JerseyCityRecruiter Since 2001
the smart solution for Jersey City jobs

Head of Systems and Software Security, Managing Director

Company: MUFG
Location: Jersey City
Posted on: May 2, 2021

Job Description:


Do you want your voice heard and your actions to count?


Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2020). In the Americas, we’re 13,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, developing positive relationships built on integrity and respect. It’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. We’re a team that accepts responsibility for the future by asking the tough questions and owning the solutions. Join MUFG and be empowered to make your voice heard and your actions count.

Job Summary


The Managing Director, Head of Systems & Software Security is the senior-level executive (MD) in Mitsubishi Union Bank’s (MUB), Enterprise Information Security (EIS) organization, responsible for defining and managing the overall comprehensive function responsible for System Security Risk Assessment Program, Third Party Risk Assessment Program, and Software Security & Penetration Testing Program.  The successful candidate will provide oversight of MUB’s information security risk assessments of high profile, large impact technology enabled projects (e.g. firm acquisitions, strategic growth initiatives) as well as to provide direction and leadership for security requirement definition, vendor security reviews, and facilitation of security testing and management of residual risk. The successful candidate will also:


  • Serve as the escalation for risk assessment team as it relates to outstanding security risks
  • Interact with various departments, firm's partners, and other senior members of the firm to advise and assist with compensating control alternatives where security requirements cannot be met.
  • Provide oversight and function as a point of contact between IT project teams and the EIS Security group to ensure that appropriate security resources are scheduled, and that security-related project objectives and timelines are met
  • Liaise with IT and other representatives of assigned business functions to ensure that project pipelines are understood and that project priorities are reflected in IT Risk & Security’s resource planning.
  • Function as a subject matter expert in several IT security domains (e.g. access control, cryptography, monitoring, etc.) and security processes supporting risk assessment and software security, including penetration testing services. Continuously improve the security aspects of operating processes.

Major Responsibilities:

The Managing Director, Head of Systems & Software Security is directly responsible for all aspects of systems & software security including but not limited to:

  • Performing application, vendor, and cloud Security Reviews and supporting system vulnerability assessments. Performing application risk analysis and threat modeling to ensure security is being baked into the early phases of the system development life cycle.
  • Recommending security enhancements and defining mitigating controls for MUFG core systems and applications.
  • Data Protection and Encryption for sensitive MUB data at rest and in motion between systems and applications.
  • Third Party Information Security Assessment to ensure that vendor-hosted applications and systems are being held to the requisite levels of due diligence commensurate with the risk they pose to MUB.
  • Accountable for the MUB secure Software Development Lifecycle (SDLC) program to build security into applications before they are deployed into the production environment.
  • Collaborating with peer members of the Operations & Technology Americas (OTA) Team to establish appropriate security standards and provide an effective governance structure to ensure compliance and accountability.
  • Defining cyber security governance and control strategies for emerging technologies such as cloud & containerization and robotic procession automation.
  • Conducting issue risk analysis and engaging cyber security and business management and other stakeholders for resolution.
  • Engaging risk teams in the review and re-engineering of key controls and processes to manage and reduce risk effectively and efficiently.
  • Defining and driving the implementation of technology requirements for the OTA application developer community to proactively integrate security requirements as part of common development objectives.
  • A Degree in Information Technology, Engineering, or Business (Advanced Degree Preferred)
  • 10+ years of experience in Information/Cybersecurity in a highly regulated industry such as Finance, Healthcare, and/or Government within a large multi-national organization with a global scope with high influence requirements.
  • 10+ years people management experience across a global organization, with hands-on experience building diverse teams while promoting an inclusive organization.
  • A demonstrated knowledge of information security standards (e.g. NIST, FFIEC, ISO-27001), rules and regulations related to information security and data confidentiality (e.g. PCI, NIST, NSA) and other various security standards and policies.
  • A strong understanding of Cloud Security Mode and key principles, such as Swift Cybersecurity Programs (CSPs) Shared Responsibility Models, Security and Infrastructure as Code, Preventive/Reactive Guardrails, Containerization, Server-less Computing, Continuous monitoring/drift detection, and the importance of end-to-end automation.
  • Understanding of global institutional financial transaction and message processing (e.g. SWIFT, CHIPS, Fed-Wire, SPEI, SPID)
  • Knowledge of application data flows, and markets trading and settlement platforms and operations
  • Demonstrated experience complying with the Swift Cybersecurity Program (CSP).
  • Ability to understand not only emerging industry trends as far as cyber security is concerned, but also the landscape of emerging threats, making appropriate adjustments within the ICG program.
  • Ability to effectively manage the tactical cyber security mission while continuing to drive the MUFG and the EIS cyber security strategy forwards, always thinking 2-3 years ahead.
  • Ability to operate effectively across a highly matrixed, global business environment.
  • Strong focus and record of execution
  • Strong leadership, strategic thinking, and large-scale planning abilities.
  • Strong interpersonal and communication skills with the ability to influence at all levels of the organization, while being able to simplify complex IS topics for understanding and critical decision making by MUFG and EIS Senior Management.
  • Excellent problems solving abilities and analytical skills; proven ability to effectively drive global teams to meet challenging deadlines solving complex problems.
  • Ability to apply a broad and comprehensive understanding across multiple functional areas.
  • Strong work ethic, and an excellent use of discretion and judgment.
  • Ability to organize, prioritize, and lead multiple deliverables simultaneously across a large, global corporate environment.
  • Key Industry certifications in Information Security, such as CISSP, CISM and CISA


The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.

We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.

A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it’s the bank’s policy to only inquire into a candidate’s criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.


Keywords: MUFG, Jersey City , Head of Systems and Software Security, Managing Director, Other , Jersey City, New Jersey

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Log In or Create An Account

Get the latest New Jersey jobs by following @recnetNJ on Twitter!

Jersey City RSS job feeds