Vice President, Threat and Vulnerability Management Team Lead
Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
The Threat and Vulnerability Management Team Lead is responsible for defining, developing, and leading the strategic direction for safeguarding the organisation’s infrastructure and applications. This is achieved by proactively identifying, assessing, and remediating security vulnerabilities. The role sits within the Digital Engineering Services & Solutions (DES) department of the Technology Division.
The role is part of the Digital Engineering Services & Solutions (DES) department, which encompasses Infrastructure and Service Management across EMEA Bank, International Securities, and the 15+ countries in which these entities operate. The position is responsible for leading the Threat and Vulnerability Management function, including oversight of an outsourced offshore third-party service.
This function integrates secure practices into the development lifecycle and aligns with service transition processes to ensure compliance with internal controls and regulatory standards. It plays a critical role in governance, audit readiness, and the continuous improvement of MUFG’s security posture, while also serving as the central coordination point for all vulnerability-related activities across DES.
The successful candidate must demonstrate proven experience in leading teams and fostering a culture of technical excellence. They will be expected to establish best practices for risk identification and remediation planning, while also influencing stakeholders and delivering competitive advantage for global organisations by protecting against external threats and potential security vulnerabilities.
NUMBER OF DIRECT REPORTS
Circa 5
KEY RESPONSIBILITIES
Strategic Leadership & Vision
- Lead the design, development, operation and management of the department’s Threat and Vulnerability Management (TVM) strategy and roadmaps, ensuring alignment with business requirements, services, strategic goals, and IT risk appetite.
- Develop short, medium, and long-term strategic goals and objectives for DES TVM, including documenting the current environment and defining the future roadmap.
- Define measurable, repeatable processes and reporting metrics, subject to continuous improvement.
- Define the DES Threat and Vulnerability function’s Key Risk Indicators (KRIs) and govern accordingly. Produce regular KPI, MI, and risk management data for senior management.
- Responsible for identifying cost-saving and optimisation opportunities within MUS EMEA and the wider MUFG group.
Operational Oversight & Technical Execution
- Lead a team of Threat and Vulnerability Engineers to deliver best practice operations and strategic development, shaping the department’s security posture while adhering to MUFG policies and procedures.
- Oversee the successful deployment of routine and out-of-band security patches across IT infrastructure.
- Automate patch deployments and associated post-deployment check-outs.
- Triage vulnerabilities into “Fix, Acknowledge, and Investigate” categories using industry-aligned risk rating methodologies.
- Use ServiceNow Application Vulnerability Response (AVR) and Vulnerability Response (VR) modules to manage and report on vulnerabilities and violations across the estate, integrating with dashboards and workflows for visibility and accountability.
Risk Management & Remediation
- Work with other technology teams to provide in-depth analysis of vulnerabilities and impacts to key stakeholders.
- Collaborate with application teams to ensure secure coding practices and timely remediation of vulnerabilities, aligned with criticality-based policy enforcement.
- Prioritise weaknesses in IT infrastructure and applications using manual and automated methods, including results from Static Application Testing (SAST) and Software Composition Analysis (SCA) tooling (in conjunction with the Service Transition team).
- Influence stakeholders to prioritise and drive remediation of process and technology gaps
- Work with Cyber Security, Application Teams, and IT Risk to ensure controls are met and vulnerabilities are addressed across infrastructure and applications.
- Engage and support Cyber Security for remediation of penetration test findings.
- Engage with Internal and External Auditors as the SME on all matters relating to VM.
Stakeholder Engagement & Culture
- Act as the primary Service Matter Expert and point of contact for the Threat and Vulnerability Management function within DES.
- Work closely with industry partners, vendors, and the wider technology ecosystem to leverage external expertise and best practices. Conduct market research to identify emerging risk and vulnerability trends.
- Build strong relationships across Bank and Securities functions (e.g. IT Risk & Control, Cyber Security, Operational Risk), underpinned by trust and MUFG’s core values.
- Lead by example in building relationships across the Bank, strengthening peer networks and collaboration.
- Promote MUFG’s values-led culture, fostering inclusivity and diversity.
- Champion staff cyber education and awareness to embed a proactive cyber-focused culture.
- Promote a dynamic, delivery-driven culture that works alongside Technology and Business units to provide responsive resolutions and value-driven solutions.
SKILLS AND EXPERIENCE
Leadership & Team Development
- Proven experience of directly managing a team of Threat and Vulnerability Engineers, including mentoring, developing, and guiding security professionals in a collaborative, high-performing environment.
- Strong strategic thinking and visionary skills with the ability to co-develop and drive the function’s technical vision, strategy, and roadmap aligned with business goals and risk appetite.
Technical Expertise & Security Operations
- Prior extensive experience working within infrastructure environments and cloud platforms (AWS, Azure, Oracle), with a high-level understanding of platforms, operating systems, and technologies.
