Cyber Security Technical GRC – VP
Company: Mitsubishi UFJ Financial Group
Location: Jersey City
Posted on: April 2, 2026
|
|
|
Job Description:
Do you want your voice heard and your actions to count? Discover
your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of
the world’s leading financial groups. Across the globe, we’re
150,000 colleagues, striving to make a difference for every client,
organization, and community we serve. We stand for our values,
building long-term relationships, serving society, and fostering
shared and sustainable growth for a better world. With a vision to
be the world’s most trusted financial group, it’s part of our
culture to put people first, listen to new and diverse ideas and
collaborate toward greater innovation, speed and agility. This
means investing in talent, technologies, and tools that empower you
to own your career. Join MUFG, where being inspired is expected and
making a meaningful impact is rewarded. The selected colleague will
work at an MUFG office or client sites four days per week and work
remotely one day. A member of our recruitment team will provide
more details. Job Summary : This role is a member of the CISO of
America’s team, with primary focus on the Enterprise Information
Systems (EIS) Governance, Risk, and Compliance (GRC) team. The
position requires a deep understanding of how cloud environments
are well architected and identifying risks associated with the
services utilized and challenging the architecture(s) and
implementation. As an individual contributor, y ou will act within
the first line of defense , contributing to complex, critical
disciplines including Cloud Security Governance, Policy Management,
Cybersecurity Controls & Reporting, and Cyber Risk Quantification
across hybrid (cloud and on premise ) environments. The role
emphasizes comprehensive risk management— identifying , assessing,
and managing inherent, control, and residual risks—while auditing
cloud technologies, wearing multiple hats , writing executive-ready
reports, and relaying risk clearly to senior leaders .
Responsibilities : Cloud & Cyber Risk Management Drive risk
management initiatives for multi cloud environments ; ensure
alignment with enterprise security standards and regulatory
expectations. Understand the technical architecture and operational
setup of cloud servers and provider integrations to evaluate
exposure, control effectiveness, and residual Support internal
projects addressing cloud cybersecurity threats; assess the
effectiveness and comprehensiveness of first-line cyb ersecurity
controls Review and challenge risk assessments, scenario analyses,
control testing, and remediation plans; assist with issue oversight
and escalations. Monitor and analyze risk trends (internal and
external) to proactively mitigate potential issues impacting cloud
security posture. Promote actions to address root causes of risks
Cybersecurity Controls & Reporting Represent EIS GRC in working
groups focused on cloud security and multi levels of reporting
Translate complex cloud and cybersecurity concepts into clear
business terms for non-technical stakeholders and senior management
across the Combined U.S. Operations. Prepare concise,
executive-level reports on risk management activities, control
outcomes, and emerging issues for senior leadership. Cyber Risk
Quantification Collaborate on initiatives that strengthen the
enterprise cybersecurity program; ensure projects align with the
cloud security governance model. Regularly review and update risk
frameworks to reflect changes in the cloud threat landscape ,
including Oracle-specific risks. Lead discussions at all levels to
incorporate cloud security risk elements into business strategies
and decision-making. Guidelines of business through cloud security
assessments, translating technical/security questions into business
impact and prioritization . Auditing & Compliance Conduct and/or
oversee audits and other assessments of cloud technologies and
on-prem technologies , ensuring effectiveness, sustainability, and
maturity con trols. Ensure adherence to regulatory requirements and
internal policies, including coordination on remediation of
identified gaps. Support oversight activities related to
enforcement agencies, regulatory examinations, and related
obligations. Emerging Security Trends Stay current with multiple
Cloud platforms for best practices , emerging technologies, and
regulatory changes impacting cloud environments. Leverage insights
to enhance the security posture and influence strategic roadmaps
across business and technology teams. KRIs & Metrics Influence
comprehensive and consistent practices to identify , measure,
monitor, report, and manage information risks. Ensure metric
quality and relevance (e.g., control efficacy, incident trends,
misconfiguration rates, vulnerability aging, and remediation
timeliness). Qualifications : 6–10 years of experience across risk
management, cloud information security governance, and/or IT audit;
prior a udit experience is a plus. Strong understanding of cloud
architecture and provider integrations , including how enterprise
servers and services interface with cloud providers Experience
auditing cloud technologies , wearing multiple hats in GRC
contexts, writing executive-ready reports , and relaying risk to
executives . High technical knowledge across cybersecurity domains
(IAM, Data Security, Configuration Management, Log Generation,
Incident Response, S ecurity risk A ssessment/ T esting M
ethodologies, Secure SDLC), with specific experience evaluating the
adequacy and efficiency of C loud C ontrols . Knowledge of domestic
and international banking regulations (e.g., Reg W, Basel II,
FFIEC, GDPR ) and experience with enforcement agency oversight
activities (e.g., MRAs, consent orders ), especially within
systemically important financial institutions. Understanding of the
regulatory environment and expectations related to technology risk
( OCC , FRB , and Cyber Risk Institute (CRI) ). Professional
certifications in major cloud providers for security Education &
Certifications: Bachelor's degree in Information Security or a
closely related discipline, or equivalent related experience “Visa
sponsorship/support is based on business needs. We do not
anticipate providing visa sponsorship/support for this position.”
The typical base pay range for this role is between $144K - $185K
depending on job-related knowledge, skills, experience and
location. This role may also be eligible for certain discretionary
performance-based bonus and/or incentive compensation.
Additionally, our Total Rewards program provides colleagues with a
competitive benefits package (in accordance with the eligibility
requirements and respective terms of each) that includes
comprehensive health and wellness benefits, retirement plans,
educational assistance and training programs, income replacement
for qualified employees with disabilities, paid maternity and
parental bonding leave, paid vacation, sick days, and holidays. For
more information on our Total Rewards package, please click the
link below. MUFG Benefits Summary We will consider for employment
all qualified applicants, including those with criminal histories,
in a manner consistent with the requirements of applicable state
and local laws (including (i) the San Francisco Fair Chance
Ordinance, (ii) the City of Los Angeles’ Fair Chance Initiative for
Hiring Ordinance, (iii) the Los Angeles County Fair Chance
Ordinance, and (iv) the California Fair Chance Act) to the extent
that (a) an applicant is not subject to a statutory
disqualification pursuant to Section 3(a)(39) of the Securities and
Exchange Act of 1934 or Section 8a(2) or 8a(3) of the Commodity
Exchange Act, and (b) they do not conflict with the background
screening requirements of the Financial Industry Regulatory
Authority (FINRA) and the National Futures Association (NFA). The
major responsibilities listed above are the material job duties of
this role for which the Company reasonably believes that criminal
history may have a direct, adverse and negative relationship
potentially resulting in the withdrawal of conditional offer of
employment, if any. The above statements are intended to describe
the general nature and level of work being performed. They are not
intended to be construed as an exhaustive list of all
responsibilities duties and skills required of personnel so
classified. We are proud to be an Equal Opportunity Employer and
committed to leveraging the diverse backgrounds, perspectives and
experience of our workforce to create opportunities for our
colleagues and our business. We do not discriminate on the basis of
race, color, national origin, religion, gender expression, gender
identity, sex, age, ancestry, marital status, protected veteran and
military status, disability, medical condition, sexual orientation,
genetic information, or any other status of an individual or that
individual’s associates or relatives that is protected under
applicable federal, state, or local law.
Keywords: Mitsubishi UFJ Financial Group, Allentown , Cyber Security Technical GRC – VP, IT / Software / Systems , Jersey City, Pennsylvania
