Phishing Simulation Program Lead – Data Security Team na Mufgub

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.

EDUCATION
• Degree or equivalent work experience equally preferable.
• Bachelor’s degree in Information Technology, Cyber Security, Computer Science or related discipline
CERTIFICATIONS
• Minimum of at least one certification in a related security domain such as CISSP, GCIA, GSEC, CISM, EnCE, CEH, GCFA, GCFE, ISSMP, SANS GSEC, or GCIH required
WORK EXPERIENCE
• Experience working in global, complex, matrix-managed organization
• Experience in either :
• Incident Response and Forensic Investigations work
• Threat and vulnerability management
• Cybersecurity Operations or Information Security
• Experience working within the Financial Services Industry preferred
• Information security experience in the following areas: IT security, incident handling and response, exploit analysis, intelligence gathering, digital forensics methods and procedures
• Experience across the following technical concentrations:
• -Network-Based Security Controls (Firewall, IPS, WAF, MDS, Proxy, VPN)
• -Anomaly Detection and Investigation
• -Host and Network Forensics
• -Operating Systems
• -Web Applications and Traffic
• Experienced with EnCase, FTK, SIFT, Splunk, Redline, Volatility, Wireshark, tcpdump, and open-source forensic tools
• Experience responding to cyber events in public cloud environments such as AWS, Azure, Google Cloud, etc.
• Experience with information security risk management, including conducting information security audits, reviews, and risk assessments.
• Experience with patch management solutions
• Experience with project management and leading complex projects.
• Security experience in all phases of product and service development lifecycle including architecture, design, development, testing, release, and operational maintenance.
• Experience with cloud computing security, network, operating system, database, application, and mobile device security
• THREAT INTELLIGENCE ROLE SPECIFIC
• Experience directly related to development and support of cyber threat intelligence services, providing threat monitoring, assessment and communication of potential and current information security risk and threats (preferable in the financial services industry)
• Previous government/military experience with threat intelligence preferred
• Experience with threat intelligence and SOC/CIRT interaction
• Experience with SIEM big data technology
• Splunk experience is highly preferred
• Experience with threat intelligence vendors
• Experience with EDR technologies
• Experience using the third-party cyber threat intelligence platforms
FUNCTIONAL SKILLS
• Familiar with forensic security tools
• Knowledge of Information Assurance concepts and technologies
• Ability to document and explain technical details in a concise, understandable manner
• Extensive knowledge of vulnerability management and remediation.
• A diverse skill base in both product security and information security including organizational structure and administration practices, system development and maintenance procedures, system software and hardware security controls, access controls, computer operations, physical and environmental controls, and backup and recovery procedures.
• Detailed knowledge and experience in security and regulatory frameworks (ISO 27001, NIST 800 series, FFIEC, SOC2, FedRAMP, STAR, etc.)
• Expertise in numerous security domains including Security Governance and Oversight, Security Risk Management, Network Security, Threat and Vulnerability Management, and Incident Response and Forensics.
• THREAT INTELLIGENCE ROLE SPECIFIC
• Writing skills that present both a business and technical viewpoint
• Knowledge of threat hunting techniques, the intelligence cycle, and analysis methodologies
• Understanding of cyber threat actors, advanced cyber threats, and the “kill chain” methodology
• Understanding of back-channels typically used by actors for malicious activity
• Understanding of how to successfully access networks anonymously, obfuscation techniques and best practices for ensuring device non-attribution
• Understanding of vulnerability scanning and reporting
• Understanding of security event and incident handling
• Understanding of ethical hacking tools and techniques
• Familiarity with MITRE ATT&CK
• Understanding of network infrastructure (including firewalls), web proxy and/or email architecture - particularly as they apply in a mitigating control functionality
• Ability to act independently, prioritizing and organizing day to day tasks and needs as appropriate
FOUNDATIONAL SKILLS
• Demonstrates leadership
• Communicates effectively
• Identifies multiple paths to success using analytical and critical thinking as well as decision-making skills
• Operates strategically to support a culture of continuous improvement and systems thinking
• Makes sound business decisions in a complex work environment
• Collaborates with other business functions and divisions to advance business objectives
• Is flexible, decisive, and able to establish support from leadership
• Monitors industry trends and best practices and applies insights to advance the business
• Exhibits and fosters optimism, resilience, flexibility, and openness to others' ideas
• Inspires innovation and values learning as a lifelong professional objective
• Leads by example, engaging inclusively and with intent
• Always acts with integrity
• Iterative problem-solving
• Serving as a trusted advisor
RESPONSIBILITIES
High Level Responsibilities:
• Consult on SOP and technologies used in data forensics investigation of information security incidents. Perform penetration testing and vulnerability assessment on web-based applications and networks to enhance network security for internal and external clients.
• Update organizational information security laws compliance with latest domestic and international laws and regulations. Conduct information security audits on enterprise-wide information systems and infrastructure.
• Define process issues and resolutions; facilitate and oversee computer forensics processes. Review and analyze the testing results, filling out security reports, as well as providing solutions on vulnerabilities and breach.
• Provide technical advice and guidance to management and service management staff. Assist in the design and implementation of the organizational information security solutions, and continuously enhance information security approaches and methodologies.
Details:
• Assigns job titles and duties for handling computer and network incidents to specific individuals and document management personnel who will support the incident handling process
• Implements processes to contain the impact and spread of an attack or incident, and restoring related business/IT services
