Cloud Cyber Security Assessor

MUFG Bank, Ltd.$115K — $153K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 3-5 years of experience across risk management, information security, and IT roles; audit experience preferred.
  • In-depth knowledge of cloud security practices for major service providers.
  • Proficient in writing process documentation and executing control test scripts.
  • Understanding of banking regulations including Reg W, Basel II, and GDPR, with regulatory examination experience.
  • Familiarity with the regulatory landscape and technology risk expectations from the OCC and FRB.
  • Relevant professional certifications such as CCSK, CISA, CRISC, or CISSP required.
  • Strong analytical, organizational, and communication skills.

Responsibilities

  • Conduct walkthroughs to understand processes and identify control points.
  • Execute test scripts to evaluate design and effectiveness of security controls.
  • Use sampling techniques for selecting testing populations.
  • Perform technical validation of controls related to identity, data, and network security.
  • Collect and document evidence with metadata to support findings.
  • Document test results clearly and maintain evidence traceability.
  • Record control exceptions and provide factual observations without advisory language.

Benefits

  • Comprehensive health and wellness benefits.
  • Retirement plans available.
  • Educational assistance and training programs offered.
  • Paid maternity and parental bonding leave.
  • Paid vacation, sick days, and holidays included.
Full Job Description
The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details. Job Summary: This role is a member of the CISO of America’s team and will provide control design guidance and conduct independent control assessments within the Cybersecurity Assessment team. The primary focus will be on testing of security controls, ensuring that technical systems and information assets are appropriately protected within both On-prem and Cloud environments. The role also emphasizes comprehensive risk management, including the identification, assessment, and management of inherent, control, and residual risks. Primary Responsibilities: - Test Execution - Perform walkthroughs and obtain process understanding to identify control points. - Execute test scripts for design and operating effectiveness using methods such as: Examine, Interview, Test. - Apply sampling techniques (statistical or judgmental) to select populations for testing. - Conduct technical validation of controls across: - Identity & Access Management (e.g., MFA enforcement, privileged access) - Data Security (e.g., encryption, key management) - Network Security (e.g., segmentation, firewall rules) - Configuration Management (e.g., CIS benchmarks, baseline compliance) - Vulnerability Management (e.g., patch SLAs, scanner coverage) - Logging & Monitoring (e.g., SIEM integration, alerting) - Incident Response (e.g., evidence of tabletop or real events) - Evidence Collection - Gather sufficient and appropriate evidence (screenshots, logs, configurations) with metadata and timestamps. - Ensure evidence supports conclusions and is retained per workpaper standards. - Workpaper Documentation - Document test steps, attributes, results, and conclusions in a clear, self-standing manner. - Maintain traceability from population to sample to evidence. - Issue Identification - Record exceptions with clear linkage to criteria and risk impact. - Provide factual, evidence-based observations without advisory language. - Remediation Validation - Re-test remediated controls to confirm closure and effectiveness. Qualifications: - Experience: Minimum of 3-5 years' experience in a combination of risk management, information security, and IT roles. Prior audit experience a plus. - Cloud Security: In-depth knowledge of cloud security practices and technologies for major providers. - Documentation: Experience in writing process documentation and designing/executing control test scripts. - Regulatory Knowledge: Knowledge of domestic and international banking regulations (Reg W, Basel II, FFIEC, GDPR, etc.) and experience with enforcement agencies oversight activities (regulatory examinations, matters requiring attention (MRAs), consent orders, etc.) within a global systemically important financial institution's information technology and information security environments. - Technical Understanding: Understanding of the regulatory environment and regulations related to technology risk, and Office of the Comptroller of the Currency (OCC) and Federal Reserve Board (FRB) expectations. - Certifications: Professional certifications such as CCSK, CISA, CRISC, CISM, CGEIT, CSX, CISSP and Cloud Security from major providers. - Collaboration: Ability to constructively work both independently and in collaborative environments involving all levels of management and employees. - Multitasking: Ability to manage multiple priorities concurrently, prioritize, and efficiently complete responsibilities while maintaining the highest quality. - Education: Bachelor's degree in related IT or Information Security disciplines. - Skills: Excellent analytical, organizational, and conceptual skills. Excellent oral and written communication skills. Education & Certifications: - Bachelor's degree in Information Security or a closely related discipline, or equivalent related experience. “Visa sponsorship/support is based on business needs. We do not anticipate providing visa sponsorship/support for this position.” The typical base pay range for this role is as follows: - New York / New Jersey: $115k-153k - Non–New York / New Jersey: $112k - 141k depending on job-related knowledge, skills, experience and location. This role may also be eligible for certain discretionary performance-based bonus and/or incentive compensation. Additionally, our Total Rewards program provides colleagues with a competitive benefits package (in accordance with the eligibility requirements and respective terms of each) that includes comprehensive health and wellness benefits, retirement plans, educational assistance and training programs, income replacement for qualified employees with disabilities, paid maternity and parental bonding leave, and paid vacation, sick days, and holidays. For more information on our Total Rewards package, please click the link below. Our hybrid work schedule is four days on-site and work remotely one day per week.

