Information Security Risk Analyst, AVP


Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018) with total assets of over $2.9 trillion (106.2 (JPY) as of March 30, 2018) and 150,000 colleagues in more than 50 countries. In the U.S., we're 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that's working to fulfill its vision to be the world's most trusted financial group.

Job Summary

The Information Security Risk Analyst primary responsibilities is to perform Security Risk Assessments of information systems as per established methodology, problem reporting, tracking, and documenting resolutions.

Information Security Risk Analyst, Assistant Vice President

Major Responsibilities:

  • Conducting information security assessment of information systems as per our methodology
  • Identify, document and communicate key control deficiencies to stakeholders
  • Assisting stakeholders with recommendations to address key control deficiencies
  • Evaluating management responses to ensure remediation tasks adequately address identified gaps
  • Maintaining familiarity with industry trends and security best practices
  • Contributing to the teams' continuous improvement efforts
  • Adhering to and complying with all applicable, federal and state laws, regulations and guidance, including those related to Anti-Money Laundering (e.g. Bank Secrecy Act, USA PATRIOT Act, et.) 2) Adhering to Bank policies and procedures 3) Completing required training
  • Validate evidence, before identified risks are closed
  • Escalate issues to management as needed


  • At least 5 to 7 years' experience in risk assessment and information security practices
  • Experience with large complex financial institutions or another highly-regulated industry
  • Understanding of the compliance requirement framework such as GLBA, SOX, PCI, HIPAA etc.,
  • Familiarity with one or more of the following areas is highly desirable:
    • IP networks infrastructure (network topology, switches, routers, firewalls, intrusion detection / prevention)
    • Windows Active Directory (policies, structure, elements)
    • Databases (SQL, Oracle, DB2, monitoring tools)
    • Standards / Frameworks (CoBIT 5, ITIL, ISO 15504, ISO 20000, ISO 27000, ISO 31000, ISO 38500, NIST series 800 guidance)
  • Critical thinking, analytical, and project management skills
  • Ability to interact and communicate effectively with senior leadership, regulators, and staff at all levels, across both business and technology functions
  • Ability to perform risk assessments and analyze risk trends at a macro level, identifying signs of changing risk levels and/or symptoms of process control breakdowns
  • Ability to identify and understand controls in changing environments
  • Strong oral and written communication, including the ability to write clear, concise, non-technical and persuasive risk evaluation reports

Education Requirements
  • Bachelor's degree in Computer Science, Technology, or Related Fields.
  • Master's Degree (preferred)

Desired Certifications
  • CISA
  • CIA
  • CISM
  • Other relevant professional certifications

The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.

We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.

A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.

See Inside the Office of MUFG in the Americas

Back to top