This role is a critical hire in delivering the Information Security strategy where technology and data sit at the core of our service to clients and their investors.
The successful candidate will work closely with senior stakeholders and partners across the Investor Services business. Reporting to the Head of Information Security Governance Risk & Compliance the role will support the Chief Information Security Officer in further strengthening the organisations security posture and ensuring that information security is recognised and leveraged as a business enabler.
As an Information Security Governance Risk & Compliance (GRC) Analyst you will play a key role in strengthening the governance risk and compliance components of the organisations Information Security programme. You will help ensure that the companys information systems networks and data remain secure and compliant with applicable regulations standards and internal policies. The role involves collaboration with teams across the organisation to identify and mitigate risks support control effectiveness and maintain robust security practices throughout all business processes.
Typical responsibilities may include:
- Implementing and executing governance and compliance processes ensuring effective oversight and reporting on key controls and risk management measures.
- Supporting thirdparty vendor onboarding by reviewing and negotiating Information Security terms in contracts.
- Conducting onboarding assessments and ongoing monitoring of third parties ensuring continuous risk oversight and prioritising followup and remediation based on risk levels.
- Enhancing ThirdParty monitoring capabilities by developing methodologies for proactive ongoing oversight including triggers for refreshed evidence or assessments.
- Besides Third-Parties conduct comprehensive endtoend Information Security risk assessments to identify assess and measure risks across systems applications facilities technical environments and projects.
- Reviewing new applications technologies and services providing clear guidance to business stakeholders on associated Information Security risks.
- Providing guidance to remediation owners in developing and executing effective risk treatment plans ensuring adherence and followthrough.
- Preparing clear concise risk assessment reports that facilitate informed management decisionmaking regarding risk reduction acceptance avoidance or transfer.
- Contributing to Information Security training and awareness initiatives providing input on topics and materials to help educate employees on security risks and best practices.
- Maintaining and continuously improve the Information Security Management System (ISMS) ensuring that policies systems and processes comply with applicable regulations standards and internal requirements.
- Collecting analysing and enhancing metrics related to the performance and effectiveness of Information Security controls.
- Providing input to board and committee reports governance forums policies procedures and other adhoc materials as required.
- Responding to client and regulatory information requests (e.g. RFPs DDQs audits) ensuring repositories of standard responses and source material remain current and accurate.
#LI-Hybrid
Qualifications :
You Have:
- Experience in identifying and assessing information security risks with the ability to translate technical security risk into clear business risk language.
- Experience performing information security risk assessments or working in a related information security audit or risk function.
- Strong analytical research and problemsolving skills with a structured and methodical approach to identifying gaps and assessing controls.
- Experience preparing or delivering materials for senior management including reports presentations and briefings.
- Experience working with legal procurement or vendor management teams on the information security aspects of thirdparty risk management.
- Experience or involvement in SOC 2 readiness or attestation activities.
- Familiarity with the ISO 27000 family of standards and risk frameworks such as NIST 80053 and ISO 31000.
- A willingness and curiosity to continuously learn and stay current with developments in Information Security.
- Relevant industry certifications such as CISSP CISA CISM CRISC (or equivalent) are preferred.
- A relevant degree or other thirdlevel qualification.
Additional Information :
At MUFG Investor Services we are exceptionally proud of our approach to Hybrid Working. It enables the flexibility to thrive from wherever our employees work and stay connected to their team and our culture. When we make Hybrid Working plans we get to know the individual and pride ourselves in underpinning all our decisions with fairness and consistency.
MUFG Investor Services provides all of its employees with an extremely attractive compensation addition to base salary there is a group medical insurance scheme group pension scheme reimbursement of professional subscriptions paid holidays and assistance towards gym memberships.
We thank all candidates for applying; however only those proceeding to the interview stage will be contacted. If you are contacted for a job opportunity please advise us of any accommodations needed to ensure fair and equitable access throughout the recruitment and selection process. All accommodation information provided will be treated as confidential and used only to provide an accessible candidate experience.
MUFG is an equal opportunity employer.
Remote Work :
No
Employment Type :
Full-time
This role is a critical hire in delivering the Information Security strategy where technology and data sit at the core of our service to clients and their investors.The successful candidate will work closely with senior stakeholders and partners across the Investor Services business. Reporting to th...
