MUFG
Job Summary
Join MUFG as a
Cloud Cyber Security Assessor . The role is part of the CISO America team, focusing on control design guidance and independent control assessments within the Cybersecurity Assessment team. Primary responsibilities include testing security controls in both on‑prem and cloud environments, managing risk, and ensuring technical systems and information assets are appropriately protected. Primary Responsibilities
Perform walkthroughs to understand processes and identify control points. Execute test scripts using examine, interview, and test methods, applying sampling techniques to select populations for testing. Validate controls across Identity & Access Management, Data Security, Network Security, Configuration Management, Vulnerability Management, Logging & Monitoring, and Incident Response. Gather evidence (screenshots, logs, configurations) with metadata and timestamps, retaining per workpaper standards. Document test steps, results, and conclusions, maintaining traceability from population to sample to evidence. Record exceptions with clear linkage to criteria and risk impact, providing factual observations without advisory language. Re‑test remediated controls to confirm closure and effectiveness. Qualifications
Minimum 3–5 years in risk management, information security, or IT roles; prior audit experience a plus. In‑depth knowledge of cloud security practices for major providers. Experience writing process documentation and designing/executing control test scripts. Knowledge of domestic and international banking regulations (Reg W, Basel II, FFIEC, GDPR, etc.) and experience with regulatory examination activities. Understanding of OCC and FRB expectations related to technology risk. Professional certifications such as CCSK, CISA, CRISC, CISM, CGEIT, CSX, CISSP, and cloud security certifications from major providers. Ability to work independently and collaboratively with all levels of management. Strong analytical, organizational, and communication skills. Bachelor's degree in IT or Information Security disciplines. Education & Certifications
Bachelor's degree in Information Security or related discipline, or equivalent experience. Visa sponsorship/support is based on business needs; this position is not eligible for visa sponsorship. Typical base pay range: $108,000 – $131,000, plus discretionary performance‑based bonuses and incentive compensation. Benefits
MUFG offers a competitive benefits package including health, wellness, retirement, educational assistance, paid maternity and parental bonding leave, and paid vacation and holidays. Equal Opportunity Employer
We are proud to be an Equal Opportunity Employer. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status protected under applicable federal, state, or local law. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws and financial industry regulations.
#J-18808-Ljbffr
Join MUFG as a
Cloud Cyber Security Assessor . The role is part of the CISO America team, focusing on control design guidance and independent control assessments within the Cybersecurity Assessment team. Primary responsibilities include testing security controls in both on‑prem and cloud environments, managing risk, and ensuring technical systems and information assets are appropriately protected. Primary Responsibilities
Perform walkthroughs to understand processes and identify control points. Execute test scripts using examine, interview, and test methods, applying sampling techniques to select populations for testing. Validate controls across Identity & Access Management, Data Security, Network Security, Configuration Management, Vulnerability Management, Logging & Monitoring, and Incident Response. Gather evidence (screenshots, logs, configurations) with metadata and timestamps, retaining per workpaper standards. Document test steps, results, and conclusions, maintaining traceability from population to sample to evidence. Record exceptions with clear linkage to criteria and risk impact, providing factual observations without advisory language. Re‑test remediated controls to confirm closure and effectiveness. Qualifications
Minimum 3–5 years in risk management, information security, or IT roles; prior audit experience a plus. In‑depth knowledge of cloud security practices for major providers. Experience writing process documentation and designing/executing control test scripts. Knowledge of domestic and international banking regulations (Reg W, Basel II, FFIEC, GDPR, etc.) and experience with regulatory examination activities. Understanding of OCC and FRB expectations related to technology risk. Professional certifications such as CCSK, CISA, CRISC, CISM, CGEIT, CSX, CISSP, and cloud security certifications from major providers. Ability to work independently and collaboratively with all levels of management. Strong analytical, organizational, and communication skills. Bachelor's degree in IT or Information Security disciplines. Education & Certifications
Bachelor's degree in Information Security or related discipline, or equivalent experience. Visa sponsorship/support is based on business needs; this position is not eligible for visa sponsorship. Typical base pay range: $108,000 – $131,000, plus discretionary performance‑based bonuses and incentive compensation. Benefits
MUFG offers a competitive benefits package including health, wellness, retirement, educational assistance, paid maternity and parental bonding leave, and paid vacation and holidays. Equal Opportunity Employer
We are proud to be an Equal Opportunity Employer. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status protected under applicable federal, state, or local law. We consider all qualified applicants, including those with criminal histories, in a manner consistent with state and local laws and financial industry regulations.
#J-18808-Ljbffr