Cyber Security Technical GRC – VP

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.

Job Summary:

This role is a member of the CISO of America’s team, with primary focus on the Enterprise Information Systems (EIS) Governance, Risk, and Compliance (GRC) team. The position requires a deep understanding of how cloud environments are well architected and identifying risks associated with the services utilized and challenging the architecture(s) and implementation.

As an individual contributor, you will act within the first line of defense, contributing to complex, critical disciplines including Cloud Security Governance, Policy Management, Cybersecurity Controls & Reporting, and Cyber Risk Quantification across hybrid (cloud and on premise) environments. The role emphasizes comprehensive risk management—identifying, assessing, and managing inherent, control, and residual risks—while auditing cloud technologies, wearing multiple hats, writing executive-ready reports, and relaying risk clearly to senior leaders.

Responsibilities:

Cloud & Cyber Risk Management

• Drive risk management initiatives for multicloud environments; ensure alignment with enterprise security standards and regulatory expectations.
• Understand the technical architecture and operational setup of cloud servers and provider integrations to evaluate exposure, control effectiveness, and residual
• Support internal projects addressing cloud cybersecurity threats; assess the effectiveness and comprehensiveness of first-line cybersecurity controls
• Review and challenge risk assessments, scenario analyses, control testing, and remediation plans; assist with issue oversight and escalations.
• Monitor and analyze risk trends (internal and external) to proactively mitigate potential issues impacting cloud security posture.
• Promote actions to address root causes of risks

Cybersecurity Controls & Reporting

• Represent EIS GRC in working groups focused on cloud security and multi levels of reporting
• Translate complex cloud and cybersecurity concepts into clear business terms for non-technical stakeholders and senior management across the Combined U.S. Operations.
• Prepare concise, executive-level reports on risk management activities, control outcomes, and emerging issues for senior leadership.

Cyber Risk Quantification

• Collaborate on initiatives that strengthen the enterprise cybersecurity program; ensure projects align with the cloud security governance model.
• Regularly review and update risk frameworks to reflect changes in the cloud threat landscape, including Oracle-specific risks.
• Lead discussions at all levels to incorporate cloud security risk elements into business strategies and decision-making.
• Guidelines of business through cloud security assessments, translating technical/security questions into business impact and prioritization.

Auditing & Compliance

• Conduct and/or oversee audits and other assessments of cloud technologies and on-prem technologies, ensuring effectiveness, sustainability, and maturity controls.
• Ensure adherence to regulatory requirements and internal policies, including coordination on remediation of identified gaps.
• Support oversight activities related to enforcement agencies, regulatory examinations, and related obligations.

Emerging Security Trends

• Stay current with multiple Cloud platforms for best practices, emerging technologies, and regulatory changes impacting cloud environments.
• Leverage insights to enhance the security posture and influence strategic roadmaps across business and technology teams.

KRIs & Metrics

• Influence comprehensive and consistent practices to identify, measure, monitor, report, and manage information risks.
• Ensure metric quality and relevance (e.g., control efficacy, incident trends, misconfiguration rates, vulnerability aging, and remediation timeliness).

Qualifications:

• 6–10 years of experience across risk management, cloud information security governance, and/or IT audit; prior audit experience is a plus.
• Strong understanding of cloud architecture and provider integrations, including how enterprise servers and services interface with cloud providers
• Experience auditing cloud technologies, wearing multiple hats in GRC contexts, writing executive-ready reports, and relaying risk to executives.
• High technical knowledge across cybersecurity domains (IAM, Data Security, Configuration Management, Log Generation, Incident Response, Security risk Assessment/Testing Methodologies, Secure SDLC), with specific experience evaluating the adequacy and efficiency of Cloud Controls.
• Knowledge of domestic and international banking regulations (e.g., Reg W, Basel II, FFIEC, GDPR) and experience with enforcement agency oversight activities (e.g., MRAs, consent orders), especially within systemically important financial institutions.
• Understanding of the regulatory environment and expectations related to technology risk (OCC, FRB, and Cyber Risk Institute (CRI)).
• Professional certifications in major cloud providers for security

Education & Certifications:

• Bachelor's degree in Information Security or a closely related discipline, or equivalent related experience

“Visa sponsorship/support is based on business needs. We do not anticipate providing visa sponsorship/support for this position.”

The typical base pay range for this role is between $144K - $167K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.

MUFG Benefits Summary

We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.