AVP - Cyber Security Specialist [T500-20014]

About Us :

MUFG Bank, Ltd. is Japan’s premier bank, with a global network spanning in more than 40 markets. Outside of Japan, the bank offers an extensive scope of commercial and investment banking products and services to businesses, governments, and individuals worldwide. MUFG Bank’s parent, Mitsubishi UFJ Financial Group, Inc. (MUFG) is one of the world’s leading financial groups. Headquartered in Tokyo and with over 360 years of history, the Group has about 120,000 employees and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. The Group aims to be the world’s most trusted financial group through close collaboration among our operating companies and flexibly respond to all the financial needs of our customers, serving society, and fostering shared and sustainable growth for a better world. MUFG’s shares trade on the Tokyo, Nagoya, and New York stock exchanges.

MUFG Global Service Private Limited :

Established in 2020, MUFG Global Service Private Limited (MGS) is 100% subsidiary of MUFG having offices in Bengaluru and Mumbai. MGS India has been set up as a Global Capability Centre / Centre of Excellence to provide support services across various functions such as IT, KYC / AML, Credit, Operations etc. to MUFG Bank offices globally. MGS India has plans to significantly ramp-up its growth over the next 18-24 months while servicing MUFG’s global network across Americas, EMEA and Asia Pacific.

Cyber Security Specialist, Cybersecurity Services

Systems Office for Asia (ASO) – IT Risk Management Department (IRMD)

Position Title :

Cyber Security Specialist

Corporate Title : Assistant Vice President

Reporting to : Vice President

Location : MUFG Global Services Pvt. Ltd., Bhartiya Centre for Information Technology, Thanisandra, Main Road, Bengaluru, Karnataka.

Job Description :

This is a Security Risk Assessment role supporting the Asia Pacific Region in reviewing and maintaining controls to protect the Organization against risks associated with Cybersecurity Threats from both Internal and External.

Roles & Responsibilities :

The candidate will be expected to be a Subject Matter Expert in both functional and technical aspect of the Security Domains as indicated below,

Carry out Security Risk Assessment to identify potential threats and security risks of systems and networks, assess the risk likelihood and impact, and recommend effective controls to mitigate the risks

Carry out Threat Modeling to identify potential ways and gaps that systems and networks can be exploited by cyber threats based on the threat landscape, such as advanced malware, data exfiltration, vulnerability exploits, network intrusion, denial of service and other techniques, and recommend appropriate countermeasures.

Review and evaluate the efficacy of security measures prior to Production system go-live to meet the bank’s Technology Risk, Security and regulatory compliance requirements

Review and evaluate the efficacy of security measures of key 3rd party vendors and external-hosted systems of the Bank, during onboarding and ongoing service review

Assist in creating, managing, and rolling out training programs for staff such as Cybersecurity awareness, cyber offence and defense, and Incident Response (IR).

Assist in developing, monitoring and reporting the cyber risk profile of the Bank and its APAC branches

Be the subject matter expert to advise on cyber security frameworks, standards and risk assessment matters.

Engage in security research and conduct knowledge sharing to ensure the Bank is aware and well-prepared in defending against known and emerging security threats.

Customer :

Develop and maintain strong stakeholder management with key stakeholders both within MUFG and externally.

Work in partnership with colleagues in the global cyber security teams in the regional offices of Japan, Europe, America, China and other offices to share knowledge, support regional / global initiatives and best practices on cyber security.

Work in partnership with colleagues in the Asian Branches to play a regional role to support regional cyber security improvement plans to ensure a consistent level of maturity in technology and processes across the region.

People :

Support, coach and guide less experienced members of the team.

Job Requirements :

Proactive and possess good understanding of IT Risk, compliance and security management frameworks

Experience or good knowledge in Application development, Infrastructure and Enterprise Technology stack and system architecture and design is highly preferable

Experienced in performing security risk analysis of various types of systems such as web-based and mobile applications, enterprise applications, APIs and cloud-based systems

Knowledge of risk assessment tools, technologies, and methods.

Detailed understanding of threat modeling practices, techniques and principles.

Strong stakeholder management skills to collaborate with regional offices and branch offices.

Keep up-to-date with the latest security standards, authentication and cryptography protocols, and regulatory requirements.

Strong communication and writing skills with ability to influence heads of department, technical managers and other key stakeholders.

Strong working knowledge of industry trends, security products and technology.

Education level :

Bachelor’s degree in computing or relevant field

Good to have certifications Certified Information Systems Security Professional (CISSP)

Experience :

Desirable to have at least 6+ years of relevant experience in Threat Modeling, Cyber Risk and Application Security Review.

Equal Opportunity Employer :

The MUFG Group is committed to providing equal employment opportunities to all applicants and employees and does not discriminate on the basis of race, colour, national origin, physical appearance, religion, gender expression, gender identity, sex, age, ancestry, marital status, disability, medical condition, sexual orientation, genetic information, or any other protected status of an individual or that individual's associates or relatives, or any other classification protected by the applicable laws.