Job Description

About MUFG Global Service (MGS)MUFG Bank, Ltd. is Japans premier bank, with a global network spanning in more than 40 markets. Outside of Japan, the bank offers an extensive scope of commercial and investment banking products and services to businesses, governments, and individuals worldwide. MUFG Banks parent, Mitsubishi UFJ Financial Group, Inc. (MUFG) is one of the worlds leading financial groups. Headquartered in Tokyo and with over 360 years of history, the Group has about 120,000 employees and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing.The Group aims to be the worlds most trusted financial group through close collaboration among our operating companies and flexibly respond to all the financial needs of our customers, serving society, and fostering shared and sustainable growth for a better world. MUFGs shares trade on the Tokyo, Nagoya, and New York stock exchanges.For more informatAbout Us:MUFG Bank, Ltd. is Japans premier bank, with a global network spanning in more than 40 markets. Outside of Japan, the bank offers an extensive scope of commercial and investment banking products and services to businesses, governments, and individuals worldwide. MUFG Banks parent, Mitsubishi UFJ Financial Group, Inc. (MUFG) is one of the worlds leading financial groups. Headquartered in Tokyo and with over 360 years of history, the Group has about 120,000 employees and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. The Group aims to be the worlds most trusted financial group through close collaboration among our operating companies and flexibly respond to all the financial needs of our customers, serving society, and fostering shared and sustainable growth for a better world. MUFGs shares trade on the Tokyo, Nagoya, and New York stock exchanges.MUFG Global Service Private Limited:Established in 2020, MUFG Global Service Private Limited (MGS) is 100% subsidiary of MUFG having offices in Bengaluru and Mumbai. MGS India has been set up as a Global Capability Centre / Centre of Excellence to provide support services across various functions such as IT, KYC/ AML, Credit, Operations etc. to MUFG Bank offices globally. MGS India has plans to significantly ramp-up its growth over the next 18-24 months while servicing MUFGs global network across Americas, EMEA and Asia PacificPosition details: Service Now - Senior AnalystLocation: MUFG Bank, BCIT Campus, BangaloreKey Responsibility: * In this role, you will act under a dual-hat arrangement, supporting both MUFG's banking and securities arms, ensuring unified cyber hygiene across the EMEA region.

• Operate as a subject matter expert for ServiceNow SecOps VR and CC, including dashboard / report creation, workflow automation, and remediation tracking.
• Actively manage vulnerability data ingestion, deduplication, assignment rules, and SLA compliance using ServiceNow workflows.
• Liaise with ServiceNow developers and platform support teams to improve automation and integrations (e.g., CMDB, Qualys, external scanners).
• Provide user support and process guidance to technology owners and product teams using the IT Remediation Workspace.
• Translate vulnerability scan data and configuration compliance outputs into risk-relevant, prioritized remediation plans.
• Assist in defining remediation timelines, SLA rules, and exception handling in line with internal policies and audit expectations.
• Deliver reporting and dashboards for senior stakeholders, Risk, and Audit on vulnerability posture and compliance performance.
• Maintain documentation and runbooks for processes, standards, and platform workflows in line with MUFG control requirements.
• Support audit preparation, evidence gathering, and regulatory submissions related to vulnerability management.
• Participate in the Vulnerability Governance Forum, change review meetings, and compliance working groups.
• Develop and manage processes for assessing disclosed vulnerabilities, threat scenarios, and mitigating controls.
• Develop and manage processes for maintaining governance surrounding policy compliance (CIS benchmarks or other asset hardening frameworks or standards).
• Evaluate the threats that vulnerabilities present to drive prioritization of remediation actions.
• Assist in process development that includes reviewing and validating vulnerabilities using available data sources, tools as analysts assess and risk rate vulnerabilities.
• Monitor and report on the security posture of MUFGs digital presence, i.e. MUFG web sites.
• Liaise with Technology and Business teams as necessary to ensure all MUSI systems meet MUSI security standards and/or agree appropriate measures to mitigate the risk where they dont.
• Collaborate with stakeholders across the enterprise on appropriate remediation & mitigation solutions.
• Support Audit & Regulatory liaison and ensure consistent and timely answers to information requests.
• Support any issues and remedial actions resulting from information security incidents and audits are agreed with appropriate timescales for resolution.
• Support Operational Risk management
• Support MUSIs information security risk profile and associated operational risk reporting.
• Ensure adequate technical safeguards are in place and are being actively managed by the support teams to provide appropriate protection to MUSIs information assets across the following environments:

• Windows & Unix operating systems
• Databases (Oracle, SQL, Sybase)
• Networks
• Be seen as the Information Security centre of excellence for MUSI and ensure MUSI adopt an appropriate and professional response on any information security issues raised by the organisations business activities
• Liaise with IT teams to ensure information security alerts, threats and vulnerabilities across the IT estate are highlighted, managed and mitigated within appropriate timescales
• Maintain an up to date, working knowledge of current laws, regulations and best practices relating to information security.
• Support the annual penetration test
• Support Information Security incidents where requested.
• Support Operational Security duties where requested.
• Responsibility covers EMEA for Bank and EMEA for Securities technology

• Experience in a Vulnerability Management or Security Operations role, ideally in a financial services environment.
• Strong hands-on experience with ServiceNow Security Operations VR and CC modules.
• Familiarity with IT asset management (e.g., CMDB) and configuration standards (e.g., CIS Benchmarks, NIST 800-53).
• Strong data analysis skills to create reports and dashboards using Performance Analytics or similar ServiceNow capabilities.
• Understanding of risk-based vulnerability prioritization (e.g., CVSS scoring, threat intel overlays).
• Experience in developing or refining workflows, assignment rules, and SLA tracking in ServiceNow.
• Ability to collaborate with technical teams, including ServiceNow platform developers, infrastructure leads, and audit stakeholders.
• Process-driven mindset with an eye for automation and continuous improvement.
• Experience as a Vulnerability Analyst
• Understanding of Vulnerability Management principles
• Understanding of Risk Assessment Methodologies
• Knowledge of industry standard data models such as CPE (Collection Processing Engine) and data normalization tools
• Process oriented with keen attention to detail
• Knowledge of common vulnerabilities, attack vectors and mitigation techniques
• Ability to proactively anticipate problems and execute solutions at a strategic level
• Wide knowledge of application and IT products, interoperability, and extensive knowledge of IT security
• Knowledge of application development platforms
• Knowledge of vulnerability attack methods, exploit results, attack chains
• Ability to think strategically
• Active involvement in internal and external audits and experience of managing Audit relationships.
• A bachelors degree in computer science, cybersecurity or a related field
• A relevant certification such as CompTIA Security+, CEH, CISSP or OSCP

• Exposure to Qualys, Rapid7, or similar scanning tools (even though the focus is on ServiceNow).
• Understanding of vulnerability lifecycle management, exception processes, and remediation coordination.
• Experience in scripting (PowerShell, Python) or ServiceNow scripting / customisation.
• Certifications such as ServiceNow CSA, CIS-SecOps, CompTIA Security+, or CISSP.
• Familiarity with regulatory frameworks (e.g., ISO 27001, PCI DSS, SWIFT CSCF, SAMA) and audit processes.

MUFG