Job Description
Company Description
MUFG Investor Services is a trusted partner to many of the world’s largest public and private funds, providing asset servicing and operational solutions built for alternatives. With over $1 trillion in client assets under administration, we offer fund administration, banking, payments, fund financing, foreign exchange overlay, corporate and regulatory services, custody, business consulting, and more. Operating from 17 locations worldwide, we help clients mitigate risk, enhance efficiency, and navigate the operational complexities of today’s investment management landscape. As a division of Mitsubishi UFJ Financial Group (MUFG), one of the world’s largest financial institutions with approximately $3 trillion in assets, we combine deep expertise with the strength and stability of a leading financial institution. To learn more, visit us at www.mufg-investorservices.com.
#LI-Hybrid
Job Description
This role is a critical hire in delivering the Information Security strategy, where technology and data sit at the core of our service to clients and their investors.
The successful candidate will work closely with senior stakeholders and partners across the Investor Services business. Reporting to the Head of Information Security – Governance, Risk & Compliance, the role will support the Chief Information Security Officer in further strengthening the organisation’s security posture and ensuring that information security is recognised and leveraged as a business enabler.
As an Information Security, Governance, Risk & Compliance (GRC) Analyst, you will play a key role in strengthening the governance, risk and compliance components of the organisation’s Information Security programme. You will help ensure that the company’s information systems, networks and data remain secure and compliant with applicable regulations, standards and internal policies. The role involves collaboration with teams across the organisation to identify and mitigate risks, support control effectiveness, and maintain robust security practices throughout all business processes.
Typical responsibilities may include:
- Implementing and executing governance and compliance processes, ensuring effective oversight and reporting on key controls and risk management measures.
- Supporting third‑party vendor onboarding by reviewing and negotiating Information Security terms in contracts.
- Conducting onboarding assessments and ongoing monitoring of third parties, ensuring continuous risk oversight and prioritising follow‑up and remediation based on risk levels.
- Enhancing Third‑Party monitoring capabilities by developing methodologies for proactive ongoing oversight, including triggers for refreshed evidence or assessments.
- Besides Third-Parties, conduct comprehensive end‑to‑end Information Security risk assessments to identify, assess and measure risks across systems, applications, facilities, technical environments and projects.
- Reviewing new applications, technologies and services, providing clear guidance to business stakeholders on associated Information Security risks.
- Providing guidance to remediation owners in developing and executing effective risk treatment plans, ensuring adherence and follow‑through.
- Preparing clear, concise risk assessment reports that facilitate informed management decision‑making regarding risk reduction, acceptance, avoidance or transfer.
- Contributing to Information Security training and awareness initiatives, providing input on topics and materials to help educate employees on security risks and best practices.
- Maintaining and continuously improve the Information Security Management System (ISMS), ensuring that policies, systems and processes comply with applicable regulations, standards and internal requirements.
- Collecting, analysing and enhancing metrics related to the performance and effectiveness of Information Security controls.
- Providing input to board and committee reports, governance forums, policies, procedures and other ad‑hoc materials as required.
- Responding to client and regulatory information requests (e.g., RFPs, DDQs, audits), ensuring repositories of standard responses and source material remain current and accurate.
#LI-Hybrid
Qualifications
You Have:
- Experience in identifying and assessing information security risks, with the ability to translate technical security risk into clear business risk language.
- Experience performing information security risk assessments or working in a related information security, audit or risk function.
- Strong analytical, research and problem‑solving skills, with a structured and methodical approach to identifying gaps and assessing controls.
- Experience preparing or delivering materials for senior management, including reports, presentations and briefings.
- Experience working with legal, procurement or vendor management teams on the information security aspects of third‑party risk management.
- Experience or involvement in SOC 2 readiness or attestation activities.
- Familiarity with the ISO 27000 family of standards and risk frameworks such as NIST 800‑53 and ISO 31000.
- A willingness and curiosity to continuously learn and stay current with developments in Information Security.
- Relevant industry certifications such as CISSP, CISA, CISM, CRISC (or equivalent) are preferred.
- A relevant degree or other third‑level qualification.
Additional Information
At MUFG Investor Services, we are exceptionally proud of our approach to Hybrid Working. It enables the flexibility to thrive from wherever our employees work and, stay connected to their team and our culture. When we make Hybrid Working plans, we get to know the individual and pride ourselves in underpinning all our decisions with fairness and consistency.
MUFG Investor Services provides all of its employees with an extremely attractive compensation package. In addition to base salary, there is a group medical insurance scheme, group pension scheme, reimbursement of professional subscriptions, paid holidays and assistance towards gym memberships.
We thank all candidates for applying; however, only those proceeding to the interview stage will be contacted. If you are contacted for a job opportunity, please advise us of any accommodations needed to ensure fair and equitable access throughout the recruitment and selection process. All accommodation information provided will be treated as confidential and used only to provide an accessible candidate experience.
MUFG is an equal opportunity employer.
