Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), the 5th largest financial group in the world (as ranked by S&P Global, April 2018). In the Americas, we’re 14,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, developing positive relationships built on integrity and respect. It’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. We’re a team that accepts responsibility for the future by asking the tough questions and owning the solutions. Join MUFG and be empowered to make your voice heard and your actions count.

Job Summary:

The Cyber Security Incident Response Team (CSIRT) Director provides direction and guidance to the CSIRT and oversees the security incident response program related process development and improvement activities including programmed security breach simulation exercises (War Games). The CSIRT Director will oversee tactical and strategic tasks associated with incident response, forensic investigations, malware analysis, simulation exercises and Cyber War Gaming.

The CSIRT Director establishes and maintains relationships with IT, Legal, Compliance, Privacy, Human Resources, and other appropriate business units to ensure incident handling processes are reflective of existing bank policy, legal, risk management, and regulatory requirements. The candidate must be familiar with communication technologies and protocols.

The CSIRT Director will coordinate, process and collaborate with technology incident management, business continuity, crisis management, and corporate security teams to ensure process continuity in planned simulation exercises to demonstrate cyber resilience in the event of a cyber-attack or breach.

Major Responsibilities:

The candidate that fulfills this role will be expected to be a battle tested crisis management professional with demonstrable experience responding to and recovering from significant cyber security incidents in large, complex, and matrixed environments. They must have excellent intra-business relationship experience in addition to technical and forensic expertise. This role interacts with all levels of the organization, particularly within the IT organization and is viewed as a subject matter expert in mitigating risk around cyber security events.

Specifically, the position is responsible for:

  • Creating and driving the overall vision and strategy for the Global Incident Response Team.
  • Overseeing all CSIRT activities to include the daily management of cyber security events and incidents, execution of notification and escalation deliverables, investigation of cyber breaches, conduct host and network based forensic investigations, attract and retain talent, schedule work shifts, conduct capacity planning, and manage training for the team
  • Ensuring post-mortem discussions and provide a summary of lessons learned including filing self-identified issues (SII) and reporting status on remediation and corrective actions
  • Overseeing the security event simulation (War Gaming) program and conduct security event tabletop exercises at the global level, including exercises with the Executive Committee and the Board of Directors.
  • Developing and enhancing cross-organization relationships with front line operations teams, second line of defense risk managers and internal audit
  • Identifying and overseeing significant CSIRT projects, focused on enhancements to detection and incident response capabilities, and other improvements to core CSIRT workflow, process, reporting, and documentation
  • Continuing to build a global program by identifying gaps in capability and providing continuous feedback to improve overall incident management
  • Creating a constant learning environment by driving improvements in our overall security posture within the business by leveraging root cause analysis identified from security incidents
  • Ensuring our incident response process provides the framework to resolve incidents in as fast as possible with a focus on speed to recovery.
  • Driving high levels of internal/external customer satisfaction with a focus on reducing Cyber Security risk across the organization
  • Coordinating the incident response process with internal stakeholders to ensure a comprehensive, coordinated, and inclusive response to security incidents
  • Developing budgets and staffing plans for approval and manage these plans once approved
  • Ensure appropriate security metrics and measures are developed, collected, reviewed and acted upon on a continual basis, including preparing senior-level reports for executive management
  • Performing as the service owner for related technologies and services
  • Accountable for managing an effective team dedicated to fulfilling the organization’s mission through highly successful program implementation, team engagement, and continuous improvement; and creating a culture of transparency and communication throughout the organization


  • Bachelor’s degree in Computer Science or technology-related field (or equivalent work experience); Master’s Degree preferred
  • Security Certification: CISSP, CISM, or similar
  • Experience operating in regulated environment – Top 10 banking (Strongly preferred)
  • 10+ years’ experience in operations management or incident response.
  • 10+ years Security leadership experience
  • 5+ years managing, coordinating, and ensuring resolution of complex issues.
  • Experience responding to major cyber security incidents in highly regulated, matrixed environment
  • Experience creating trending, metrics, and management reports
  • Experience across the following technical concentrations:
    • Network-Based Security Controls (Firewall, IPS, WAF, MDS, Proxy, VPN)
    • Anomaly Detection and Investigation
    • Forensics
    • Operating Systems
  • Experience working with enterprise forensic tools, building forensic labs, architecting enterprise forensic infrastructures, creating sandbox environments, and conducting mobile forensics.
  • Experience working with tools like Encase, FTK, Wireshark, X-Ways Forensics, Paladin, SANS SIFT, CAINE, and Cellebrite.
  • Experience with best evidence practices, server-side forensics, and building resilient forensic storage infrastructures.
  • Well-developed analytic, qualitative, and quantitative reasoning skills
  • Demonstrated creative problem-solving abilities
  • Familiarity with key regulations and standards relating to security incident response (e.g., PCI-DSS, GDPR, ISO 27001, NIST)
  • Strong operational and services experience in a cloud services delivery environment
  • Must have strong verbal and written communication skills; ability to communicate effectively and clearly to both technical and non-technical staff
  • Excellent customer relations skills with experience working with teams across multiple time zones
  • Strong teamwork skills with the ability to build and grow relationships with incident response stakeholders
  • Excellent project management skills, including demonstrated ability to manage projects across teams where influencing skills are required
  • Flexibility, integrity, and creative problem-solving skills are a prerequisite to be successful in this role
  • Ability to generate solutions and innovative ideas to problems
  • Experience in conducting root cause analysis
  • Prior experience in a 24x7x365 operations environment

The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.

We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.

A conviction is not an absolute bar to employment. Factors such as the age of the offense, evidence of rehabilitation, seriousness of violation, and job relatedness are considered in all employment decisions. Additionally, it’s the bank’s policy to only inquire into a candidate’s criminal history after an offer has been made. Federal law prohibits banks from employing individuals who have been convicted of, or received a pretrial diversion for, certain offenses.

To Apply: https://www.jobg8.com/Traffic.aspx?aZd6%2f%2f3trp%2f3MpE0u8Qfegh