Vice President, Senior Security Engineer

MUFG • Full-time • London Ropemaker place, United Kingdom • 2d ago

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

MUFG (Mitsubishi UFJ Financial Group) is one of the world's leading financial groups. Headquartered in Tokyo and with approximately 350 years of history, MUFG is a global network with around 2,300 offices in over 50 countries including the Americas, Europe, the Middle East and Africa, Asia and Oceania, and East Asia. The group has over 150,000 employees, offering services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing.

As one of the top financial groups globally with a vision to be the world's most trusted, we want to attract, nurture and retain the most talented individuals in the market. The size and range of MUFG's global business creates opportunities for our employees to stretch themselves and reap the rewards, whilst our common values, to behave with integrity and responsibility, and to build a culture which is fair, transparent, and honest, underpin everything that we do. We aim to be the financial partner of choice for our clients, whatever their requirements, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

Please visit our website for more information - mufgemea.com.

Technology is responsible for the operation, development and support of all technology across all areas of the local and international business. We ensure the IT strategy, architecture solutions, and service delivery are firmly aligned to business requirements and long term strategy of the group.

Technology comprises the following functions:

Architecture and Development team - which is responsible for the provision of shared services including architecture, middleware, new systems development, quality assurance and release management.
Middle, Risk and Back Office Team - which is responsible for all the applications used by these areas including the main trading system, Murex.
Front Office Solutions - which provides a business-oriented focus to all technological developments that affect the trading floor.
Infrastructure team - which supports the operation of all production services, voice and data networks, other voice systems and desktop systems.
Programme Office and Purchasing - which is responsible for definition, prioritisation and delivery of the annual investment portfolio as well as procurement and software licence management.
IT Risk and Control - which is responsible for implementing and managing all technology related controls over IT and information risk and business continuity, supports the provision of disaster recovery solutions, performs risk assessments, and manages business recovery plans and the business recovery facility. Information Secuity is also the responsibility of this function.

MAIN PURPOSE OF THE ROLE

The Cyber Security Engineer is a versatile, technically capable role within MUFG’s Cyber Security Engineering function. The engineer will play a hands-on role in delivering, maintaining, and troubleshooting key cyber security technologies while supporting the implementation of new controls and improvements.

This position requires a well-rounded individual with strong foundational knowledge across Windows and Linux platforms, network infrastructure, and cyber security tooling. The successful candidate will work across a variety of use cases including platform engineering, incident response support, project delivery, and audit preparation. Familiarity with tools such as Varonis, vulnerability scanners (e.g., Qualys), SIEM, DLP, and PAM is highly desirable, as is experience with scripting or automation in PowerShell, Python, or Bash.

The engineer will act as a trusted technical contact across a range of systems and controls, often leading investigations into complex issues, supporting change deployments, and ensuring documentation and support materials are accurate and up to date. The role suits someone who enjoys solving problems, is comfortable with technical ambiguity, and is ready to tackle varied challenges across the cyber estate.

KEY RESPONSIBILITIES

You will act as a key point of contact for internal audit, IT risk, and security governance teams, ensuring alignment with regulatory frameworks (e.g., ISO 27001, SAMA, SWIFT CSCF) and internal security standards.

Core Responsibilities
- Provide technical support and lifecycle management of cyber security tools including Varonis, Qualys, SIEM, DLP, PAM, and endpoint protection platforms.
- Investigate, triage, and resolve platform-level incidents affecting security tools and controls.
- Support incident response teams by providing tooling insights, logs, and root cause analysis.
- Contribute to the successful implementation of new security solutions, including design input, testing, deployment, and documentation.
- Liaise with infrastructure, network, and server teams to troubleshoot issues related to control integration and coverage.
- Assist in running vulnerability scans, analysing results, and tracking remediation efforts.
- Automate routine tasks using scripting languages (e.g., PowerShell, Python, Bash) where applicable.
- Write and maintain accurate documentation including implementation procedures, runbooks, and technical standards.
- Participate in internal and external audit activities by gathering evidence, explaining configurations, and supporting reviews.
- Identify control gaps or inefficiencies and suggest engineering improvements.

