Cybersecurity Control Testing Lead, VP

## Cybersecurity Control Testing Lead, VPApplylocations:
Jersey City, NJtime type:
Full time posted on:
Posted Yesterday job requisition :
-WD
** Do you want your voice heard and your actions to count?
** Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

The selected colleague will work at an MUFG office or client sites four days per week and work remotely one day. A member of our recruitment team will provide more details.

The Control Testing Lead will be responsible for leading a team that plans, executes, documents, and reports results for technology control testing across cloud and on-premises environments. This role will manage direct reports, establish testing priorities, oversee quality of execution, and drive consistent control testing practices across technical domains. The role requires strong knowledge of cybersecurity, cloud security, technical controls, infrastructure control design, software development lifecycle practices, and risk-based assurance methodologies.

This position will serve as a team leader within a broader Cybersecurity GRC control assurance operating model, accountable for directing testing activities, developing team capability, influencing control quality, and providing insight to engineering, security architecture, application, infrastructure, audit, risk, and compliance stakeholders. The role will work extensively with Cybersecurity GRC to align testing priorities, evidence standards, issue rationale, reporting expectations, and remediation themes while helping ensure that controls are appropriately designed, operating effectively, supported by reliable evidence, and aligned to regulatory, internal policy, and industry framework requirements.#

Key Responsibilities
* Lead and manage a team responsible for control testing activities across cloud, hybrid, and on-premises environments, with emphasis on cloud services, infrastructure, identity, access, configuration, logging, monitoring, vulnerability management, and change management controls.
* Set testing strategy, define annual and quarterly priorities, oversee risk-based test plans, and ensure test scripts, walkthrough procedures, evidence requests, sampling approaches, and testing documentation are consistent and defensible.
* Manage direct reports by setting goals, assigning work, reviewing deliverables, providing coaching, supporting career development, and maintaining accountability for quality, timeliness, and risk-based judgment.
* Assess control design and operating effectiveness by reviewing system configurations, architecture patterns, policies, procedures, tickets, logs, screenshots, reports, and other supporting evidence.
* Drive continuous, automated control monitoring and assurance to reduce manual, point-in-time validation
* Evaluate technical controls across cloud platforms, including identity and access management, network segmentation, encryption, key management, logging, monitoring, workload protection, vulnerability remediation, backup and recovery, and secure configuration baselines.
* Evaluate on-premises technical controls across servers, databases, network devices, endpoints, applications, data centers, and supporting infrastructure.
* Review software development lifecycle and secure delivery controls, including secure design, threat modeling, code review, testing, deployment pipeline controls, release management, change approvals, segregation of duties, and production deployment governance.
*…