Assistant Vice President, Red Team Operator

MUFG • Full-time • London Ropemaker place, United Kingdom • 1d ago

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

EDUCATION • Degree or equivalent work experience equally preferable • Degree in Computer Science or related fields CERTIFICATIONS • Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or other security certifications desired WORK EXPERIENCE • - Experience in cybersecurity assessment activities or IT audit, penetration testing, and/or vulnerability management • - Experience working in a global, complex, matrix-managed organization • - Prior information technology (IT) experience in mid or large-scale companies • - Prior experience in regional, national or multinational financial institutions • - Experience with one or more of the following control areas: • o Identity and Access Management • o Incident Response and Logging • o Encryption • o Secure Coding • o Vulnerability Management • o Configuration Management • - Experience in performing information security assessments; provide information security guidance to business stakeholders; interpreting and applying information security policy and standards • - Experience in working with the SIG (Standard Information Gathering) questionnaire, SOC2 reports, Penetration Test results, PCI (Payment Card Industry) reports as well as other Information Security documentation • - Technical knowledge and hands on experience with security and networking architecture, network security design, routers, wireless security, intrusion prevention/detection, firewall architecture, SIEM, DLP, and encryption • - Knowledge and prior experience with operating systems internals (Linux, Windows), network protocols and technologies, web services, databases, scripting, and programming languages (C/C++, Java, Perl, Python, Assembly) FUNCTIONAL SKILLS • - Understanding of one or more compliance frameworks: NIST, FFIEC, GLBA, SOX, PCI, etc • - Familiarity with one or more of the following technology areas is highly desirable: • o Network infrastructure (technologies, architectures, operations) • o Various network and host-based security products and services • o Active Directory, servers, services, desktops and mobile devices • o Unix, Linux, AIX • o IBM Mainframe, Top Secret • o SQL, Oracle, DB2 Databases • - Ability to perform technical risk assessments and synthesize observations at a macro level, identifying indicators of changing risk and/or symptoms of process or control deficiencies • - Ability to identify and propose process and technology controls in dynamic environments • - Ability to conduct Computer Network Defense (CND) analysis by performing Deep Packet Inspection (DPI) of network traffic to identify and analyze anomalies and potential security issues • - Working knowledge and experience applying Information Assurance techniques to the implementation of complex networked systems environments and enterprise wide systems • - In-depth knowledge of applying network switching, TCP/IP, IP Addressing and Routing, WAN Technologies, Operating and Configuring networked Devices, and Managing Network Environments, extending Switched Networks with VLANS, Determining IP Routes, Managing IP traffic with Access Lists, Establishing Point-to-Point connections, and Establishing Frame • - Demonstrate in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains; these information security areas include risk management, access control, cryptography, physical security, security architecture and design, network security, application and operations security and compliance/incident management. • - Proficient working knowledge within the following risk domains/technologies: • o Database and application security • o IDS/IPS technologies • o System/Access Administration • o Firewall technologies • o Network Architecture • o Security Event Logging and Monitoring • o Key Management/Tokenization • o Database/Application/Network Layer Secure Protocols • o Physical and Environmental Security • o Secure Software/Code Development • o Change Management • o Vulnerability Management FOUNDATIONAL SKILLS • Communicates effectively • Identifies multiple paths to success using analytical and critical thinking as well as decision-making skills • Exercises sound judgement, prioritizes effectively, and strives for continuous improvement • Effectively collaborates with colleagues • Leverages available technology to drive efficiency and results • Understands and applies industry trends and best practices • Exhibits optimism, resilience, flexibility, and openness to others' ideas • Values learning as a lifelong professional objective • Engages inclusively and with intent • Always acts with integrity • Iterative problem-solving • Serving as a trusted advisor RESPONSIBILITIES • High Level Responsibilities: • Develop guidelines for the usage, control, maintenance and audit-readiness of information and computer resources that are used in the distributed processing environment. • Analyze and addressing customer security requirements for all business applications existing on a distributed platform. • Assist in the evaluation, selection, and installation of security software products for distributed platforms. • Identify distributed systems security issues as they arise and coordinating with the security architect to ensure that issues are addressed and resolved in a timely basis. • Details: • - Execute technical risk assessment activities for scoped environments • - Support team objectives in the ongoing development of controls, scope statements, test procedures, control conditions and supporting collaterals • - Perform reporting of findings, issue resolution and management of findings • - Support FLOD/SLOD assessments, audits and external exams • - Provide effective, accurate and timely reporting • - Ensure accurate and complete documentation • - Coordinate with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements • - Perform Information Security remote/table-top assessments • - Perform Information Security onsite assessments at vendor locations when required • - Perform penetration testing, dynamic and static code analysis and analysis on the bank’s the infrastructure and application information security on an ongoing and project basis • - Lead risk findings to resolution • - Assessing the efficiency, relevance, and integrity of collected data • - Identifying control deficiencies by analyzing and identifying underlying root causes • - Designing, implementing, and collaborating on a range of information security metrics and performance reports • - Assisting stakeholders in identifying, initiating, and tracking corrective actions to address anomalies • - Evaluate effectively information security threats • - Analyze test results in an objective and quantifiable manner • - Identify high risks finding and to lead the mitigation the controls deficiencies • - Assess completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls; analyze the information to identify information security weaknesses or non-compliance with company and industry standards • - Produce detailed documentation of assessments and perform threat analysis of gaps identified • - Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks • - Validate evidence from vendors, before remediation plans are closed

We are open to considering flexible working requests in line with organisational requirements.

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.

We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.