Business Information Security Officer, Vice President - Remote - Texas, Florida

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 6th largest financial group in the world. Across the globe, we're 160,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

This is a remote position. The selected colleague will generally be expected to work at an MUFG office periodically. A member of our recruitment team will discuss location preferences with you in more detail.

Job Summary

Individuals in the Business Information Security Officer (BISO) job function (Information Security job family) focus on driving alignment between security processes and business capabilities. Responsibilities include ensuring compliance with standards and procedures; serving as the information security subject matter expert for designated business units or functions; and participates in the development, implementation and ongoing maintenance of information security ensuring the business understands current security issues and expectations and can securely meet its strategic goals and objectives.

Major Responsibilities

• Provide subject matter expertise on assigned lines of business and the associated risks, bringing line of business specific security requirements back to enterprise information security and the Business Information Security Office (BISO)
• Evaluate known gaps and suggest remediation plans that enable the business while ensuring appropriate information security and risk management
• Guide lines of business through assessments, translating the technology/security questions so that they can be understood by the business; then guide them as to how to gather the required information
• Act as the trusted advisor to the broader BISO team, informing them via metrics and reports of key risks and security initiatives of the lines of business
• Provide clear and consistent communications to lines of business related to cybersecurity related topics
• Take a balanced approach to both protect and enable the business
• Inform the lines of business of new security initiatives and gather feedback on their impact
• Establish and drive a clear risk picture to the lines of business through regular contact on all risk and security issues
• Partner with existing BISOs to Influence executives within aligned business units by demonstrating how security efforts align to their strategic objectives
• Support business initiatives and transformation activities
• Provide insight into the key drivers of information security risk or breeches
• Lead discussions to incorporate and manage information security risks as part of the overall strategy of the business line
• Evaluate current systems and processes and develop a plan to manage/remediate gaps with the business

Qualifications

• Prior experience working across other industries (non financial) in a large multinational corporation or global company
• Experience with exception management and required remediation
• 8-10+ years working in risk, information security, or BISO role or the equivalent
• Risk management experience with the ability to apply risk principles to the business environment
• Bachelor's degree in information systems, cybersecurity, or a related field or a combination of education and relevant experience
• Understanding of relevant key performance indicators and key risk indicators and the ability to set, apply, and report them on a regular basis
• Understanding of key metrics needed to oversee and manage the information security and risk of a line of business and the ability to communicate and present them to executive management
• Knowledge of National Institute of Standards and Technology (NIST) Cybersecurity Framework, Financial Services Sector Coordinating Council (FSSCC) Cyber Profile, Federal Financial Institutions Examination Council (FFIEC) guidance, Gramm-Leach-Bliley Act (GLBA), Payment Card Industry (PCI), Sarbanes-Oxley, and other relevant regulations laws and regulations
• In-depth understanding of security controls and how to apply them to business use cases
• 3-5+ years' international banking experience in information technology with a focus in information security
• Certification pertaining to information security and data privacy protection (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Manager (CISM), etc.) required
• Experience building remediation plans to address security gaps without hindering the business

The typical base pay range for this role is between $130K - $155K depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below.

MUFG Benefits Summary

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity/Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual's associates or relatives that is protected under applicable federal, state, or local law.

#LI-Remote