Vice President, Secure By Design SME at MUFG

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

MUFG  (Mitsubishi  UFJ  Financial  Group)  is  one  of  the  world's  leading  financial  groups.  Headquartered  in Tokyo and with approximately 350 years of history, MUFG is a global network with around 2,300 offices in over 50 countries including the Americas, Europe, the Middle East and Africa, Asia and Oceania, and East Asia. The  group  has  over  150,000  employees,  offering  services  including  commercial  banking,  trust banking, securities, credit cards, consumer finance, asset management, and leasing.

As one of the top financial groups globally with a vision to be the world's most trusted, we want to attract, nurture  and  retain  the  most  talented  individuals  in  the  market.  The  size  and  range  of  MUFG's  global business  creates  opportunities  for  our  employees  to  stretch  themselves  and  reap  the  rewards,  whilst  our common values, to behave with integrity and responsibility, and to build a culture which is fair, transparent, and  honest,  underpin  everything  that  we  do.  We  aim  to  be  the  financial  partner  of  choice  for  our  clients, whatever  their  requirements,  building  long-term  relationships,  serving  society,  and  fostering  shared  and sustainable growth for a better world.

Please visit our website for more information - mufgemea.com.

IT Risk, Security & Control department covers cyber security strategy maintenance and tactical planning and operations to provide IT Security protection, governance, risk management and reporting. This includes promoting the global Information Security Standards and Procedures (ISSP) requirements and local security requirements.

The department deploys, supports and monitors security solutions such as virus protection, vulnerability management, complianfce monitoring and threat/incident management activities to reduce risk.
 

MAIN PURPOSE OF THE ROLE 

• To lead a team of Governance Risk and Control SMEs responsible for carrying out IT Security Assessments (Secure-by-Design) on technology projects.
• To ensure that all projects comply with IT security policies and requirements.

KEY RESPONSIBILITIES

In this role, you will be responsible for managing the secure-by-design team activities across MUFG’s banking arm and securities business under a dual-hat arrangement. Under this arrangement, you will act and make decisions on behalf of both the bank and the securities business, subject to the same remit and level of authority, and irrespective of the entity which employs you.  The responsibilities include, but not limited to:

• Delivering on the secure-by-design process to help ensure that all relevant TEC projects undergo security review prior to implementation.
• Managing the team of GRC SMEs delivering on the Secure-by-Design activities: Outlining relevant KPIs and measuring the team against the KPIs
• Interviewing business and technology stakeholders responsible for controls (technical and non-technical)
• Reviewing the team’s reports and conclusions and ensuring suitability of the relevant evidence required to demonstrate the operating effectiveness
• Developing a testing strategy for testing operating effectiveness of controls
• Arriving at informed conclusions regarding gaps in control operating effectiveness
• Documentation of risks, gaps, findings and recommended actions
• Managing your and the team’s time to ensure testing is completed in a timely manner

WORK EXPERIENCE

Essential

• Experience in managing multiple tasks with broad scope, ambiguity, and high degree of difficulty
• Experience in providing assurance for cybersecurity technologies, policies, standards and procedures
• Demonstrable proficiency in a wide range of information IT security domains such as Security Governance, Identity and Access Management, Access Controls, Threat Intelligence, Asset Management, Risk Management, Security Assessment/Testing, Security Incident Management and Vulnerability and Patch Management
• Understand global IT risk management structure
• Demonstrable experience of senior stakeholder management and relevant management reporting.
• Ability to coach team members through knowledge transfer and constructive feedback

SKILLS AND EXPERIENCE

Functional / Technical Competencies

Essential:

• Good understanding of cybersecurity/IT control frameworks including but not limited to frameworks from SOX, FFIEC, ISO27001, NIST, Cloud Security Alliance, and PCI-DSS
• Good managerial skills
• Experience of working as an IT auditor, security auditor or governance, risk and compliance analyst
• Proven understanding of current best practice approach to security assurance and the application of security frameworks
• Planning and prioritizing multiple project work streams in response to rapidly developing and changing portfolios.
• Broad knowledge of computer, networking and IT security systems including operating systems, databases, firewalls, SIEM, DLP etc.
• Good presentation, documentation and reporting skills

Preferred:

• Experience in project management
• Experience in providing assurance for cybersecurity technologies, policies, standards and procedures
• Ability to maintain a working knowledge of cybersecurity principles and elements
• Understand global IT risk management structure
• Demonstrable experience of senior stakeholder management and relevant management reporting.

Education / Qualifications:

Essential

• Degree educated and / or equivalent experience.

Preferred:

• Relevant certifications (e.g. CISA, CRISC, CISM, CISSP….)

PERSONAL REQUIREMENTS

• Personal alignment to MUFG Values
  • Integrity & Responsibility
  • Professionalism & Teamwork
  • Challenge ourselves to grow
• Personal alignment to EMEA Cultural Principles
  • Client Centric
  • People Focused
  • Listen Up, Speak Up
  • Innovate & Simplify
  • Own & Execute

In addition: 

• Excellent communication skills
• Results driven, with a strong sense of accountability
• A proactive, motivated approach.
• The ability to operate with urgency and prioritize work accordingly
• Strong decision making skills, the ability to demonstrate sound judgement
• A structured and logical approach to work
• Strong problem solving skills
• A creative and innovative approach to work
• Excellent interpersonal skills
• The ability to manage large workloads and tight deadlines
• Excellent attention to detail and accuracy
• A calm approach, with the ability to perform well in a pressurized environment
• Strong numerical skills
• Excellent Microsoft Office skills
• A confident approach, with the ability to provide clear direction to your team
• Excellent managerial/leadership experience
• The ability to lead a high performing team
• A strategic approach, with the ability to lead and motivate your team

We are open to considering flexible working requests in line with organisational requirements.

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.

We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.