MUFG Americas
Company Overview
Do you want your voice heard and your actions to count? Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world. With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career. Join MUFG, where being inspired is expected and making a meaningful impact is rewarded. Job Summary
This role is a member of the CISO of America’s team and will provide control design guidance and conduct independent control assessments within the Cybersecurity Assessment team. The primary focus will be on testing of security controls, ensuring that technical systems and information assets are appropriately protected within both On-prem Cloud environments. The role also emphasizes comprehensive risk management, including the identification, assessment, and management of inherent, control, and residual risks. Primary Responsibilities
Test Execution
Perform walkthroughs and obtain process understanding to identify control points. Execute test scripts for design and operating effectiveness using methods such as: Examine , Interview , Test . Apply sampling techniques (statistical or judgmental) to select populations for testing. Conduct technical validation of controls across:
Identity & Access Management (e.g., MFA enforcement, privileged access) Data Security (e.g., encryption, key management) Network Security (e.g., segmentation, firewall rules) Configuration Management (e.g., CIS benchmarks, baseline compliance) Vulnerability Management (e.g., patch SLAs, scanner coverage) Logging & Monitoring (e.g., SIEM integration, alerting) Incident Response (e.g., evidence of tabletop or real events)
Evidence Collection
Gather sufficient and appropriate evidence (screenshots, logs, configurations) with metadata and timestamps. Ensure evidence supports conclusions and is retained per workpaper standards.
Workpaper Documentation
Document test steps, attributes, results, and conclusions in a clear, self-standing manner. Maintain traceability from population to sample to evidence.
Issue Identification
Record exceptions with clear linkage to criteria and risk impact. Provide factual, evidence-based observations without advisory language.
Remediation Validation
Re-test remediated controls to confirm closure and effectiveness.
#J-18808-Ljbffr
Do you want your voice heard and your actions to count? Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world. With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career. Join MUFG, where being inspired is expected and making a meaningful impact is rewarded. Job Summary
This role is a member of the CISO of America’s team and will provide control design guidance and conduct independent control assessments within the Cybersecurity Assessment team. The primary focus will be on testing of security controls, ensuring that technical systems and information assets are appropriately protected within both On-prem Cloud environments. The role also emphasizes comprehensive risk management, including the identification, assessment, and management of inherent, control, and residual risks. Primary Responsibilities
Test Execution
Perform walkthroughs and obtain process understanding to identify control points. Execute test scripts for design and operating effectiveness using methods such as: Examine , Interview , Test . Apply sampling techniques (statistical or judgmental) to select populations for testing. Conduct technical validation of controls across:
Identity & Access Management (e.g., MFA enforcement, privileged access) Data Security (e.g., encryption, key management) Network Security (e.g., segmentation, firewall rules) Configuration Management (e.g., CIS benchmarks, baseline compliance) Vulnerability Management (e.g., patch SLAs, scanner coverage) Logging & Monitoring (e.g., SIEM integration, alerting) Incident Response (e.g., evidence of tabletop or real events)
Evidence Collection
Gather sufficient and appropriate evidence (screenshots, logs, configurations) with metadata and timestamps. Ensure evidence supports conclusions and is retained per workpaper standards.
Workpaper Documentation
Document test steps, attributes, results, and conclusions in a clear, self-standing manner. Maintain traceability from population to sample to evidence.
Issue Identification
Record exceptions with clear linkage to criteria and risk impact. Provide factual, evidence-based observations without advisory language.
Remediation Validation
Re-test remediated controls to confirm closure and effectiveness.
#J-18808-Ljbffr