Sr. Cybersecurity Risk Assessment, Assistant Vice President- Remote

Company: MUFG
Location: Tempe
Posted on: November 19, 2021

Job Description:

Do you want your voice heard and your actions to count?Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world. Across the globe, we're 180,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.This is a remote position. A member of our recruitment team will discuss location preferences with you in more detail.Job Summary:The Cyber Security Risk and Control Assessment, Vice President, works as part of a team of assessors to perform technology and process cybersecurity assessments per defined internal frameworks, methodologies, policy and standards. Within this role, the Assessment SME applies knowledge of industry and control best practices, recommends controls, plans and performs technical assessments, evaluates the design and operational effectiveness of controls, identifies and quantifies control deficiencies, and communicates outcomes to stakeholders and key personnel. Additionally, the Assessment SME works to drive and support regulatory, risk, business, and programmatic objectives.Major Responsibilities:General Responsibilities:- Demonstrates high-level awareness of the financial services industry- Demonstrates awareness of the regulatory environment impactful to banking, i.e., GLBA, FFIEC FCAT, SOX- Demonstrates experience with and/or in-depth understanding of commonly deployed banking technologies and operational best practices i.e., Applications, Infrastructure- Demonstrates understanding of governance, risk management and compliance- Demonstrates professional accountability to maintain and promote regulatory standards, internal policy and standards- Demonstrates self-directed disciplines to ensure career development and professional integritySpecific Responsibilities:- Execute technical risk assessment activities for scoped environments and security related controls - Perform and document test plans- Send engagement letters- Populate test templates- Conduct walkthroughs- Collect evidences- Conduct testing- Determine design and operating effectiveness of controls- Document conclusions- Review conclusions with system owners- Report localized results- Calculate residual risk- Support team objectives in the ongoing development of controls used for testing, scope statements, test procedures, control conditions and supporting collaterals - Recommend improvements in policy and control objectives- Develop control test approaches- Document control test standard operating procedures (SOPs)- support FLOD/SLOD assessments, audits and external exams- Provide effective, accurate and timely reporting- Ensure accurate and complete documentation- complete training as assigned and in advance of due dates- Ensure timely and accurate Completion of all employment administrative activitiesQualifications - Internal- Bachelor's Degree in Computer Science or related fields; applicable specialized training; or equivalent experience- CISA, CRISC, CISM, CIA, CISSP or other relevant professional certifications are desirable- 3 to 5 years of experience in cybersecurity assessment activities or IT audit- Prior information technology (IT) experience in mid or large-scale companies- Prior experience in regional, national or multinational financial institutions- Understanding of one or more compliance frameworks: NIST, FFIEC, GLBA, SOX, PCI, etc.- Experience with one or more of the following control areas:- Identity and Access Management- Incident Response and Logging- Encryption- Secure Coding- Vulnerability Management- Configuration Management- Network infrastructure (technologies, architectures, operations)- Various network and host-based Security products and services- Active Directory, servers, services, desktops and mobile devices- Unix, Linux, AIX- IBM Mainframe, Top Secret- SQL, Oracle, DB3 Databases- an analytical approach to problem resolution with good judgement- General project management skills- Ability to perform technical risk assessments and synthesize observations at a macro level, identifying indicators of changing risk and/or symptoms of process or Control deficiencies- Ability to identify and propose process and technology controls in dynamic environments- Ability to interact and communicate effectively with management, risk peers, and staff at all levels across business and technology functions.- Strong oral and written communication; including the ability to write clear, concise, non-technical reportsThe above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.We are proud to be an Equal Opportunity/Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.Some MUFG roles require that individuals be fully vaccinated against COVID-19, subject to exemptions for medical or religious reasons, as well as any other reason required by applicable law or order. Should you be selected for an interview, your recruiter will provide additional information.

Keywords: MUFG, Tempe , Sr. Cybersecurity Risk Assessment, Assistant Vice President- Remote, Executive , Tempe, Arizona