Cyber Security Threat and Vulnerability Specialist

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

Key Responsibilities:

Ensure MUFG Securities Asia’s information risk controls align with ISO27002 Information Security Standards, covering but not limited to:

Threat and Vulnerability Management

• Oversee the regional threat and vulnerability function
• Coordination of vulnerability remediation and response with Technology Teams
• Perform periodic and on-demand vulnerability and baseline configuration scanning of organization systems and monitor the security patch and compliance status
• Perform periodic vulnerability scanning and monitor the security patch and compliance status;
• Coordination of critical vulnerability response and security incident resolution
• Maintain up-to-date documentation relating threat and vulnerability management, including process, procedures, and standards
• Maintain baseline exceptions within central registrar
• Improve and automate existing vulnerability management process
• Reports on identified vulnerabilities and their assoicated risks

Cyber Security Operations

• Monitor and response cyber-security events in SIEM are handled in accordance with the established protocol of the International Cyber Security Team;
• Escalate security incidents and participate in investigation and risk containment/mitigation where necessary. Assist the incident response process as requested by GSOC Team;
• Manage security tools (vulnerability scanner, web security, malware protection, etc.);
• Conduct User Awareness Training to improve MUS employee awareness of Cyber Threats.

IT Risk & Control

• Assist in ensuring MUFG Securities Asia operates under comprehensive and relevant policies and standards with appropriate staff awareness, compliance monitoring and reporting.
• Assist in managing the regional information security risk profile and associated operational risk reporting of information security and technology incidents;
• Assist in preparing monthly regional information security management reports and metrics for risk committees;
• Support incident reporting

Audit & Regulatory Liaison

• Coordinate internal and external audit activities for information security across MUFG Securities Asia and ensure consistent and timely answers to information requests.
• Assist in ensuring any issues and remedial actions resulting from information security incidents and audits are agreed with appropriate timescales for resolution.

Business Continuity, Outsourcing & Vendor Management

• Coordinate the Business Continuity Management activities such as BIA and BCP reviews. Assist the BCM function to coordinate with various IT teams on drill tests.

Skills & Requirements:

• University degree majoring in information security, information systems,  computer science or engineering;
• 5 years or more experience in Cyber Security especially Threat and Vulnerability Management, from investment bank or financial service institutes
• Practical experience and working knowledge in implementation and operation of security scanning solutions using Qualys, infrastructure penetration testing, and application security testing;
• Hands-on security operations, threat intelligence, incident response and other related experience would be beneficial;
• Professional qualifications:  CISSP, CEH, CISP, GWAPT, OSCP or other security related qualifications would be an advantage
• Familiar with security and control for technologies / enterprise applications: Windows, Firewall, Nework appliances, Virtualization platforms and/ or evaluating and implementing cyber security management, IT service management and IT governance framework using NIST 2.0, ISO27001, ITIL and COBIT respectively;
• Excellent communication skills in both oral and written English;
• Independent, flexible, self-starter possessing intellectual curiosity;
• Effective project management, prioritization, interpersonal and communication skills are essential

MUFG Bank Ltd & MUFG Securities Asia Limited (collectively referred to as “MUFG”) is an equal opportunity employer. We view our employees as our key assets as they are fundamental to our long-term growth and success. MUFG is committed to hiring based on merit and organsational fit, regardless of race, religion or gender.