Information Security Officer - Vice President

MUFG Securities EMEA plc
09 Aug 2017
15 Aug 2017
Contract Type

Mitsubishi UFJ Financial Group (MUFG) is one of the world's leading financial groups. Headquartered in Tokyo and with approximately 350 years of history, MUFG has a global network with 1,100 offices in over 40 countries. The Group has over 140,000 employees, offering services including corporate banking, commercial banking, retail banking, wealth management, investment banking, capital markets, personal and corporate trust, and transaction banking.

The Group's operating companies include Bank of Tokyo-Mitsubishi UFJ, Mitsubishi UFJ Trust and Banking Corporation (Japan's leading trust bank), and Mitsubishi UFJ Securities Holdings Co., Ltd., one of Japan's largest securities firms.

MUFG conducts securities business internationally through its overseas subsidiaries MUFG Securities EMEA plc, MUFG Securities Americas Inc., MUFG Securities Asia Limited. and MUFG Securities Asia (Singapore) Limited. With each member of the group working in partnership with one another, MUFG provides best in class service and products to corporate and institutional clients.

MUFG Securities EMEA plc is the European hub of MUFG's securities business. Headquartered in London we have just over 600 employees and are active throughout the international capital markets, focusing on debt, equity, derivatives and structured products. Due to the diverse nature of our business we require a clear unifying vision for all of our people. It is this vision and our corporate values that reflect who we are and guide how we behave. We therefore strive to recruit individuals who share our vision and values, and who have the motivation and commitment to help us move our business forward.

Main purpose of the role:
To ensure effective management and control of information risk for MUSI liaising with the information security functions within the MUS international business and MUFG group as necessary to ensure a consistent approach is adopted across the organisation.

Develop, implement and manage appropriate policies, standards and procedures to protect the organisation's physical and electronic information assets across the user base.
Key responsibilities:
Ensure alignment of MUSI's information risk controls with ISO27002 Information Security Standard covering but not limited to:
• Information Security Policies & Standards
• Ensure MUSI operates under comprehensive and relevant policies and standards with appropriate staff awareness, compliance monitoring and reporting.
• Operational Risk management
• Manage MUSI's information security risk profile and associated operational risk reporting.
• Audit & Regulatory liaison
• Coordinate internal and external audit activities for information security across MUSI and ensure consistent and timely answers to information requests.
• Ensure any issues and remedial actions resulting from information security incidents and audits are agreed with appropriate timescales for resolution. Track and report progress to Operational Risk and Operations Control Committee.
• Conduct information security reviews for existing and new, inhouse and 3rd party systems to ensure these are consistent with policy requirements and MUSI's risk appetite.
• Ensure adequate technical safeguards are in place to provide appropriate protection to MUSI's information assets across the following environments:
o Windows
o Databases (Oracle, SQL, Sybase)
o Networks
o Voice
o Market data
o Internet
o Remote access

• Be seen as the Information Security centre of excellence for MUSI and ensure MUSI adopt an appropriate and professional response on any information security issues raised by the organisation's business activities

Main tasks:
• Liaise with IT teams to ensure information security alerts, threats and vulnerabilities across the IT estate are highlighted, managed and mitigated within appropriate timescales
• Review and revise MUSI's Information Security policies and standards on an annual basis
• Monitor and proactively manage:
o Intrusion Detection Systems
o Vulnerability Management Systems
o Web monitoring systems
• Review and approve all access requests across MUSI systems to ensure access is consistent with the user's role and there is appropriate segregation of duties.
• Ensure that access reviews across applications and devices are conducted regularly, including remote access
• Liaise with Technology and Business teams as necessary to ensure all MUSI systems meet MUSI security standards and/or agree appropriate measures to mitigate the risk where they don't.
• Maintain an up to date, working knowledge of current laws, regulations and best practices relating to information security.
• Manage the performance and development of Information Security team members.
• Arrange and oversee the annual penetration test
• Act as the primary escalation point for all Information Security incidents.
• Carry out the duties of the SWIFT Security Officer for the configuration of the SWIFT system and permissioning of user access rights.
• Provide information security awareness training to MUSI staff as necessary.

Skills and experience:
• Certified Information Systems Security Professional or equivalent
• Excellent written and verbal communication with the ability to provide clear and succinct reports
• Strong background in information security requirements in investment banking and associated IT systems environments
• Good Microsoft Excel skills in manipulating and validating data and chart production
• Experience of information security systems eg Sourcefire/Cisco IDS, Clearswift, RSA Security Analytics, RSA MyAccesLIve

Personal requirements:
• Structured and logical approach
• Attention to detail
• Self- motivated
• Ability to work accurately under demanding timescales