This role is a critical hire in delivering the Information Security strategy where technology and data sit at the core of our service to clients and their investors.
The successful candidate will work closely with senior stakeholders and partners across the Investor Services business. Reporting to the Head of Information Security Governance Risk & Compliance the role will support the Chief Information Security Officer in further strengthening the organisations security posture and ensuring that information security is recognised and leveraged as a business enabler.
As an Information Security Governance Risk & Compliance (GRC) Analyst you will play a key role in strengthening the governance risk and compliance components of the organisations Information Security programme. You will help ensure that the companys information systems networks and data remain secure and compliant with applicable regulations standards and internal policies. The role involves collaboration with teams across the organisation to identify and mitigate risks support control effectiveness and maintain robust security practices throughout all business processes.
Typical responsibilities may include:
- Implementing and executing governance and compliance processes ensuring effective oversight and reporting on key controls and risk management measures.
- Supporting thirdparty vendor onboarding by reviewing and negotiating Information Security terms in contracts.
- Conducting onboarding assessments and ongoing monitoring of third parties ensuring continuous risk oversight and prioritising followup and remediation based on risk levels.
- Enhancing ThirdParty monitoring capabilities by developing methodologies for proactive ongoing oversight including triggers for refreshed evidence or assessments.
- Besides Third-Parties conduct comprehensive endtoend Information Security risk assessments to identify assess and measure risks across systems applications facilities technical environments and projects.
- Reviewing new applications technologies and services providing clear guidance to business stakeholders on associated Information Security risks.
- Providing guidance to remediation owners in developing and executing effective risk treatment plans ensuring adherence and followthrough.
- Preparing clear concise risk assessment reports that facilitate informed management decisionmaking regarding risk reduction acceptance avoidance or transfer.
- Contributing to Information Security training and awareness initiatives providing input on topics and materials to help educate employees on security risks and best practices.
- Maintaining and continuously improve the Information Security Management System (ISMS) ensuring that policies systems and processes comply with applicable regulations standards and internal requirements.
- Collecting analysing and enhancing metrics related to the performance and effectiveness of Information Security controls.
- Providing input to board and committee reports governance forums policies procedures and other adhoc materials as required.
- Responding to client and regulatory information requests (e.g. RFPs DDQs audits) ensuring repositories of standard responses and source material remain current and accurate.
#LI-Hybrid
Qualifications :
You Have:
- Experience in identifying and assessing information security risks with the ability to translate technical security risk into clear business risk language.
- Experience performing information security risk assessments or working in a related information security audit or risk function.
- Strong analytical research and problemsolving skills with a structured and methodical approach to identifying gaps and assessing controls.
- Experience preparing or delivering materials for senior management including reports presentations and briefings.
- Experience working with legal procurement or vendor management teams on the information security aspects of thirdparty risk management.
- Experience or involvement in SOC 2 readiness or attestation activities.
- Familiarity with the ISO 27000 family of standards and risk frameworks such as NIST 80053 and ISO 31000.
- A willingness and curiosity to continuously learn and stay current with developments in Information Security.
- Relevant industry certifications such as CISSP CISA CISM CRISC (or equivalent) are preferred.
- A relevant degree or other thirdlevel qualification.
Additional Information :
At MUFG Investor Services we are exceptionally proud of our approach to Hybrid Working. It enables the flexibility to thrive from wherever our employees work and stay connected to their team and our culture. When we make Hybrid Working plans we get to know the individual and pride ourselves in underpinning all our decisions with fairness and consistency.
MUFG Investor Services provides all of its employees with an extremely attractive compensation addition to base salary there is a group medical insurance scheme group pension scheme reimbursement of professional subscriptions paid holidays and assistance towards gym memberships.
We thank all candidates for applying; however only those proceeding to the interview stage will be contacted. If you are contacted for a job opportunity please advise us of any accommodations needed to ensure fair and equitable access throughout the recruitment and selection process. All accommodation information provided will be treated as confidential and used only to provide an accessible candidate experience.
MUFG is an equal opportunity employer.
Remote Work :
No
Employment Type :
Full-time
View more
View less