MUFG Union Bank Sr. Vendor Risk Analyst - On-site Assessments, Assistant Vice President in Jersey City, New Jersey

Join a financial group that’s as committed to your future as you are. At MUFG, we share a vision for our future, we share our successes, and we strive to bring out the best in each other in everything we do. Our 14,000 diverse colleagues are connected by a common ambition to create change for the better—from forging more dynamic career paths, to driving progress in our communities, to continuously reshaping the standards of global financial services. Positive impact starts here; see the change you can make as we strive to become the world’s most trusted financial group.

Job Responsibilities:

• Coordinate with stakeholders to initiate, scope and plan controls assessments of new and existing vendor engagements

• Perform assessments on-site at vendor locations or remotely via conference calls

• Assess completed questionnaire and supporting documentation to validate vendor appropriate implementation of information security controls; analyze the information to identify information security weaknesses or non-compliance with MUFG and industry standards

• Produce detailed documentation of assessments and perform threat analysis of gaps identified

• Communicate vendor information security issues to stakeholders, ensuring their understanding of associated risks and actions needed to remediate those risks

• Validate evidence from vendors, before Remediation Plans are closed.

• Escalate issues associated with vendors as needed to management.

• Demonstrated in-depth knowledge of concepts, best practices and controls in a breadth of information security areas/domains; these information security areas include risk management, access control, cryptography, physical security, security architecture and design, network security, application & operations security and compliance/incident management

• Strong technical and/or IT audit background and practical knowledge of a wide variety of technologies which include server infrastructure & operating systems, network & web infrastructures, database architecture and intrusion detection/prevention systems

• Proficient working knowledge within the following risk domains/technologies: Database and application security, IDS/IPS technologies, System/Access Administration, Firewall technologies, Network Architecture, Security Event Logging & Monitoring , Key Management/Tokenization, Database/Application/Network Layer Secure Protocols, Physical and Environmental Security, Secure Software/Code Development, Change Management, Vulnerability Management.

• Self-starter with the ability to manage and prioritize responsibilities through the effective use of time management techniques

• Team player with proven skills in influencing people without having direct management authority and motivating them to successfully complete tasks within required timelines

• Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical, in a dynamic environment where interactions are not always in person

• Strong risk analysis and problem solving skills

• Must be flexible to ensure assessments are performed by the mandated date and be able to manage multiple assessments simultaneously

Experience that is considered a strong plus: performing information security assessments; providing information security guidance to business stakeholders; interpreting and applying information security policy and standards

• IT Risk Management/Audit industry certification (such as CISSP, CISA,CRISC, etc.) preferred.

• Travel Requirements: 50%

We are committed to leveraging the diverse backgrounds, perspectives and experiences of our workforce to create opportunities for our people and our business. Equal Opportunity Employer Minority/Female/Disability/Veterans.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.

Job: *Systems / Technology

Title: Sr. Vendor Risk Analyst - On-site Assessments, Assistant Vice President

Location: NEW JERSEY-Jersey City

Requisition ID: 10009066-WD