• Develops procedures to allow for personnel to report anomalous events to the incident handling team. Defines the mechanisms for such reporting, and the kind of information that should be included in the incident notification
• Reviews the execution of incident response plans and makes necessary adjustments based on effectiveness of response efforts and ultimate impact to the business
• Develops metrics to track incident response SLAs to determine if IR process is operating as designed
• Preserves forensic evidence to share with law enforcement and third-party forensic firms
• Works with Legal and 2nd line to implement data retention policies
• Establishes alert thresholds to determine when to convene the CIRT and investigate incidents
• Establishes voluntary information sharing with external stakeholders to achieve broader security situational awareness
• Assists with internal or third-party employee investigations
• Mentors/guides team of analysts
• Researches evolving IR and Forensic techniques and tools in support of incident response efforts
• Manages the vulnerability scanning process and document a prioritized list of the most critical vulnerabilities along with the risk scores
• Subscribes to a vulnerability intelligence service to stay aware of emerging exposures, and use the information gained from this subscription to update the organization's vulnerability scanning activities
• Produces threat intelligence reports (FS-ISAC, DHS, etc.) which identify relevant upcoming and ongoing threats to the enterprise
• Uses the reports make decisions and changes to the risk and threat posture and control environment
• Risk-rates vulnerabilities based on the exploitability and potential impact of the vulnerability, and segmented by appropriate groups of assets
• Measures the delay in patching new vulnerabilities and ensure compliance with Service Level Agreements (SLAs)
• Tracks and reports vulnerability remediation progress
• Performs vulnerability analysis and generate reports for stakeholders to remediate, and briefs senior management on critical vulnerabilities
• Performs Policy compliance scanning to identify when IT assets violate security requirements and policy
• Researches evolving threats, techniques, and tools in support of vulnerability and patch management efforts
• Provide strategic direction to the CSOC functional team. Assist CSOC Director with the creation of team strategy, goals, and organizational objectives
• Manage a team of CSOC analysts responsible for real time monitoring and management of security incidents. Assist in the career development and training of CSOC analysts and engineers
• Along with CSOC Management team, review and update event and incident thresholds and when to invoke the Computer Incident Response Team (CIRT) based on changes to the company's risk and threat environment
• Regularly review the effectiveness of the team’s standard processes, procedures, and workflow to ensure successful identification, protection, and detection of cybersecurity events or incidents
• Act as an escalation point for CSOC analysts when a potential incident occurs. Assist with review and triage of issues to confirm correct owner
• Serve as a CSOC Subject Matter Expert in communications and interactions with different business units
• Develop business case and cost justifications for the acquisition of new tools and technology. Serve as a sponsor during the project implementation
• Lead interactions with Information Sharing associations to share threat and event intelligence and build into monitoring tools and Intrusion Detection/Prevention systems
• Maintain familiarity with industry trends and current security practices
• THREAT INTELLIGENCE ROLE SPECIFIC:
• Daily threat intelligence monitoring through open and closed sources
• Provide day to day analysis of threats that have the potential to impact the company and its affiliates
• Evaluate data sources for consideration in the improvement and expansion of the threat intelligence program
• Responsible for day-to-day tactical/operational support and escalation of threat intelligence events
• Present key trends and analysis to peer teams and executive management
• Produce key metrics and reports that help to promote the value of threat intelligence
• Respond to computer security incidents in compliance with industry best practices
• Perform basic network security analysis in support of intrusion detection operations, including the development and enrichment of indicators used to enhance the network security posture
• Contribute to a team of cyber threat intelligence analysts to analyze threat data, write reports, brief event details to leadership, and coordinate remediation activities across multiple organizations
• Analyze the potential impact of new threats and exploits and communicate risks to relevant business units and leadership.
• Provide cyber risk and threat identification by proactively and continuously monitoring the internal and external landscape for relevant events, risks, and threats related to the cyber landscape
• Provide enterprise threat analysis by reviewing potential and current threats based upon a defined and repeatable threat analysis methodology
• Provide finished intelligence products/communications to key groups and the enterprise regarding potential threats and remediation efforts - including the ability to develop write-ups that provide effective analysis and actionable intelligence based on relevant security events
• Exceptional time management is required to balance strategic and operational support needs in day-to-day activities

Other Qualifications: 

As per MUFG’s work policy for all personnel, candidates must work onsite for 4 days and 1 day remotely.

The typical base pay range for this role is between $123K - $173K depending on job-related knowledge, skills, experience, and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below. 

We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws (including (i) the San Francisco Fair Chance Ordinance, (ii) the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, (iii) the Los Angeles County Fair Chance Ordinance, and (iv) the California Fair Chance Act) to the extent that (a) an applicant is not subject to a statutory disqualification pursuant to Section 3(a)(39) of the Securities and Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity Exchange Act, and (b) they do not conflict with the background screening requirements of the Financial Industry Regulatory Authority (FINRA) and the National Futures Association (NFA). The major responsibilities listed above are the material job duties of this role for which the Company reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of conditional offer of employment, if any.

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual’s associates or relatives that is protected under applicable federal, state, or local law.

 

Candidatar-se agora