Cyber / Information Security - AVP (Cyber security And Audit)

About the Role:Position Title: AVP - Cyber SecurityLocation: Bengaluru Job ProfilePosition details:To support Vulnerability Management activities and Policy Compliance activities by providing guidance to technology owners on remedial actions.Reduce the vulnerability footprint by working with the technology owner or product owner.Provide comprehensive solutions to complex problems, lead major initiatives in risk reduction surrounding vulnerabilities.Ensure that processes are documented in accordance with MUFG requirements and standards,Influence the strategic direction on risk reduction that impact the organization by prioritizing remediation activities.To ensure effective management and control of information security, IT and information risk for MUSI by ensuring all appropriate Security, IT and common sense controls are in place, that these controls are being followed and that this is evidenced across the whole business and IT department.The role will involve liaising with the other information security functions within the MUS international business and MUFG group to ensure a consistent approach to all controls, standards and policies is adopted across the organization.To ensure all necessary Information Security controls are in place and that an appropriate strategy to protect the firm from related Cyber, external and internal threats is defined and being implemented.To develop, implement and manage compliance with appropriate IS and IT Security policies, standards and procedures.To support the relationship and associated reporting requirements between Technology and internal and external bodies e.g. auditors, management committees, Tokyo head office, regulators (via Compliance), Operational Risk.Roles and Responsibilities:In this role, you will be responsible for Information Security across MUFGs banking arm and securities business under a dual-hat arrangement. Under this arrangement, you will act and make decisions on behalf of both the bank and the securities business, subject to the same remit and level of authority, and irrespective of the entity which employs you.Develop and manage processes for assessing disclosedvulnerabilities, threat scenarios, and mitigating controls.Develop and manage processes for maintaining governance surrounding policy compliance (CIS benchmarks or other asset hardening frameworks or standards).Evaluate the threats that vulnerabilities present to drive prioritization of remediation actions.Assist in process development that includes reviewing and validating vulnerabilities using available data sources, tools as analysts assess and risk rate vulnerabilities.Monitor and report on the security posture of MUFGs digital presence, i.e. MUFG web sites.Liaise with Technology and Business teams as necessary to ensure all MUSI systems meet MUSI security standards and/or agree appropriate measures to mitigate the risk where they dont.Collaborate with stakeholders across the enterprise on appropriate remediation & mitigation solutions.Support Audit & Regulatory liaison and ensure consistent and timely answers to information requests.Support any issues and remedial actions resulting from information security incidents and audits are agreed with appropriate timescales for resolution.Support Operational Risk managementSupport MUSIs information security risk profile and associated operational risk reporting.Ensure adequate technical safeguards are in place and are being actively managed by the support teams to provide appropriate protection to MUSIs information assets across the following environments:Windows & Unix operating systemsDatabases (Oracle, SQL, Sybase)NetworksBe seen as the Information Security center of excellence for MUSI and ensure MUSI adopt an appropriate and professional response on any information security issues raised by the organization's business activitiesLiaise with IT teams to ensure information security alerts, threats and vulnerabilities across the IT estate are highlighted, managed and mitigated within appropriate timescalesMaintain an up to date, working knowledge of current laws, regulations and best practices relating to information security.Support the annual penetration testSupport Information Security incidents where requested.Support Operational Security duties where requested.Responsibility covers EMEA for Bank and EMEA for Securities technologyEssential:10-15 years experience as aVulnerability AnalystUnderstanding ofVulnerability Management principlesUnderstanding ofRisk Assessment MethodologiesKnowledge of industry standard scoring models such as CVSS (Common Vulnerability Scoring System) or CCSS (Common Configuration Scoring System)Knowledge of industry standard data models such as CPE (Collection Processing Engine) and data normalization toolsProcess oriented with keen attention to detailKnowledge of common vulnerabilities, attack vectors and mitigation techniquesAbility to proactively anticipate problems and execute solutions at a strategic levelWide knowledge of application and IT products, interoperability, and extensive knowledge of IT securityKnowledge of application development platformsKnowledge of vulnerability attack methods, exploit results, attack chainsAbility to think strategicallyActive involvement in internal and external audits and experience of managing Audit relationships.A bachelors degree in computer science, cybersecurity or a related fieldA relevant certification such asCompTIA Security+, CEH, CISSP or OSCPExcellent communication skillsResults driven, with a strong sense of accountabilityA proactive, motivated approach.The ability to operate with urgency and priorities work accordinglyStrong decision making skills, the ability to demonstrate sound judgementA structured and logical approach to workStrong problem solving skillsA creative and innovative approach to workExcellent interpersonal skillsThe ability to manage large workloads and tight deadlinesExcellent attention to detail and accuracyA calm approach, with the ability to perform well in a pressurized environmentDesired but not necessary:Qualys Cloud Portal experienceExperience with project management framework and tools (Prince2)Can assist with security projects during the transition phase from project to BAUExperience in cloud security, preferably with Azure / Oracle Cloud InfrastructureKnowledge of cloud security frameworks, tools and technologiesExperience with DLP (Data Loss Prevention) such policy creation and management, workflow and approval. ATS