- Proven capability in creating and executing comprehensive threat and vulnerability management programmes, including vulnerability scanning, penetration testing, and security awareness training.
- Proficiency in using vulnerability scanning tools (e.g. Tenable, Qualys, Rapid7, Veracode, JFrog Xray), threat intelligence platforms, and incident response tools.
- Prior experience implementing automated solutions for vulnerability scanning, threat detection, and incident response, with a focus on continuous process improvement.
Risk Management & Threat Intelligence
- Strong familiarity with security frameworks and standards (e.g. NIST, ISO 27001), and deep understanding of security concepts including vulnerability management, threat intelligence, incident response, and offensive security techniques.
- Experience in gathering and analysing threat intelligence to understand emerging threats, attack vectors, and threat actors. Maintains up-to-date knowledge of the latest security threats, vulnerabilities, and best practices.
- Strong analytical and problem-solving skills to analyse data, identify patterns and develop effective solutions to mitigate risk.
Communication & Stakeholder Engagement
- Proven ability to communicate effectively with senior management, providing governance and risk oversight.
- Excellent verbal and written communication skills to report findings and collaborate across cross-functional Technology and non-Technology teams.
- Ability to translate technical risks into business-relevant language for both technical and non-technical stakeholders, including executive leadership.
EDUCATION / QUALIFICATIONS/ TECHNICAL COMPETENCIES
Essential
- Recognised cybersecurity certification: CISSP and/or CISM
- Strong knowledge of:
- Ivanti LANDesk, Qualys, Splunk
- Windows Server/Desktop, RHEL/OEL Linux
- PowerShell and Python scripting
- Proven experience leading strategic security initiatives and process automation in large-scale environments
Desirable
- Additional certifications: CCSP
- Familiarity with:
- CyberArk PAM, ServiceNow SecOps Vulnerability Response / Application Vulnerability Response.
- VMWare, Nutanix, Java VM
- MSSQL, Oracle, MongoDB
- Red Hat Satellite, Active Directory, LDAP, Kerberos
- Confluence, JIRA
- GDPR and SOX compliance frameworks
PERSONAL REQUIREMENTS
- Excellent communication skills
- Ability to manage constructive conflict effectively
- Ability to build strong and lasting relationships across the bank
- Results driven, with a strong sense of accountability, focused on business outcomes
- Strong decision-making skills, the ability to demonstrate sound judgement
- A structured and logical approach to work
- A creative and innovative approach to work
- Excellent interpersonal skills
- The ability to manage large workloads and tight deadlines
- Excellent attention to detail and accuracy
- A calm approach, with the ability to perform well in a pressurised environment
- A confident approach, with the ability to provide clear direction to your team
- Ability to lead a high performing team
- A strategic approach, with the ability to lead and motivate your team
- Conscientious, methodical and logical approach to work
We are open to considering flexible working requests in line with organisational requirements.
MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.
We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.
Recommended Jobs
Communications Placement
Communications Placement We help the world run better At SAP, we keep it simple: you bring your best to us, and we'll bring out the best in you. We're builders touching over 20 industries and 8…
Investment Oversight Analyst
DescriptionA leading investment management firm is seeking an Investment Oversight Analyst to play a key role in the independent evaluation of internal and external funds across a broad range of publi…
Travel IT Manager London
We are seeking an experienced Travel IT Manager to join a luxury travel company based in London. The successful candidate should have worked previously within a technical role providing IT busin…
Commercial Insurance Account Handler
Commercial Insurance Account Handler – Amersham Base Salary 40 - 50k DOE Neg, Private Medical & Flex Benefits Our client is a leading National Broker who due to continued Growth are now look…
Senior Cheminformatics Research Scientist
Your work will change lives. Including your own. At Recursion, our mission is to transform drug discovery through a powerful synthesis of AI, automation, and deep scientific expertise. Cheminformatic…
Innovation and Strategy Consultant (IT)
At CGI, we empower clients to turn bold ideas into measurable business outcomes through innovation, data and AI strategy. As an Innovation Strategy Consultant, you?ll help leading organisations reimag…
Legal Project Management, (FTC)
Legal Project Management, (FTC) Location: London (hybrid) Contract type: 12 month Fixed Term Contract The Role You will develop and use your commercial acumen, technical expertise and un…
Technical Account Manager (Fluent in French or German)
Join the API Revolution at Gravitee - Where Innovation Meets Growth Since our beginnings in 2015, Gravitee has grown into a global force, recognised as a 2024 Gartner Magic Quadrant™ Leader for …
Corporate Tax Senior Manager, Creative Sector
Job Details Based in our London Corporate Tax team, the successful candidate will be responsible for leading a diverse client portfolio, encompassing the delivery of both corporate tax compliance …
Website Production Work Placement
As a Website Production Intern, you will work with editorial, technical, product and marketing teams to plan, update, and review website content. You will gain hands-on experience managing content us…