cybersecurity Third Party Risk Subject Matter Expert (SME)in Tempe conducting remote and on-site cybersecurity Due Diligence assessments in a dynamic, fast-paced, and global environment. The individual will also be responsible for providing guidance on cybersecurity Due Diligence to other team members in Tempe, conducting contract reviews related to cybersecurity, and participating in high profile technical projects which involve a Third Party.

Major Responsibilities:

  • Coordinates with Service Requesters, Third Party Managers, and Third Parties toconduct and execute
    Due Diligence of third-party systems and applications
  • Assist and conduct contract reviews of cybersecurity terms and conditions to protect the Bank
  • Participate and take a leading role in technical aspects of Due Diligence related to high profile projects involving a Third Party
  • Contribute to the further development and maturity of the Third Party Risk Due Diligence process and methodology
  • Effectively communicating with stakeholders including recapping discussions involving key decisions
  • Conducts training to standardize the assessment and ongoing monitoring processes
  • Escalates issues associated with vendors as needed to management
  • Provide support for other members of the team in Tempe


Requirements:
  • Minimum 7 years' experience in technology and executing Cybersecurity assessments, providing guidance to business stakeholders, and interpreting and applying policies and standards
  • Minimum 1 year reviewing and providing guidance on Cybersecurity contractual terms and conditions
  • Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of Cybersecurity areas/domains; these information security areas include risk management, access control, cryptography, physical security, security architecture and design, network security, application & operations security and compliance/incident management
  • Strong technical and/or IT audit background and practical knowledge of a wide variety of technologies which include server infrastructure & operating systems, network & web infrastructures, database architecture and intrusion detection/prevention systems
  • Proficient working knowledge within the following risk domains/technologies:
    • Database and application security,
    • IDS/IPS technologies, System/Access Administration,
    • Firewall technologies,
    • Network Architecture,
    • Security Event Logging & Monitoring
    • Key Management/Tokenization,
    • Database/Application/Network Layer Secure Protocols,
    • Physical and Environmental Security,
    • Secure Software/Code Development,
    • Change Management,
    • Vulnerability Management.
  • Small Team Lead experience
  • Bachelor's degree in Technology or related discipline
  • Proven skills in influencing people without having direct management authority
  • IT Risk/Audit certification (CISSP, CISA, CRISC, etc.) preferred
  • Knowledge of SOC2 Reports, SCA (Standardized Control Assessment) which replaced AUP (Agreed Upon Procedures) preferred, understanding of Security Control Frameworks (NIST 800-53)
  • Experience working within the Financial Services Industry preferred
  • Outstanding oral and written communications skills

The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.

We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.

A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.


Back to top