Assistant Vice President, IT Security Analyst
We are currently expanding our IT Risk & Control team and are looking for a switched-on and experienced IT Security Analyst to join!
Mitsubishi UFJ Financial Group, Inc. (MUFG) is one of the world’s leading financial groups. Headquartered in Tokyo and with approximately 350 years of history, MUFG has a global network with over 2,300 offices in more than 50 countries. The Group has over 150,000 employees and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing.
Overview of the Department / Section:
Technology is responsible for the operation, development and support of all technology across all areas of the local and international business. We ensure the IT strategy, architecture solutions, and service delivery are firmly aligned to business requirements and long term strategy of the group.
Technology comprises the following functions:
- Architecture and Development team - which is responsible for the provision of shared services including architecture, middleware, new systems development, quality assurance and release management.
Middle, Risk and Back Office Team - which is responsible for all the applications used by these areas including the main trading system, Murex.
- Front Office Solutions - which provides a business-oriented focus to all technological developments that affect the trading floor.
Infrastructure team - which supports the operation of all production services, voice and data networks, other voice systems and desktop systems.
- Programme Office and Purchasing - which is responsible for definition, prioritisation and delivery of the annual investment portfolio as well as procurement and software licence management.
- IT Risk and Control - which is responsible for implementing and managing all technology related controls over IT and information risk and business continuity, supports the provision of disaster recovery solutions, performs risk assessments, and manages business recovery plans and the business recovery facility. Information Secuity is also the responsibility of this function.
Main Purpose of the Role:
- To ensure effective management and control of information security, IT and information risk for MUSI by ensuring all appropriate Security, IT and common sense controls are in place, that these controls are being followed and that this is evidenced across the whole business and IT department.
- The role will involve liaising with the other information security functions within the MUS international business and MUFG group to ensure a consistent approach to all controls, standards and policies is adopted across the organisation.
- To ensure all necessary Information Security controls are in place and that an appropriate strategy to protect the firm from all Cyber, external and internal threats is defined and being implemented.
- To develop, implement and manage compliance with appropriate IS and IT Security policies, standards and procedures.
- To support the relationship and associated reporting requirements between Technology and internal and external bodies e.g. auditors, management committees, Tokyo head office, regulators (via Compliance), Operational Risk.
- Ensure ISO27002 aligned risk controls are covered, including but not limited to Information Security Policies & Standards
- Ensure MUSI operates under comprehensive and relevant information security policies and standards with appropriate staff awareness, compliance monitoring and reporting.
- Support Operational Risk management
- Support MUSI’s information security risk profile and associated operational risk reporting.
- Support Audit & Regulatory liaison and ensure consistent and timely answers to information requests.
- Support any issues and remedial actions resulting from information security incidents and audits are agreed with appropriate timescales for resolution.
- Conduct information security reviews for existing and new, in-house and 3rd party systems to ensure these are consistent with policy requirements and MUSI’s risk appetite.
- Ensure adequate technical safeguards are in place and are being actively managed by the support teams to provide appropriate protection to MUSI’s information assets across the following environments:
- Windows & Unix operating systems
- Databases (Oracle, SQL, Sybase)
- Be seen as the Information Security centre of excellence for MUSI and ensure MUSI adopt an appropriate and professional response on any information security issues raised by the organisation’s business activities
- Liaise with IT teams to ensure information security alerts, threats and vulnerabilities across the IT estate are highlighted, managed and mitigated within appropriate timescales
- Monitor and proactively manage all IT Security toolsets such as:
- Intrusion Detection Systems
- Vulnerability Management
- Web Monitoring Systems
- Privileged Access Management (CyberArk)
- Ensure that access reviews across applications and devices are conducted regularly, including remote access
- Liaise with Technology and Business teams as necessary to ensure all MUSI systems meet MUSI security standards and/or agree appropriate measures to mitigate the risk where they don’t.
- Maintain an up to date, working knowledge of current laws, regulations and best practices relating to information security.
- Support the annual penetration test
- Support Information Security incidents where requested.
- Support Operational Security duties where requested.
- Provide information security awareness training to MUSI staff as necessary.
Skills and Experience:
- At least 5 years’ experience in working in an Information Security function within the financial services industry.
- CISSP or CISM qualified.
- Strong Security Operations/ Engineering background.
- Strong ability to analyse and distill complex issues and present succinct updates to management and associated committees.
- Active involvement in internal and external audits and experience of managing Audit relationships.
- Thorough understanding of relevant international standards and associated control frameworks.
- Excellent communication skills
- The ability to operate with urgency and prioritise work accordingly
- A structured and logical approach to work
- Strong problem solving skills
- Excellent attention to detail and accuracy
- A calm approach, with the ability to perform well in a pressurised environment
- Good Microsoft Office skills
- A confident, pragmatic approach, with the ability to provide clear direction
MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.
We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.