Cyber Security Technical GRC VP

About The Position

Requirements

• At least 8-10+ years' experience in a combination of risk management, Cloud information security and IT roles.
• Prior Audit experience a plus.
• High technical knowledge across Cybersecurity domains such as Identity Access Management, Data Security, Configuration Management, Log Generation, Incident Response, security risk assessment/testing methodologies, Secure Software Development Lifecycle, evaluating the adequacy and efficiency of internal controls; and identifying issues resulting from internal and/or external compliance examinations especially in cloud environments.
• Knowledge of domestic and international banking regulations (Reg W, Basel II, FFIEC, GDPR, etc.) and experience with enforcement agencies oversight activities (regulatory examinations, MRAs, consent orders, etc.) within a systemically important global financial institution's information technology and information security environments.
• Understanding of the regulatory environment and regulations related to technology risk, and OCC and FRB expectations.
• Professional certifications in major cloud providers for security such as AWS Certified Security - Specialty, Microsoft Certified: Cybersecurity Architect Expert or Azure Security Engineer Associate and other related certificates such as CISA, CISM, CISSP.
• Ability to constructively work both independently and in collaborative environments involving all levels of management and employees.
• Ability to manage multiple priorities concurrently, prioritize, and efficiently complete responsibilities while maintaining the highest quality.
• Bachelor's degree in related IT or Information Security disciplines.
• Excellent analytical, organizational, and conceptual skills.
• Excellent oral and written communication skills.

Responsibilities

• Support internal projects on cybersecurity threat concerns, supporting various participants and stakeholders in measuring the effectiveness and comprehensiveness of MUFG's first line defenses.
• Review and challenge risk assessments and scenario analysis and assist on issue oversight and escalations.
• Monitor and analyze risk trends to proactively mitigate potential issues.
• Monitor and evaluate emerging risks, internal operational trends, and external risk events for potential impact on the cloud security environment.
• Promote actions to address root causes of risks that may lead to operational losses or regulatory breaches.
• Represent EIS GRC in various working groups relevant to the functional area.
• Effectively communicate complex cybersecurity concepts to non-technical stakeholders and senior management across the Combined U.S. Operations.
• Prepare detailed reports on risk management activities and outcomes for senior management.
• Collaborate with complex initiatives designed to improve the overall enterprise cybersecurity program, ensuring projects are executed as planned and align with the cybersecurity governance model.
• Regularly review and update the Cyber Risk Institute implementation to reflect changes in the cyber threat landscape, ensuring that risk management practices remain current and effective.
• Lead discussions at all levels of the organization to incorporate and manage cloud security risk elements as part of the overall business strategy.
• Provide clear and consistent communications to lines of business related to cloud security topics, guiding them through assessments and translating technical/security questions into business terms.
• Stay current with emerging security trends, technologies, and regulatory changes impacting cloud environments, and leverage these insights to enhance the security posture.
• Collaborate with various departments to ensure compliance with regulatory requirements and internal policies.
• Influence comprehensive and consistent practices designed to identify, measure, monitor, report, and manage information risks while promoting actions to address root causes.

Benefits

• Comprehensive health and wellness benefits
• Retirement plans
• Educational assistance and training programs
• Income replacement for qualified employees with disabilities
• Paid maternity and parental bonding leave
• Paid vacation, sick days, and holidays