Apply on Employer Site

MUFG · 2 days ago

Cloud Security Solutions & Advisory, VP

Tempe, AZ

Full-time

Hybrid

Mid, Senior Level

$145K/yr - $185K/yr

6+ years exp

Mitsubishi UFJ Financial Group (MUFG) is one of the world’s leading financial groups, seeking a Vice President for their Cloud Security Solutions & Advisory team. This role involves defining security controls for applications, ensuring compliance with regulatory mandates, and bridging the gap between information security risk governance and security architecture.

Responsibilities

Define comprehensive, cloud-aware security controls for applications prior to architectural design, ensuring alignment with enterprise risk appetite and regulatory mandates

Develop control requirements that span IaaS, PaaS, and SaaS models across major cloud providers and hybrid environments

Identify risks in cloud resources and collaborate with technology teams, control partners, and business stakeholders

Ensure controls address data confidentiality, integrity, availability, and non-repudiation, with clear delineation of responsibilities between enterprise and application teams

Integrate regulatory and compliance requirements into control specifications

Perform risk assessments on applications across development and production environments, including code reviews

Review third-party application architectures and identify risk

Collaborate with development, DevOps and App Sec teams to understand application architectures and identify potential security risks

Create threat models for applications, review output from DAST and SAST reviews, penetration testing reports

Participate in security governance of SDLC, design reviews and secure coding standards (OWASP)

Utilize the MITRE ATT&CK framework to identify and mitigate threats effectively

Crosstrain other teams on threat modeling techniques and best practices

Analyze existing solution architectures to validate alignment with expected control baselines

Identify and challenge architectural patterns that may introduce risk or fail to meet evolving threat and compliance landscapes. Recommend compensating controls or alternative design strategies where necessary

Ensure all controls are traceable to business risks, regulatory requirements, and internal policies

Collaborate with compliance, legal, and audit teams to ensure control frameworks support regulatory examinations and internal audits

Act as a bridge between cybersecurity, cloud architecture, application development, and compliance teams

Lead control design workshops and cloud risk assessments during early stages of the SDLC and cloud migration initiatives

Stay current on emerging cloud threats, misconfiguration risks, and evolving regulatory expectations in the financial sector

Participate in cloud security communities and working groups to benchmark and improve internal practices

Monitor emerging security threats and vulnerabilities specific to application security

Qualification

Cloud information securityRisk managementSecure Software Development LifecycleApplication securityProfessional certificationsSASTDASTThreat modelingAnalytical skillsOrganizational skillsCommunication skillsCollaboration skills

Required

At least 6 to 8+ years' experience in a combination of risk management, Cloud information security, secure coding, application security, and IT roles. Audit and Cyber Risk Institute framework prior experience a plus

Expert in security configuration with a focus on executing information security risk assessment/testing methodologies, Secure Software Development Lifecycle, evaluating the adequacy and efficiency of internal controls; and identifying issues resulting from internal and/or external compliance examinations especially in cloud environments

Experience with process documentation and designing/executing control test scripts

Working knowledge of application security principles, secure SDLC practices and common vulnerabilities impacting applications

Experience with tools such as SAST, DAST and threat modeling

Experience assessing modern application architectures, including API's, microservices, containers and cloud-native apps

Ability to interpret vulnerability scans, penetration test results, SAST and DAST reports and translate findings into risks the business understands

Understanding of the regulatory environment and regulations related to technology risk, and Office of the Comptroller of the Currency (OCC) and Federal Reserve Board (FRB) expectations

Professional certifications in major cloud providers for security such as AWS Certified Security – Specialty, Microsoft Certified: Cybersecurity Architect Expert or Azure Security Engineer Associate and other related certificates such as Certified Information System Auditor (CISA), Certified Information Systems Manager (CISM), Certified Information Systems Security Professional (CISSP)

Ability to constructively work both independently and in collaborative environments involving all levels of management and employees

Ability to manage multiple priorities concurrently, prioritize, and efficiently complete responsibilities while maintaining the highest quality

Excellent analytical, organizational, and conceptual skills

Excellent oral and written communication skills

Bachelor's degree in Information Security or a closely related discipline, or equivalent related experience