Security Engineering, Director

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.

Job Summary

Technical leader experienced in cybersecurity, identity and access management, insider threat, incident response, security operations, or related information security field. Extensive experience working in database security, encryption engineering, system security, systems and software security (SSS), (TVM), or related field. Experience in the banking or finance industries preferred

Major Responsibilities

• Design, define, and develop standard processes of organizational identity and access management solutions; enforce policies, procedures, standards, and guidelines when working with end users.
• Oversee activities that provide authorized access to information and protect the confidentiality and integrity of information; direct the optimization of access provisioning processes; provide training on user provisioning and authentication.
• Perform management activities such as design, implementation, monitoring, capacity planning, scalability testing, fail-over testing, backup/recovery planning, disaster recovery and performance and security baselines
• Implement tasks/projects critical to the organization’s data protection technologies
• Deploy and support data protection monitoring and prevention tools (e.g.: Cloud Access Security Broker (CASB), Data Leakage Protection (DLP), Database Monitoring, Tokenization, and Encryption)
• Create procedures to support the analysis of events/incidents for remediation suggestions to relevant areas
• Research and document security best practices to proactively identify security gaps including vendor review, technology evaluations, demos, and proof of concept trials
• Identify, isolate, and document solution defects and work with the owner/vendor to bring issues to resolution
• Create and regularly evaluate process, quality control, and configuration management documentation

Foundational Skills

• Communicates effectively
• Anticipates changing business needs, adjusts priorities accordingly, and allocates necessary resources and budget to achieve objectives
• Equips the business to become an effective competitor in an highly dynamic landscape
• Considers stakeholder needs and input as well as best practices and insights from industry trends when making strategic decisions
• Is flexible, decisive, and serves as a trusted advisor to senior leaders within the organization
• Demonstrates effective negotiation and influencing skills
• Prioritizes and facilitates an culture of continuous improvement and systems thinking
• Sets the tone for successful collaboration with other business units and corporate entities
• Creates an environment that fosters communication, transparency, and collaboration
• Cultivates innovation and values learning as a lifelong professional objective
• Leads by example, engaging inclusively and with intent
• Always acts with integrity
• Iterative problem-solving
• Exceptional organizational skills with ability to manage multiple priorities while adhering to established milestones and timelines
• Excellent analytical skills and attention to detail
• Excellent verbal and written skills; expert ability to communicate technical information to both technical and non-technical audiences

Desired Functional Skills Include:

