This job has expired, please see additional jobs below
Security Policy Analyst, Assistant Vice President
Mitsubishi UFJ Financial Group
Jersey City, NJ, United States
Job Details - this job has expired, please see similar jobs below
Description
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world with total assets of over $2.4 trillion (as ranked by SNL Financial, April 2016) and 140,000 colleagues in nearly 50 countries. In the U.S., we’re 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that’s working to fulfill its vision to be the world’s most trusted financial group.
Summary:
The Cybersecurity Controls & Compliance senior analyst will serve as a Subject Matter Expert (SME) in Enterprise Information Security working with Process Owners and department heads to define controls related to the information security program related Policy and Standards. Collaborate with functional leads, Information Risk Management, Internal Audit and Business Units across MUFG to ensure proper definition, communication, awareness and adoption of critical controls in an effort to reduce risk for the organization. Serve as subject matter expert on many regulatory and industry requirements relating to information security/cybersecurity controls and best practices. Work with Control Officers, BISOs and platform owners to understand and interpret new regulatory guidance and assess impact/readiness for compliance.
In addition, the Cybersecurity Controls and Compliance senior analyst will work with process owners and SMEs within EIS to remediate issues related to controls compliance improve MUFG compliance with regulatory, legal requirements and industry standards. Specifically, support employees, business units in documenting where compliance to Information Security Policy, standards and controls is not possible. Ensure necessary details relating to evaluation and assessment or associated risk are clearly documented for review by the appropriate risk managers across the firm and sign off by Business leads. Collaborate within team to develop/enhance process for risk acceptance management and reporting.
Major Responsibilities:
• Understand, research and interpret regulatory and industry standards related to information and cybersecurity in an effort to understand controls documented for the program and potential control gaps for the firm.
• Knowledgeable in other internal firm policies, standards and controls that impact the information security program.
• Partner with Information Risk Management and Internal Audit in addressing questions relating to controls in partnership with process owners/SMEs. Address gaps, enhancements to controls as necessary.
• Ensure alignment of new controls to Information Risk Management Policy and Standards and mapping to the Risk and threat library.
• Collaborate with EIS Control Officers and Risk Assessment team to develop, enhance and maintain the EIS controls library and alignment with Risk Governance processes including assessment, adoption, controls measurement and monitoring (effectiveness) and risk acceptance processes.
• The ability to prepare and summarize information (both written and verbal) for senior managers and executives across the firm clearly articulating risk and summarizing action/decision required.
• Serves as the SME and advocate of information security compliance in areas of security policies, legal, and regulatory requirements
• Works with control owners to raise issues relating to noncompliance with Information Security Policy, Standards and controls per firm standard processes Policy Variance, Risk Acceptance and Open Pages.
• Collaborate within EIS and across other risk and control functions to streamline the risk acceptance management process.
• Interfaces with Control Officers and Process Owners to respond to regulatory inquiries, provide requested information, address findings, and communicate with executives on any issues
• Develops or supports the development of plans to remediate gaps in controls and maintain compliance Information Security Policy and Standards.
Qualifications
• Bachelor's degree in Business, Computer Science, Technology, or Related Fields
• Minimum of 5+ years of IT Security & Risk Management experience
• Minimum of 5+ years of program and project management experience
• Demonstrate strong ability to develop and provide executive level reporting
• Strategic Planning experience
• Strong data analytics skills (expert Excel and working knowledge of MS Access)
• Financial services experience (top 10 bank preferred)
• IT Audit experience (preferred)
• Demonstrates excellent verbal, written, and matrix management skills
• Demonstrates strong reasoning, interpersonal, analytical, and organizational skills.
• CISA, CISSP, CISM or similar certification required
To learn more about MUFG, review all current career opportunities, and apply please visit us online: www.mufg-americas.com/careers
The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.
We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.
A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it’s the bank’s policy to only inquire into a candidate’s criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.