Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

Overall Purpose of Job:

Independent function to oversee the Branch governance, policies, procedures and controls in

relation to cybersecurity including both data and physical security in accordance with the rules

and regulations of KSA.

No of Direct Reports

None (o)

Essential Functions*:

 To be a subject matter expert in respect of the Saudi Arabian Monetary Authority

(SAMA) – Cyber Security Framework (currently Ver 1.0 – 2017)

 Implement All required outcomes from SAMA Cyber Security framework.

 To maintain the expertise in relation to SAMA Cyber Security Requirements and at all

times maintain this level of expertise.

 Developing and maintaining cyber security strategy, policy, architecture and risk

management process in order to apply cyber security controls throughout the branch.

 Ensuring that detailed security standards and procedures are established, approved and

implemented

 Delivering risk-based cyber security solutions that address facilities, people, process

and technology

 Developing the cyber security staff to deliver cyber security solutions in a business

context

 Monitoring of the Cyber Security activities (SOC Monitoring)

 Monitoring of compliance with Cyber Security regulations, policies, standards and

procedures

 Overseeing the investigation of Cyber Security incidents

 Gathering and Analyzing threat intelligence from internal and external sources

 Performing Cyber Security reviews

 Conducting cyber security risk assessments on the Members Organisations Information

Assets

 Proactively supporting other functions on cyber security, including

 Performing information and system classifications

 Determining cyber security requirements for important projects

 Performing cyber security reviews

 Defining and conducting the cyber security awareness programs

 Measuring and reporting the KRIs and KPIs on cyber security strategy, policy

compliance, standards, procedures and programmes.

 Monitoring the cyber security activities in the branch.

MUFG Bank, Ltd.

A member of MUFG, a global financial group

 Conducting cyber security risk assessments in the branch information assets

 Supporting other functions on cyber security related matters.

 Establish and Chair Riyadh Cybersecurity Committee.

 Be a representative in the MENA Cybersecurity committee.

 Ensure the periodical cyber security self-assessments are planned implemented and

reported to both Management and as required to SAMA

 Act as the subject matter expert for Cyber Security region for the MENA Region

 Development of strong working relationships with colleagues across the Middle East

Region and throughout EMEA. Act as culture carrier for the Bank.

 To ensure that the Branches Projects meet cyber security requirements

 Cyber Security should be integrated into the Branches Project Management

methodology to ensure that cyber security risks are identified and addressed as part of a

project and that objectives are included into all phases of the project

 Cyber security risks and issues must be identified within all projects

 Cyber Security Awareness to create a risk-aware culture where the branches staff, third

parties and customers which will protect the branches information assets

 Ensure cyber security training and ISSP training are conducted on a specified periodic

basis that ensures relevant up to date training is given to all relevant parties within

Riyadh Branch.

 Establish Cyber Security training records.

 Proactive management of vendor relationships including the management of any

appointed consultants.

 Create necessary strategies and policies in collaboration with the related parties under

the guidance of the Head of Riyadh Branch and/or senior management.

 Educate junior staff and improve their skills and working capabilities so that improve the

total staff standard.

 Support the Head of Riyadh Branch by taking lead and contributing to establish Riyadh

Branch as the best working place in MUFG

Education

 University degree or equivalent

 CISSP – Qualification or demonstration of working towards this qualification

Work Experience

Essential:

 Experience of working in the KSA Financial sector for a multi-national company within IT

or Security

 Experience of IT development and administration of KSA in-country systems such as

SARIE.

 Experience of security officer role of KSA in-country systems such as SARIE.

 Previous experience of ITSM (IT Service Management) and ITIL (Information

Technology Infrastructure Library) practice.

 Be sufficiently qualified to undertake the Head of Information Security role as per the

requirements of SAMA

 Being accepted by means of no objection by SAMA for this role.

Preferred:

 Experience of building cyber security governance, strategy, policy and procedures.

Functional/Technical Skills and Knowledge requirements

Essential:

 Competent understanding of enterprise IT systems and IT Security technologies

 Ability to produce reports, present confidently and deliver messages that inform and

influence

 Excellent project management skills

 Fluency in verbal and written Arabic and English

 Ability to create a branch governance, strategy, policy and procedures

 Ability to identify the gap between corporate cyber security policy, procedures and KSA

 Ability to run the cyber security risk management process

 KSA National

Preferred:

 Prince 2 or PMBOK – Project Management

Behavioural Competencies

 Teamwork and Professionalism

 Integrity and responsibility

 Challenge ourselves to grow

*As duties and responsibilities change, the job description will be reviewed and amended in consultation

with the job holder. The job holder will carry out any other duties as are within the scope, spirit and purpose

of the job as requested by the line manager or Head of Department/Division

We are open to considering flexible working requests in line with organisational requirements.

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.

We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.