Cybersecurity & PAM Compliance Specialist

About Us : MUFG Bank, Ltd. is Japan’s premier bank, with a global network spanning in more than 40 markets. Outside of Japan, the bank offers an extensive scope of commercial and investment banking products and services to businesses, governments, and individuals worldwide. MUFG Bank’s parent, Mitsubishi UFJ Financial Group, Inc. (MUFG) is one of the world’s leading financial groups. Headquartered in Tokyo and with over 360 years of history, the Group has about 120,000 employees and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. The Group aims to be the world’s most trusted financial group through close collaboration among our operating companies and flexibly respond to all the financial needs of our customers, serving society, and fostering shared and sustainable growth for a better world. MUFG’s shares trade on the Tokyo, Nagoya, and New York stock exchanges.

MUFG Global Service Private Limited :

Established in 2020, MUFG Global Service Private Limited (MGS) is 100% subsidiary of MUFG having offices in Bengaluru and Mumbai. MGS India has been set up as a Global Capability Centre / Centre of Excellence to provide support services across various functions such as IT, KYC / AML, Credit, Operations etc. to MUFG Bank offices globally. MGS India has plans to significantly ramp-up its growth over the next 18-24 months while servicing MUFG’s global network across Americas, EMEA and Asia Pacific.

About the Role :

Internal Title : PAM Governance- Senior Analyst – (5-8Yrs Experience)

Location : Bengaluru

Job Profile

Position details :

To ensure effective management and control of Cyber Security, IT and information risk for MUFG entities by ensuring all appropriate Security, IT and common-sense controls are in place, that these controls are being followed and that this is evidenced across the whole business and IT department.

The role will involve liaising with the other CyberArk / PAM functions within the MUFG business entities and MUFG group to ensure a consistent approach to all controls, standards and policies is adopted across the organization.

To ensure all necessary Cyber Security and CyberArk / PAM controls are in place and that an appropriate strategy to protect the firm from all Cyber, external and internal threats is defined and being implemented.

To develop, implement and manage compliance with appropriate IS and Cyber Security policies, standards, procedures especially related to Privileged Access Management.

To support the relationship and associated reporting requirements between Technology and internal and external bodies e.G. auditors, management committees, Tokyo head office, regulators (via Compliance), Operational Risk.

Roles and Responsibilities :

In this role, you will be responsible for managing and maintaining CyberArk / PAM across MUFG’s business. Under this arrangement, you will act and make decisions on behalf of MUFG business, subject to the same remit and level of authority, and irrespective of the entity which employs you.

Ensure ISO27002 aligned risk controls are covered, including but not limited to Cyber Security and PAM (e.G. CyberArk) Policies & Standards

Ensure MUFG operates under comprehensive and relevant Cyber Security policies and standards with appropriate staff awareness, compliance monitoring and reporting.

Monitor and proactively manage Cyber Security toolset that includes Privileged Access Management (e.G. CyberArk).

Ensure adequate technical safeguards are in place and are being actively managed by the support teams to provide appropriate protection to MUFG’s information assets across various environments such as :

Windows & Unix operating systems

Databases (Oracle, SQL, Sybase, etc.)

Networks & its components

Middleware systems

Cloud & its various services (IaaS, PaaS, SaaS)

Conduct CyberArk reviews for existing and new, in-house and 3rd party systems to ensure these are consistent with policy requirements and MUFG’s risk appetite.

Be seen as the CyberArk / PAM centre of excellence for MUFG and ensure MUFG adopts an appropriate and professional response on any PAM issues raised by the organisation’s business activities.

Liaise with IT teams to ensure CyberArk / PAM alerts, threats and vulnerabilities across the IT estate are highlighted, managed and mitigated within appropriate timescales.

Liaise with Technology and Business teams as necessary to ensure all MUFG systems meet CyberArk / PAM standards and / or agree appropriate measures to mitigate the risk where they don’t.

Maintain an up to date, working knowledge of current laws, regulations and best practices relating to Privileged Access Management.

Support with CyberArk incidents, DR and other testing activities.

Support Operational Risk management & Operational Security duties where requested.

Support MUFG PAM & Cyber Security risk profile and associated operational risk reporting.

Support Audit & Regulatory liaison and ensure consistent and timely answers to information requests.

Support any issues and remedial actions resulting from incidents and audits within agreed timelines.

Provide PAM / CyberArk awareness and / or training to MUFG staff as necessary.

Essential :

Bachelor’s Degree or equivalent in IT related discipline with some programming knowledge or understanding.

Strong Privilege Access Management, Information or Cyber Security Operations / Engineering background with over 5 to 8 years of experience.

Strong ability to implement security solutions that enable business activity rather than close opportunities.

Strong ability to analyze and distill complex issues and present succinct updates to management.

Strong knowledge of cyber security frameworks, standards, and regulations such as ISO27001, NIST, CIS, GDPR, etc.

Active involvement in internal and external audits and experience of managing Audit relationships.

Excellent communication and interpersonal skills

A structured, logical and proactive approach to work

Results driven, with a strong sense of accountability.

The ability to operate with urgency and prioritise work accordingly.

A calm approach, with the ability to perform well in a pressurized environment.

Strong decision-making skills and the ability to demonstrate sound judgement

Comfortable in taking ownership of workstreams and seeing them through to completion.

Self-awareness and confidence to challenge business requirements and deliver difficult messages.

Passion for PAM and a proactive approach to identifying and mitigating risks

Commitment to continuous learning and improvement in the rapidly evolving field

Understanding typical Enterprise Change Management processes

PSM connector customization is strongly preferred.

Extensive experience with digital password vaulting solutions

Experience with human versus non-human (service) accounts.

Ability to document installation procedures, Standard Operating Procedures (SOP), etc

Hands on experience with implementing and managing CyberArk Conjur is a plus.

• Relevant professional certifications such as CyberArk Defender, CyberArk Sentry, CyberArk Guardian, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), or Certified Ethical Hacker (CEH), are preferred, as is exposure to GRC frameworks including (but not limited to) ISO27001;

NIST, CIS benchmarks & Cyber Essentials / Plus

Equal Opportunity Employer :

The MUFG Group is committed to providing equal employment opportunities to all applicants and employees and does not discriminate on the basis of race, colour, national origin, physical appearance, religion, gender expression, gender identity, sex, age, ancestry, marital status, disability, medical condition, sexual orientation, genetic information, or any other protected status of an individual or that individual's associates or relatives, or any other classification protected by the applicable laws.