Cyber Security Technical GRC – VP

MUFG•Jersey City, NJ

4d•Hybrid

About The Position

This role is a member of the CISO of America’s team, with primary focus on the Enterprise Information Systems (EIS) Governance, Risk, and Compliance (GRC) team. The position requires a deep understanding of how cloud environments are well architected and identifying risks associated with the services utilized and challenging the architecture(s) and implementation. As an individual contributor, you will act within the first line of defense, contributing to complex, critical disciplines including Cloud Security Governance, Policy Management, Cybersecurity Controls & Reporting, and Cyber Risk Quantification across hybrid (cloud and on premise) environments. The role emphasizes comprehensive risk management—identifying, assessing, and managing inherent, control, and residual risks—while auditing cloud technologies, wearing multiple hats, writing executive-ready reports, and relaying risk clearly to senior leaders.

Requirements

6–10+ years of experience across risk management, cloud information security governance, and/or IT audit; prior audit experience is a plus.
Strong understanding of cloud architecture and provider integrations, including how enterprise servers and services interface with cloud providers
Experience auditing cloud technologies, wearing multiple hats in GRC contexts, writing executive-ready reports, and relaying risk to executives.
High technical knowledge across cybersecurity domains (IAM, Data Security, Configuration Management, Log Generation, Incident Response, Security risk Assessment/Testing Methodologies, Secure SDLC), with specific experience evaluating the adequacy and efficiency of Cloud Controls.
Knowledge of domestic and international banking regulations (e.g., Reg W, Basel II, FFIEC, GDPR) and experience with enforcement agency oversight activities (e.g., MRAs, consent orders), especially within systemically important financial institutions.
Understanding of the regulatory environment and expectations related to technology risk (OCC, FRB, and Cyber Risk Institute (CRI)).
Professional certifications in major cloud providers for security
Bachelor's degree in Information Security or a closely related discipline, or equivalent related experience

Responsibilities

Cloud & Cyber Risk Management Drive risk management initiatives for multicloud environments; ensure alignment with enterprise security standards and regulatory expectations.
Understand the technical architecture and operational setup of cloud servers and provider integrations to evaluate exposure, control effectiveness, and residual Support internal projects addressing cloud cybersecurity threats; assess the effectiveness and comprehensiveness of first-line cybersecurity controls
Review and challenge risk assessments, scenario analyses, control testing, and remediation plans; assist with issue oversight and escalations.
Monitor and analyze risk trends (internal and external) to proactively mitigate potential issues impacting cloud security posture.
Promote actions to address root causes of risks
Cybersecurity Controls & Reporting Represent EIS GRC in working groups focused on cloud security and multi levels of reporting
Translate complex cloud and cybersecurity concepts into clear business terms for non-technical stakeholders and senior management across the Combined U.S. Operations.
Prepare concise, executive-level reports on risk management activities, control outcomes, and emerging issues for senior leadership.
Cyber Risk Quantification Collaborate on initiatives that strengthen the enterprise cybersecurity program; ensure projects align with the cloud security governance model.
Regularly review and update risk frameworks to reflect changes in the cloud threat landscape, including Oracle-specific risks.
Lead discussions at all levels to incorporate cloud security risk elements into business strategies and decision-making.
Guidelines of business through cloud security assessments, translating technical/security questions into business impact and prioritization.
Auditing & Compliance Conduct and/or oversee audits and other assessments of cloud technologies and on-prem technologies, ensuring effectiveness, sustainability, and maturity controls.
Ensure adherence to regulatory requirements and internal policies, including coordination on remediation of identified gaps.
Support oversight activities related to enforcement agencies, regulatory examinations, and related obligations.
Emerging Security Trends Stay current with multiple Cloud platforms for best practices, emerging technologies, and regulatory changes impacting cloud environments.
Leverage insights to enhance the security posture and influence strategic roadmaps across business and technology teams.
KRIs & Metrics Influence comprehensive and consistent practices to identify, measure, monitor, report, and manage information risks.
Ensure metric quality and relevance (e.g., control efficacy, incident trends, misconfiguration rates, vulnerability aging, and remediation timeliness).