This job has expired, please see additional jobs below
Senior Vendor Risk Assessment Analyst, Assistant Vice President
Mitsubishi UFJ Financial Group
Jersey City, NJ, United States
Job Details - this job has expired, please see similar jobs below
Description
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world with total assets of over $2.4 trillion (as ranked by SNL Financial, April 2016) and 140,000 colleagues in nearly 50 countries. In the U.S., we’re 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that’s working to fulfill its vision to be the world’s most trusted financial group.
Major Responsibilities:
• Experience performing information security assessments; provide information security guidance to business stakeholders; interpreting and applying information security policy and standards
• Experience working with the SIG (Standard Information Gathering) questionnaire, SOC2 reports, Penetration Test results, PCI (Payment Card Industry) reports as well as other Information Security documentation.
• Coordinate with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements.
• Perform Information Security remote/table-top assessments.
• Perform Information Security onsite assessments at vendor locations when required
• Assess completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls; analyze the information to identify information security weaknesses or non-compliance with MUFG and industry standards.
• Produce detailed documentation of assessments and perform threat analysis of gaps identified.
• Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks.
• Validate evidence from vendors, before Remediation Plans are closed.
• Escalate issues associated with vendors as needed to management.
• Knowledge of NIST 800-53 Controls
Qualifications
• Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains; these information security areas include risk management, access control, cryptography, physical security, security architecture and design, network security, application & operations security and compliance/incident management.
• Proficient working knowledge within the following risk domains/technologies: Database and application security, IDS/IPS technologies, System/Access Administration, Firewall technologies, Network Architecture, Security Event Logging & Monitoring , Key Management/Tokenization, Database/Application/Network Layer Secure Protocols, Physical and Environmental Security, Secure Software/Code Development, Change Management, Vulnerability Management.
• Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques.
• Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines.
• Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person.
• Strong risk analysis and problem solving skills.
• Must be flexible to ensure assessments are performed by the mandated date and be able to manage multiple assessments simultaneously.
• IT Risk Management/Audit industry certification (such as CISSP, CISA, CRISC, etc.) preferred.
• Proficient with Microsoft Excel, Word, Power Point
To learn more about MUFG, review all current career opportunities, and apply please visit us online: www.mufg-americas.com/careers
The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.
We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.
A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it’s the bank’s policy to only inquire into a candidate’s criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.