Cyber Security Risk & Control Assessments, Assistant Vice President

    • Tempe, AZ


Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018) with total assets of over $2.9 trillion (106.2 (JPY) as of March 30, 2018) and 150,000 colleagues in more than 50 countries. In the U.S., we're 14,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that includes our cash balance pension plan. Join a team that is working to fulfill its vision to be the world's most trusted financial group.

Cyber Security Risk & Control Assessments Assistant Vice President

Job Summary

The Cyber Security Risk and Control Assessment Assistant Vice President works as part of a team of assessors to perform technology and process cybersecurity assessments per defined internal frameworks, methodologies, policy and standards. The Information Security Risk Analyst applies knowledge of industry and control best practices, recommends controls, plans and performs assessments, evaluates the design and effectiveness of controls, identifies and quantifies control deficiencies, reports test results, records outcomes in systems of record, and communicates outcomes to stakeholders and key personnel. The Information Security Risk Analyst works to drive and support regulatory, risk, business and programmatic objectives.

General Responsibilities:

  • Demonstrates high-level awareness of the financial services industry
  • Demonstrates awareness of the regulatory environment impactful to banking
  • Demonstrates experience with and/or in-depth understanding of commonly deployed banking technologies and operational best practices
  • Demonstrates understanding of governance, risk management and compliance
  • Demonstrates professional accountability to maintain and promote regulatory standards, internal policy and standards
  • Demonstrates self-directed disciplines to ensure career development and professional integrity

Specific Responsibilities:

  • Support team objectives in the ongoing development of controls, scope statements, test procedures, control conditions and supporting collaterals
    • Identify control objectives
    • Document references to standard control frameworks
    • Recommend improvements in policy and control objectives
    • Identify controls
    • Develop control test approaches
    • Document control test standard operating procedures (SOPs)
    • Recommend control metrics and control adoption rates
  • Execute assessment activities for scoped environments
    • Perform and document test plans
    • Send engagement letters
    • Populate test templates
    • Conduct walkthroughs
    • Collect evidences
    • Conduct testing
    • Document conclusions
    • Review conclusions with system owners
    • Report localized results
    • Calculate residual risk
  • Perform reporting of findings, issue resolution and management of findings
    • Report completion by control test
    • Analyze control outcomes
    • Analyze and report horizontal risks
    • Provide status reporting
    • Create findings
    • Monitor finding progress by key milestones
  • Support FLOD/SLOD assessments, audits and external exams
    • Ensure robust engagements
    • Respond to inquiries
    • Provide walkthrough of program collaterals
    • Collect evidences
    • Provide research
    • Maintain a record of presented collaterals
    • Record issues and MRAs
    • Validate issue/gap remediation
  • Provide effective, accurate and timely reporting
  • Ensure accurate and complete documentation
  • Complete training as assigned and in advance of due dates
  • Ensure timely and accurate completion of all employment administrative activities


  • Bachelor's Degree in Computer Science or related fields; applicable specialized training; or equivalent experience
  • 3 to 5 years of experience in cybersecurity assessment activities
  • Prior information technology (IT) experience in mid or large-scale companies
  • Prior experience in regional, national or multinational financial institutions
  • Understanding of compliance frameworks: NIST, FFIEC, GLBA, SOX, PCI, etc.
  • Familiarity with one or more of the following areas is highly desirable:
    • Network infrastructure (technologies, architectures, operations)
    • Various network and host-based security products and services
    • Active Directory, servers, services, desktops and mobile devices
    • Unix, Linux, AIX
    • IBM Mainframe, Top Secret
    • SQL, Oracle, DB2 Databases
  • An analytical approach to problem resolution with good judgement
  • General project management skills
  • Ability to perform risk assessments and synthesize observations at a macro level, identifying indicators of changing risk and/or symptoms of process or control deficiencies
  • Ability to identify and propose process and technology controls in dynamic environments
  • Ability to interact and communicate effectively with management, risk peers, and staff at all levels across business and technology functions.
  • Strong oral and written communication; including the ability to write clear, concise, non-technical reports

Desired Certifications
  • CISA, CRISC, CISM, CIA, CISSP or other relevant professional certifications

The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.

We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.

A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.

MUFG Union Bank is part of Mitsubishi UFJ Financial Group (MUFG), the fifth largest financial group in the world.

MUFG in the Americas Company Image

Back to top