Job Specifications
Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The Threat and Vulnerability Management Team Lead is responsible for defining, developing, and leading the strategic direction for safeguarding the organisation’s infrastructure and applications. This is achieved by proactively identifying, assessing, and remediating security vulnerabilities. The role sits within the Digital Engineering Services & Solutions (DES) department of the Technology Division.
The role is part of the Digital Engineering Services & Solutions (DES) department, which encompasses Infrastructure and Service Management across EMEA Bank, International Securities, and the 15+ countries in which these entities operate. The position is responsible for leading the Threat and Vulnerability Management function, including oversight of an outsourced offshore third-party service.
This function integrates secure practices into the development lifecycle and aligns with service transition processes to ensure compliance with internal controls and regulatory standards. It plays a critical role in governance, audit readiness, and the continuous improvement of MUFG’s security posture, while also serving as the central coordination point for all vulnerability-related activities across DES.
The successful candidate must demonstrate proven experience in leading teams and fostering a culture of technical excellence. They will be expected to establish best practices for risk identification and remediation planning, while also influencing stakeholders and delivering competitive advantage for global organisations by protecting against external threats and potential security vulnerabilities.
NUMBER OF DIRECT REPORTS
Circa 5
Key Responsibilities
Strategic Leadership & Vision
Lead the design, development, operation and management of the department’s Threat and Vulnerability Management (TVM) strategy and roadmaps, ensuring alignment with business requirements, services, strategic goals, and IT risk appetite.
Develop short, medium, and long-term strategic goals and objectives for DES TVM, including documenting the current environment and defining the future roadmap.
Define measurable, repeatable processes and reporting metrics, subject to continuous improvement.
Define the DES Threat and Vulnerability function’s Key Risk Indicators (KRIs) and govern accordingly. Produce regular KPI, MI, and risk management data for senior management.
Responsible for identifying cost-saving and optimisation opportunities within MUS EMEA and the wider MUFG group.
Operational Oversight & Technical Execution
Lead a team of Threat and Vulnerability Engineers to deliver best practice operations and strategic development, shaping the department’s security posture while adhering to MUFG policies and procedures.
Oversee the successful deployment of routine and out-of-band security patches across IT infrastructure.
Automate patch deployments and associated post-deployment check-outs.
Triage vulnerabilities into “Fix, Acknowledge, and Investigate” categories using industry-aligned risk rating methodologies.
Use ServiceNow Application Vulnerability Response (AVR) and Vulnerability Response (VR) modules to manage and report on vulnerabilities and violations across the estate, integrating with dashboards and workflows for visibility and accountability.
Risk Management & Remediation
Work with other technology teams to provide in-depth analysis of vulnerabilities and impacts to key stakeholders.
Collaborate with application teams to ensure secure coding practices and timely remediation of vulnerabilities, aligned with criticality-based policy enforcement.
Prioritise weaknesses in IT infrastructure and applications using manual and automated methods, including results from Static Application Testing (SAST) and Software Composition Analysis (SCA) tooling (in conjunction with the Service Transition team).
Influence stakeholders to prioritise and drive remediation of process and technology gaps
Work with Cyber Security, Application Teams, and IT Risk to ensure controls are met and vulnerabilities are addressed across infrastructure and applications.
Engage and support Cyber Security for remediation of penetration test findings.
E
About the Company
MUFG (Mitsubishi UFJ Financial Group) is one of the world's leading financial groups. Headquartered in Tokyo and with over 360 years of history, MUFG has a global network with over 2,100 locations in more than 40 markets including the Americas, Europe, the Middle East and Africa, Asia and Oceania. The Group has over 120,000 employees and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. Through close partnerships among our group companies, ...
Know more