Cyber Security Incident Response (CSIRT) Director - Remote

Your potential. Your opportunity.

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world. Across the globe, we're 180,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world's most trusted financial group, it's part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

This is a remote position. A member of our recruitment team will discuss location preferences with you in more detail.

This role can be remote in any of these States: Arizona Texas , North Carolina, Washington, Oregon, California, Illinois, Kentucky, Georgia, New York, Connecticut, Massachusetts, New Jersey, District of Columbia, Utah, Nebraska, Minnesota, Missouri. Arkansas, Indiana, Ohio, Tennessee, Alabama, Florida, South Carolina, Virginia.

Job Summary:

In this role you will be responsible for monitoring, identifying, and remediating potential and actual information and cybersecurity threats to safeguard information system assets and data; leading the end-to-end access management lifecycle; and driving adoption of best practices.

Major Responsibilities

The candidate that fulfills this role will be expected to be a battle tested crisis management professional with demonstrable experience responding to and recovering from significant cyber security incidents in large, complex, and matrixed environments. They must have excellent intra-business relationship experience in addition to technical and forensic expertise. This role interacts with all levels of the organization, particularly within the IT organization and is viewed as a subject matter expert in mitigating risk around cyber security events.

Specifically, the position is responsible for:

• The Cyber Security Incident Response Team (CSIRT) Director provides direction and guidance to the CSIRT and oversees the security incident response program, related process development and improvement activities; including programmed security breach simulation exercises (War Games), tabletop exercises at the global level with the Executive Committee and the Board of Directors.
• Create and drive the overall vision and strategy for the Global Incident Response Team.
• Oversee all CSIRT activities to include the daily management of cyber security events and incidents, execution of notification and escalation of deliverables, investigation of cyber breaches, conduct host and network based forensic investigations, attract and retain talent, schedule work shifts, conduct capacity planning, and manage training for the team
• Ensure post-mortem discussions and provide a summary of lessons learned including filing self-identified issues (SII) and reporting status on remediation and corrective actions
• Oversee tactical and strategic tasks associated with incident response, forensic investigations, malware analysis, simulation exercises and Cyber War Gaming.
• Establish and maintain relationships with IT, Legal, Compliance, Privacy, Human Resources, and other appropriate business units to ensure incident handling processes are reflective of existing bank policy, legal, risk management, and regulatory requirements. The candidate must be familiar with communication technologies and protocols.
• Coordinate, process and collaborate with technology incident management, business continuity, crisis management, and corporate security teams to ensure process continuity in planned simulation exercises to demonstrate cyber resilience in the event of a cyber-attack or breach.
• Identify and oversee significant CSIRT projects, focused on enhancements to detection and incident response capabilities, and other improvements to core CSIRT workflow, process, reporting, and documentation
• Continue to build a global program by identifying gaps in capability and providing continuous feedback to improve overall incident management
• Create a constant learning environment by driving improvements in our overall security posture within the business by leveraging root cause analysis identified from security incidents
• Ensure our incident response process provides the framework to resolve incidents expeditiously with a focus on speed to recovery.
• Drive high levels of internal/external customer satisfaction with a focus on reducing Cyber Security risk across the organization
• Develop budgets and staffing plans for approval and manage these plans once approved
• Ensure appropriate security metrics and measures are developed, collected, reviewed and acted upon on a continual basis, including preparing senior-level reports for executive management
• Perform as the service owner for related technologies and services
• Accountable for managing an effective team dedicated to fulfilling the organization's mission through highly successful program implementation, team engagement, and continuous improvement; and creating a culture of transparency and communication throughout the organization

Qualifications

• Bachelor's degree in Computer Science or technology-related field (or equivalent work experience); Master's Degree preferred
• Security Certification: CISSP, CISM, or similar

• 10+ years of direct work experience including a senior management role
• Preferred experience: previous work in financial services
• Experience responding to major cyber security incidents in highly regulated, matrixed environment
• Experience creating trending, metrics, and management reports
• Experience across the following technical concentrations:
  • Network-Based Security Controls (Firewall, IPS, WAF, MDS, Proxy, VPN)
  • Anomaly Detection and Investigation
  • Forensics
  • Operating Systems
• Experience working with enterprise forensic tools, building forensic labs, architecting enterprise forensic infrastructures, creating sandbox environments, and conducting mobile forensics.
• Experience working with tools like Encase, FTK, Wireshark, X-Ways Forensics, Paladin, SANS SIFT, CAINE, and Cellebrite.
• Experience with best evidence practices, server-side forensics, and building resilient forensic storage infrastructures.
• Well-developed analytic, qualitative, and quantitative reasoning skills
• Demonstrated creative problem-solving abilities
• Familiarity with key regulations and standards relating to security incident response (e.g., PCI-DSS, GDPR, ISO 27001, NIST)
• Strong operational and services experience in a cloud services delivery environment
• Must have strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff
• Excellent customer relations skills with experience working with teams across multiple time zones
• Strong teamwork skills with the ability to build and grow relationships with incident response stakeholders
• Excellent project management skills, including demonstrated ability to manage projects across teams where influencing skills are required
• Flexibility, integrity, and creative problem-solving skills are a prerequisite to be successful in this role
• Ability to generate solutions and innovative ideas to problems
• Experience in conducting root cause analysis
• Prior experience in a 24x7x365 operations environment
• Experience in all aspects of information security including auditing, systems development, and/or computer programming

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities duties and skills required of personnel so classified.

We are proud to be an Equal Opportunity/Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate on the basis of race, color, national origin, religion, gender expression, gender identity, sex, age, ancestry, marital status, protected veteran and military status, disability, medical condition, sexual orientation, genetic information, or any other status of an individual or that individual's associates or relatives that is protected under applicable federal, state, or local law.

#LI-Remote