• A deep understanding in Identity and Access management principals, methodology, and solutions, including access control (role-based and discretionary), authentication, authorization, provisioning, approvals, and workflows.
• Access control conformance, Act independently, Adaptation, Advanced Interactive eXecutive (AIX), Analytical (i.e. technical and non-technical problem-solving), Analytics for decision-making and measurement progress/performance
• Analyze various methods controlling information security problems, Apache Cassandra, Apache Hadoop, Apache Spark, Apple MAC, Application security, Infrastructure security, Application software which effect the integrity, functionality, and reliability the Bank's network and systems, Application transaction,
• Apply information security theories and concepts to specific circumstances
• Aptitude to lead complex efforts, Architecture diagrams
• Articulate security risks and appropriate controls, Automation through scripting and/or programming, Amazon Web Services (AWS), Azure, Building and operating a data protection and compliance program
• Business processes in the financial/government sector, Capdo data analytics and draw risk conclusions based on activities seen, CCPA/CPRA, Certificate management tool Venafi, Continuous Integration/Continuous Delivery (CI/CD), CIS-Benchmark, Cloud encryption solutions, Cloud PKI, Cloud technology solutions, COBIT, Common cybersecurity frameworks, Common OS operation
• Communicate clearly and concisely with peers and all levels leadership., Communication and presentation, Complex project management, Conceptual processes and system characteristics in the security space,
• Convey complex concepts to a broad audience (technical and non-technical), Convey technical findings in simple language,
• Create a level security awareness throughout the Bank for accountability and responsibility,
• Create native productivity aids and command scripts, Creative problem solving, Cryptographic implementations at media, CVSS, Cybersecurity, DAM,
• Data analytics and draw risk conclusions based on activities seen, Data classification solutions, Data protection strategies, Databases security configuration, DB2, Demonstrate vulnerabilities
• Determine the strengths and weaknesses each method and implement the best cost-justified solution, Development of insider Threat policies and standards, DevSecOps methodologies, Distributed Denial Service (DDoS) Protection, Documentation writing that present both a business and technical viewpoint, Domain Name System (DNS), Drive vulnerability management reporting, Email Security, Encryption Engineer, Encryption security products, Encryption solutions,
• Entrepreneurial mindset by applying frameworks for resource alignment on goals and objectives
• Evaluate application software which impact the integrity, functionality, and reliability of the bank's network and systems
• Evaluate business process which impact the integrity, functionality, and reliability of the bank's network and systems
• Evaluate the impact to existing security systems, Exabeam, Excel (vlookup/pivot tables/charts), Explain risk, Extranet networks
• Facilitate remediation coaching, Federal Financial Institutions Examination Council's (FFIEC), File Transfer Protocol (FTP) functionality, Firewalls
• Formal stand-up presentations to all levels management, GLBA, Gramm-Leach-Bliley Act (GLBA), Hyper Text Transfer Protocol/Secure (HTTP/HTTPs)
• Identify weak links in information security products,
• Implement the best cost-justified solution
• Implementation of insider Threat policies and standards, Industry trends and current security practices
• Influence and communicate cross-functionally all levels management.
• Information security theories and concepts to specific circumstances
• Insider risk management governance, Internet, Internet Relay Chat (IRC),
• Intrusion Detection System (IDS), ISO 27001
• Lead pro-active reviews and self-assessments the policies, Liaise business, Linux, Listener, Log management solutions, Mac,
• Maintenance of insider Threat policies and standards, Major database platforms,
• Manage and lead teams multiple individuals,
• Manage application and infrastructure security assessments
• Manage complex projects
• Manage information security control assessments
• Managing initiatives such as assessments, Mechanics of OS exploits of preventive and detective controls, Methods of controlling information security problems, Microsoft SQL,
• Mitigate the control deficiencies, Mitigations changes and risks, MITRE ATT&CK framework, Modern security principles and its practical applications., MongoDB, MSSQL, Multifactor Authentication (MFA), MySQL, National Institute of Standards (NIST), Network, Network appliances, Network security, Network traffic analysis, Network/system forensic tools, Networking fundamentals (e.g. TCP/IP) and troubleshooting ., NIST CSF, NIST framework, Nnative productivity aids and command scripts., NoSQL, O365
• Operating in hybrid-cloud environment, Operating system (OS) internals
• Operating system changes evaluate the impact to existing security systems, Operating systems and their versions and security systems in use at the Bank, Operating systems security configuration, Operational auditing in the financial/government sector, Oracle, Oracle TDE, Oral communications,
• Organize and establish processes in need of improvement
• Outstanding oral and written communications
• Oversee workloads and support direct reports to success while meeting objectives senior management, OWASP, Passionate, PCI, Perimeter Network Security, Perl, Positive and driven attitude, PowerShell
• Prepare detailed task plans outlining all requirements to complete the given assignment
• Presentation, Prioritizing and organizing day to day tasks and needs as appropriate,
• Proactive mindset and actions, Procedures and systems,
• Program management, Programming language to automate tasks, Protection and monitoring
• Provide leadership and guidance to IT teams in patching and solutions to mitigate security threats
• Provide technical direction to other peer staff members, Proxy, Public Key Infrastructure (PKI), Python, Qualys, Rapid7, RegEx
• Regulatory and risk partners to satisfy legal and regulatory requirements and avoid risk
• Regulatory compliance, Regulatory requirements affecting data integrity,
• Reliable team management, Report creation, Risk assessments, Router & switches, Ruby, Safenet, Scripting languages, Security analytics toolsets, Security and IT metrics, Security event management tools, Security Information and Event Management (SIEM), Security risks and controls, Security tool sets, Servant leadership showing strength, Set direction, SIEM, SIEM/SOAR management solutions,
• Software development lifecycle, Software Security (SSS) Specific, Solaris, SOX, Splunk, Splunk Search Language, SQLSERVER, Strategic and operational initiatives,
• Strategic program development and improvement following current industry security trends and patterns and in alignment business vision and needs, Strengths and weaknesses of each method and implement the best cost-justified solution.,
• Support audit, Support databases, Support MS certificate authority services, Symantec/DLP, Syslog-NG, System security, System vulnerabilities,
• Technical and non-technical problem-solving, Technical direction to other peer staff members, Technical Security Standards Compliance Specific, Techniques and procedures (TTPs) used by threat actors against endpoints, Technology and leadership partners, Thales, The mechanics OS exploits preventive and detective controls, Threat and vulnerability management (TVM) & Systems,
• Threat detection, Tooling integrations to support Agile, Tools used to execute a world class offensive Security program, Tools used to execute a world class Perimeter Network Security program
• Train new staff on the security team, Transmission Control Protocol/Internet Protocol (TCP/IP), UEBA and related tools
• Understand security risks and controls, Unix
• Various methods of controlling information security problems, Verbal communication, Visionary, Voltage, Vormetric, Vulnerability scanning tools, Web Application Firewall (WAF), Windows servers and workstations, Wireless Local Area Network (WLAN) Security, Working centralized logging tools, Workload prioritization and organization, Written communication

Qualifications

• Technical leader experienced in cybersecurity, identity and access management, insider threat, incident response, security operations, or related information security field
• Extensive experience working in database security, access management, encryption engineering, system security, systems and software security (SSS), (TVM), or related field
• Experience in the banking or finance industries preferred
• Degree in computer science, information security, cybersecurity, or related field or equivalent work experience
• Desired Certifications include:

• Certified Ethical Hacker (CEH)
• Certified in Governance, Risk and Compliance (CGRC; formerly Certified Authorization Professional [CAP])
• Certified Information System Auditor (CISA)
• Certified Information Systems Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified Project Management Professional (CPMP)
• GIAC Certified Incident Handler (GCIH)
• GIAC Security Essentials Certification (GSEC)
• Global Information Assurance Certification (GIAC)
• Imperva Database Security Specialist (IDSS)
• Microsoft Certified Software Engineer (MCSE)
• Offensive Security Certified Professional (OSCP)
• Security+
• Six Sigma
• SysAdmin, Audit, Network and Security (SANS)

The typical base pay range for this role is between $205K - $246K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.

MUFG Benefits Summary

We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.