Skip to main content
Search Jobs

Reset

VP Infrastructure Risk Assessment

Apply Now
  • Requisition # 10037761-WD
  • Job Type Day
  • Location Charlotte, NORTH CAROLINA
  • Date Posted 09/16/2020

Your potential. Your opportunity.

Description

Do you want your voice heard and your actions to count? 


Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2020).In the Americas, we’re 13,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, developing positive relationships built on integrity and respect. It’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. We’re a team that accepts responsibility for the future by asking the tough questions and owning the solutions. Join MUFG and be empowered to make your voice heard and your actions count.


Job Summary
Reporting to the Information Risk Assessment - Infrastructure Director, the Infrastructure - Cyber Technology Vice President is responsible for identifying, assessing, and monitoring information risk associated with cloud and internal technology infrastructure and assessing compliance with policy / standard / procedure  related to technology infrastructure. 


Major Responsibilities
Specifically:
• Deep understanding of formal assessment sampling and evidence methodologies
• Defines criteria, tools, and methodologies for identifying, assessing, and monitoring the information risk associated with technology infrastructure residing both internally and in public clouds, with focus on the following processes:

-Enterprise Archtecture

-Data Encryption & Protection

-Security Incident response

-Security Information and Event Management (SIEM)

-Threat and Vulnerability Mgmt

-Capacity Management

-Network Security

-Service Level Management            

• Assesses compliance to cloud and internal information risk policies and standards related to technology infrastructure 
• Defines testing processes for information risks associated with cloud and internal technology infrastructure
• Conducts targeted and advisory information risk assessments on cloud  and internal technology infrastructure
• Performs independent review and challenge of the front line unit cloud information risk assessments and remediation plans on technology infrastructure
• Maintains oversight of the front line unit remediation efforts for cloud and internal information risk exposures, gaps, and deficiencies on technology infrastructure
• Performs independent review and challenge of front line unit RCSA outputs for cloud and internal technology infrastructure
• Manages and conducts independent risk assessments, vulnerability scans, and penetration testing results conducted on technology infrastructure

Generally:
• Stakeholder management and working across various parts of the organization
• Communicates information risk matters to senior management

Role Requirements
Education:
• Bachelor's Degree or equivalent work experience required

Certifications:
• At least one security certification is preferred, such as Certified Information Security Management (CISM), Certified Risk Information Security Control (CRISC), or Certified Information Systems Security Professional (CISSP), AWS Architecture or Information Security certifications

Experience:
• 5 + years of related experience

Knowledge:
• Subject matter expertise in conducting and designing cyber and cloud information risk assessments for technology infrastructure
• Prior experience of management of cloud based and/or internal technology infrastructure is preferred
• Experienced with vulnerability scanning and penetration testing tools and technologies
• Understanding of ITIL Service Management processes
• Knowledge of the financial services industry and its regulations / laws
• Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business
• Understanding of respective industry best practices (e.g., NIST,CSA, ISO, COBIT, OWASP, ITIL)
• Knowledge of risk management policies, methods, standards, processes, governance models, and industry standard risk analysis approaches
• Knowledge of current industry trends in information risk management
• Experience with public cloud infrastructure or information security management (especially AWS or O365)

Skills
• Strong MS Office skills along with strong verbal and written communication skills

Abilities
• Able to collaborate well with internal and external stakeholders
• Able to be a subject matter expert on assessing general technology processes relating to infrastructure


The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.


We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.


A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it's the bank's policy to only inquire into a candidate's criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.

Apply Now