[Close] 

Enterprise Information Security Control Officer, Vice President

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world with total assets of over $2.4 trillion (as ranked by SNL Financial, April 2016) and 140,000 colleagues in nearly 50 countries. In the U.S., we?re 13,000 strong, working together to positively impact every customer, organization, and community we serve. We achieve this by delivering on our values, putting people first, fostering long-term relationships built on honesty and mutual understanding, and inspiring the best in each other. This is all part of our inclusive, high-performing culture supported by Total Rewards that include our cash balance pension plan. Join a team that?s working to fulfill its vision to be the world?s most trusted financial group.
/ Summary: /
/ /
As a member of the Enterprise Information Security (EIS) Controls Office, a Control Officer is responsible for defining and documenting a detailed suite of controls to meet the Control Objectives set by the 2nd Line of Defense. In this role you will act as an SME in support of the EIS Control Program development and implementation as outlined in the firm?s Risk Governance Framework. The activities of this role include partnering with first line Control Owners to provide guidance and support in developing suitable controls for their area of responsibility and working with impacted stakeholders responsible for implementing the controls in their environment.
/ Major Responsibilities: /
/ /
1.2 Risk Governance Framework
Assist Process Owners with coordination and execution of information risk control activity across the FLU in line with the RGF.
Provide guidance and supports the Process Owners to develop training content.
1.3 Information Risk Policies and Standards AND 1.4 Procedures and Control Definitions
Assist Process Owners with definition of implementation plans, procedures and control definitions to facilitate compliance with policies and standards.
Provide guidance to Process Owners to implement information risk controls and technology processes in line with policies and standards related to the process.
Oversee and coordinate definition of procedures and control definitions.
1.5 Policy and Standards Non-Compliance
Assess compliance with enterprise-wide policies and standards in each FLU.
Communicate all instances of non-compliance to the FLU Head & Sr. Technology Leaders as well as the ISA Risk and Control Office.
Assist Process Owners with definition of corrective action plans to remediate non-compliance.
Monitor completion of corrective action plans to remediate non-compliance.
Communicate material instances of non-compliance to the SLOD.
2.1 Risk Appetite and Risk Tolerance
Assist Process Owners with definition of risk indicators, limits and control metrics.
Monitor risk, metrics and limits to identify threshold breaches.
Escalate any threshold breaches to the Process Owner, Sr. Technology Leader and FLU Head
2.2 Risk Identification
Assist Process Owners with identification of risks for the processes that they own.
Identify material risks across FLU processes using the criteria, tools and methods defined by the SLOD and the ISA Risk and Control Office.
Communicate material risks to Process Owners, Sr. Technology Leaders and FLU Head as well as the ISA Risk and Control Office.
Communicate material risks to the SLOD as appropriate.
2.3 Risk and Threat Library
Maintain risk and threat libraries for the FLU using the template provided by the ISA Risk and Control Office and SLOD.
2.4 Threat Analysis
Execute material threat analysis across the FLU using the criteria, tools and methods defined by the SLOD and ISA Risk and Control Office.
2.3 Risk and Threat Library
Maintain risk and threat libraries for the FLU using the template provided by the ISA Risk and Control Office and SLOD.
2.5 Risk Assessment AND 2.6 Risk Control Self Assessments (RCSAs)
Assess material FLU risks using the frameworks, tools and methods defined by the ISA Risk and Control Office and SLOD.
Assist Process Owners with definition of FLU risk mitigation plans.
Coordinate and oversee execution of risk mitigation plans across the FLU.
Communicate material FLU risk exposures to Process Owners, Sr. Technology Leaders and FLU Head as well as the ISA Risk and Control Office.
Perform information risk control related assessments including RCSAs.
Support SLOD review and challenge on RCSA results.
2.7 Risk Measurement
Execute risk measurement activities across the FLU using the criteria, tools and methods defined by the ISA Risk and Control Office.
Communicate risk measurement results to Process Owners, Sr. Technology Leaders and FLU Head as well as the ISA Risk and Control Office.
2.8 Risk Mitigation Strategies AND 2.9 Risk Controls
Assist with design and incorporation of controls into technology processes.
Maintain FLU risk, threats and controls library using the template provided by the ISA Risk and Control Office.
2.10 Risk Acceptance
Quantify material FLU risk exposures using the risk analysis and risk acceptance criteria, tools and methods defined by the ISA Risk and Control Office and SLOD.
3. Monitoring and Reporting
Report the results of risk, control and compliance assessments to the Sr. Technology Leader and FLU Head.
Communicate significant issues, control gaps and instances of non-compliance (e.g., with policies, standards and procedures) to the Sr. Technology Leader and FLU Head.
Monitor and review metrics and support ISA Risk and Control Office to create management reports.
4. Testing and Validation
Test the design and operational effectiveness of FLU risk controls.
Communicate control gaps and deficiencies to Process Owners, Sr. Technology Leader and FLU Head as well as the ISA Risk and Control Office.
Assist Process Owners with definition of remediation plans to address control and compliance gaps.
Oversee execution of remediation plans by Process Owners.
5. Risk Issue Escalation and Management
Identify material FLU risk issues using the criteria, tools and methods defined by the ISA Risk and Control Office and SLOD.
Communicate material FLU risk issues to the Sr. Technology Leader and FLU Head as well as the ISA Risk and Control Office..
Assist Process Owners with definition of corrective action plans.
Oversee execution of corrective action plans for risk issues, FLU control gaps, and Instances of non -compliance.
6. Incident Management
Assist Process Owners with definition of incident response playbooks.
Participate as needed in periodic rehearsals of incident response playbooks.
7. Compliance with Legal Requirements
Assist Process Owners with definition of implementation plans to facilitate compliance with legal requirements.
Assess FLU compliance with legal requirements on an ongoing basis. Communicate all instances of non-compliance to Process Owners, Sr. Technology Leader and FLU Head as well as the ISA Risk and Control Office.
8. Compliance with Regulatory Requirements
Assist Process Owners with definition of implementation plans to facilitate compliance with regulatory requirements.
Assess FLU compliance with regulatory requirements on an ongoing basis. Communicate all instances of non-compliance to Process Owners, Sr. Technology Leader and FLU Head as well as the ISA Risk and Control Office.
Provide guidance to Process Owners to map expected controls to regulatory requirements and address identified process gaps
Bachelor's degree in Business, Computer Science, Technology, or Related Fields preferred
Strong, proven knowledge and experience working with cybersecurity control frameworks and industry best practices
5 years in IT management or operations, technology or operational risk management, technology audit or related role, including experience testing and assessing controls
Experience in the financial services sector
Strong data management skills
Strong verbal and written communication skills
Demonstrated ability to overcome obstacles and deliver assignments on-time and with high quality
High energy self-starter
Desired Certifications (one or more of the following):
o CISA
o CISSP
o CISM
/ /
T o learn more about MUFG, review all current career opportunities, and apply please visit us online: www.mufg-americas.com/careers
/ The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. /
//
/ We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category. /
/ A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it?s the bank?s policy to only inquire into a candidate?s criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses. /
Job: Systems / Technology
Title: Enterprise Information Security Control Officer, Vice President
Location: CALIFORNIA-Monterey Park
Requisition ID: 10021710-WD
Other Locations: ARIZONA-Tempe, NEW JERSEY-Jersey City


Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.