Risk Identification and Mitigation
- Identify potential security risks posed by threat actors and gaps in existing deployments.
- Collaborate with internal teams and vendors to develop mitigation plans and track remediation progress through ServiceNow.
- Support MUSI’s information security risk profile and associated operational risk reporting.
Process Optimisation
- Continuously refine methodologies and workflows for improved efficiency and effectiveness.
Audit and Governance Support
- Support internal and external audits by ensuring activities are documented and accessible in central respositries.
- Align improvements and mitigation activities with organisational risk policies and governance frameworks.
General
- Be seen as the Information Security centre of excellence for MUSI and ensure MUSI adopt an appropriate and professional response on any information security issues raised by the organisation’s business activities
- Support Information Security incidents where requested.
- Support Operational Security duties where requested.
- Responsibility covers EMEA for Bank and EMEA for Securities technology
Key Deliverables
- Fully supported and documented security tooling across multiple domains.
- Timely and effective resolution of tooling and platform-related incidents.
- Implementation packages and handover documents for new control deployments.
- Accurate reporting of vulnerability status and policy compliance gaps.
- Automation scripts, dashboards, or integrations that reduce manual workload.
- Audit-ready documentation and evidence packs as required.

SKILLS AND EXPERIENCE

Education and Experience:
- Strong secondary-level education is required, ideally to A-level or equivalent standard, in a technical or analytical discipline.
- A university degree is not essential, though a qualification in Cyber Security, Information Technology, Risk Management, or a related field would be considered advantageous.
- 5+ years of experience in cyber security or information security roles.
Knowledge and Skills:
- Strong technical experience in Windows Server and Linux environments.
- Strong technical understanding of infrastructure, networking, and operating systems.
- Hands-on experience with one or more enterprise cyber security tools (e.g., Varonis, Qualys, Symantec DLP, SIEM, EDR).
- Knowledge of regulatory frameworks (e.g., ISO 27001, CIS, NIST, SAMA).
- Comfortable supporting log analysis, access control configurations, and data protection tools.
- Proficiency in troubleshooting integrated systems involving AD, DNS, GPO, and networked assets
- Scripting or automation exposure (Python, Ansible, or PowerShell) is desirable.
- Experience collaborating with audit, risk, and compliance stakeholders.
- Excellent written and verbal communication skills for technical and non-technical audiences.

Success Measures
- High availability and performance of cyber tooling platforms.
- Reduction in platform-level incidents through proactive support or automation.
- Timely delivery of project tasks and handover documentation.
- Positive feedback from IT partners, operations, and audit stakeholders.
- Contribution to ongoing improvements in detection, compliance, and control effectiveness.

Soft Skills:
- Excellent communication skills, with the ability to convey technical findings to non-technical stakeholders.
- Strong collaboration skills, with a focus on cross-functional teamwork and vendor relationship management.
- Process oriented with keen attention to detail.
- Ability to proactively anticipate problems and execute solutions at a strategic level.
- Ability to think strategically
- Active involvement in internal and external audits and experience of managing Audit relationships.
Certifications:
- Relevant certifications such as CISSP, Security+, CEH, GCIA, or vendor-specific qualifications (e.g., Microsoft, AWS).

Desired but not necessary:

Scripting skills in PowerShell, Python, or Bash.
Experience working with cloud platforms (Azure, AWS) or virtualized environments (e.g., VMware).
Familiarity with ServiceNow ITSM.
Knowledge of security frameworks such as CIS Benchmarks, ISO 27001, or NIST 800-53.

PERSONAL REQUIREMENTS

Excellent communication skills
Results driven, with a strong sense of accountability
A proactive, motivated approach.
The ability to operate with urgency and prioritise work accordingly
Strong decision making skills, the ability to demonstrate sound judgement
A structured and logical approach to work
Strong problem solving skills
A creative and innovative approach to work
Excellent interpersonal skills
The ability to manage large workloads and tight deadlines
Excellent attention to detail and accuracy
A calm approach, with the ability to perform well in a pressurised environment
Strong numerical skills

We are open to considering flexible working requests in line with organisational requirements.

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.

We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.

Apply