About MUFG Bank, Ltd.

MUFG Bank, Ltd. Careers

There has never been a better time to join the global team at MUFG Bank, Ltd., a premier institution recognized for its leadership in the financial sector. MUFG Bank, Ltd. offers a plethora of job opportunities that cater to a variety of skills and interests, all while fostering professional growth and innovation.

Work You’ll Do

Join MUFG Bank, Ltd.'s distinguished team to assist some of the most sophisticated clients in navigating their financial landscapes. At MUFG Bank, Ltd., team members lead from a unique position in the marketplace, at the crossroads of financial expertise, industry knowledge, and digital innovation. Engage with a global team of business and financial advisors to help clients master their economic strategies and challenges. Collaborate with the largest group of finance professionals in the industry – a network that spans across continents offering unmatched opportunities for networking and professional development.

Introducing the MUFG Bank, Ltd. Business Advisory

The team is dedicated to building a leading Advisory group to guide some of the most renowned companies through their financial strategies using innovative solutions.

Do Innovative Work

Be part of a team that delivers targeted financial solutions through a depth and breadth of consulting experience and innovation that’s second to none.

Be Part of a Great Team

Work on a wide range of financial technologies and harness the unparalleled capabilities, global scale, and joint solution development that only MUFG Bank, Ltd. can offer.

Future-Proof Your Career

Advance your career as far as your ambition can take you with limitless opportunities supported by unmatched training, development, and certification support.

Explore

Discover how MUFG Bank, Ltd. is leading the way in financial innovation with cutting-edge projects like blockchain for secure transactions and AI for risk assessment.

The MUFG Bank, Ltd. Alliance

The combined service capabilities, global scale, and joint solution development enable clients to overcome challenges and lead transformation in their industries. Clients worldwide turn to MUFG Bank, Ltd. for new strategies and financial solutions to drive growth and success in the digital era.

Stay Connected

Join the Team

Search open positions that match your skills and interests. MUFG Bank, Ltd. seeks passionate, curious, creative, and solution-driven team players.

SEARCH MUFG JOBS

Keep Up to Date

Stay ahead with career tips, insider perspectives, and industry-leading insights you can put to use today—all from the professionals who work at MUFG Bank, Ltd.

READ CAREERS BLOG

Job Alert Emails

Personalize your subscription to receive job alerts, latest news, and insider tips tailored to your preferences. Explore the exciting and rewarding opportunities that await at MUFG Bank, Ltd.
Learn more about MUFG Bank, Ltd.

Similar Jobs

More Jobs at MUFG Bank, Ltd.

More Information Technology Jobs

Find similar Cloud Cyber Security Assessor jobs: