This job has expired, please see additional jobs below
Online Security Manager, Director
Mitsubishi UFJ Financial Group
Los Angeles, CA, United States
Job Details - this job has expired, please see similar jobs below
Description
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world with total assets of over $2.4 trillion (as ranked by SNL Financial, April 2016) and 140,000 colleagues in nearly 50 countries. In the U.S., we’re 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that’s working to fulfill its vision to be the world’s most trusted financial group.
Summary:
Protecting our customers, their privacy, and access and manipulation of their deposited funds and personally identifiable information is a critical concern for MUFG Union Bank, N.A. and MUFG, Ltd. This role leads our online security posture for our Commercial and Transaction Banking customers.
Take a leadership role in the development of new security strategies and support of existing systems with an eye toward protecting information on a need to know basis. Whenever appropriate, coordinate the analysis and design of automated security monitoring and alerting systems. The position requires analysis of business process and application software, which affect the integrity, functionality, and reliability of the bank's network and systems. Develops solutions that provide cost justified security benefits of protecting customer and business information. Communicate risks and benefits to solutions through business case creation. Must be able to manage Retail and Commercial online security as a self-starter with limited need from other staff to direct the online security activities while receiving additional direction from management on online security projects.
Major Responsibilities:
20% Leverage Industry Best Practice to Keep MUFG on top of security and fraud trends:
• Conduct research in the US and around the world to understand current and potential future online security threats. Be able to analyze and define these threats as they specifically could affect online banking services. Translate the threats into actionable mitigation strategies. Eliminate the threats that may be significant in the online world.
• Belong to/create peer financial fraud groups to collect additional threat information to confirm the threat intel information is meaningful, accurate and in depth. Also work with these financial fraud groups to understand what online security controls these FIs have deployed and are thinking of deploying.
• Research online security solutions for Retail and Commercial web/mobile users. Be prepared to research solutions covering online authentications (e.g. challenge questions, OTP, biometrics, push notification, new advances in mobile security, etc.). Also be prepared to research fraud controls ranging from anomaly detection, malware detection (client and server), passive biometrics (keystroke/mouse, movement of the mobile device, etc.), network data, critical information such as controls for email address, mobile carrier data and detection of proxy servers. Search for vendors that offered strong proven consortium fraud data.
• Review business requirements documents and preliminary designs to understand the role of online security to support these requirements. Incorporate the required online security features within the requirements document.
• Become online security subject matter expert for any online security projects. Business requirements, User Acceptance Testing (UAT), and Enterprise Project Life Cycle (EPLC) project management work efforts will be provided by Lines of Business.
• Review other Retail and Commercial Digital Channels business requirements document and preliminary designs to understand the role of online security to support these requirements. Work with the Business Systems Analyst to incorporate the required online security features within the requirements document.
• Manage online security Proof of Concepts that will introduce leading edge technologies to the online layers of security.
• Co-ordinate with Enterprise Fraud Management (EFM) on required online fraud control solutions. Research marketplace and provide recommendations for EFM online fraud control vendors. Support the vendor selection process. Provide selected support to the associated implementations.
• Provide consulting to EFM on online security controls and processes that can be deployed to protect online customers where fraud occurs in the online channel or in the commercial customer back office.
• Co-ordinate with EFM on fraud cases to conduct forensics to understand how fraud occurred and understand what gaps might need to be mitigated. Manage the mitigation process to improve the online security.
20% Regulatory Compliance and Response:
• Identify online security gaps for authentication and fraud controls. Be able to fully analyze the existing online security controls, along with existing fraud controls, and identify areas that fail to meet Federal Financial Institution Examination Council (FFIEC) Online Security guidance, are generally weak, or could be construed as below the standard of commercially reasonable security (Uniform Commercial Code-UCC). Analyze any documentation from related lawsuits against banks to help determine perceived online security weaknesses.
• Analyze all FFIEC online and mobile banking security guidance to identify short-falls the bank has related to this guidance and recommend mitigation for any identified weaknesses. Prepare presentations that demonstrate the need for additional mitigation.
• Provide consulting for FFIEC online security guidance within the bank.
• Ensure bank is compliant for FFIEC online security and Mobile Banking Services security controls.
40% Product Management:
• Co-ordinate with Regional and Commercial Bank management on future online security needs. Be the advisor to these units on all things online security. Support digital channels for changes they identify that affect online security. This could include vendor assessments, business requirements, user acceptance testing, etc.
• Create preliminary detailed business designs for the business requirements including flow charts to 1) represent customer interaction at each touch point and 2) to represent the security controls to be applied and 3) demonstrate the use cases/edge cases of the security solution. Keep these business designs to how the solutions will flow/look/process, not how it will be programmed.
• Create and manage bank technical and business teams to support vendor assessment, to analyze the vendor solutions and be able to make recommendations on the product to be implemented. Create and complete project score cards and be responsible for the detailed vendor assessments required to make decisions.
• Maintain support for existing online security systems. Troubleshoot and mitigate any production issues. Recommend improvements to these systems.
• Manage ongoing relationship with vendors that are used by online security. Maintain compliance with bank vendor management procedures. This will be typically 5-10 vendors.
Qualifications
• Minimum of 5 years’ experience in information security, 7 years’ experience in the other fields and/or be able to thoroughly demonstrate the skills necessary.
• Minimum of 5 years of fraud management experience.
• Outstanding oral and written communications skills. This includes the ability to make formal stand-up presentations to all levels of Bank management, and to prepare detailed project proposals which include detailed justifications, cost estimates, manpower requirements, etc.
• A demonstrated ability to manage complex projects in an effective manner. This includes the ability to prepare detailed task plans outlining all requirements to complete the given assignment.
• Knowledge and experience building and maintaining online security and anti-fraud controls.
• Knowledge of security software packages and operating systems used in banking.
• Have a thorough understanding of personal computers and software productivity packages like MS Office, Access, Visio, Excel, and terminal emulation software.
• Must be familiar with Zelle, bill pay, bank transfers, retail faster payments, ACH, Wire Transfers, new real-time commercial payments and other forms of electronic payment systems.
To learn more about MUFG, review all current career opportunities, and apply please visit us online: www.mufg-americas.com/careers
The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.
We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.
A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it’s the bank’s policy to only inquire into a candidate’s criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.