Vice President, Vulnerability Management Lead

MUFG • Full-time • London Ropemaker place, United Kingdom • 1d ago

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

MUFG (Mitsubishi UFJ Financial Group) is one of the world's leading financial groups. Headquartered in Tokyo and with approximately 350 years of history, MUFG is a global network with around 2,300 offices in over 50 countries including the Americas, Europe, the Middle East and Africa, Asia and Oceania, and East Asia.. The group has over 150,000 employees, offering services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing.

As one of the top financial groups globally with a vison to be the world's most trusted, we want to attract, nurture and retain the most talented individuals in the market. The size and range of MUFG's global business creates opportunities for our employees to stretch themselves and reap the rewards, whilst our common values, to behave with integrity and responsibility, and to build a culture which is fair, transparent, and honest, underpin everything that we do. We aim to be the financial partner of choice for our clients, whatever their requirements, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

MUFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: MTU) stock exchanges. The group’s operating companies include, but are not limited to, Bank of Tokyo-Mitsubishi UFJ, Mitsubishi UFJ Trust and Banking (Japan's leading trust bank), Mitsubishi UFJ Securities Holdings (one of Japan's largest securities firms), and MUFG Americas Holdings.

Please visit our website for more information - mufgemea.com.

IT Security department covers cyber security strategy maintenance and tactical planning and operations to provide IT Security protection, governance, risk management and reporting. This includes promoting Head Office Information Security Standards and Procedures (ISSP) requirements and local security requirements. The department supports and monitors security solutions such as virus protection, vulnerability management, compliance monitoring and threat/incident management activities to reduce risk.

NUMBER OF DIRECT REPORTS

3 (Offshore)

MAIN PURPOSE OF THE ROLE

Vulnerability Management Lead to oversee and execute the end-to-end vulnerability management program for the EMEA region within a global financial institution. The role requires strong hands-on experience in vulnerability scanning, policy compliance, and the ServiceNow SecOps Vulnerability Response (VR) module, along with proven leadership in managing hybrid teams.

KEY RESPONSIBILITIES

Lead EMEA vulnerability management and policy compliance lifecycle: scanning, prioritization, reporting, and remediation governance.
Perform hands-on vulnerability analysis across infrastructure, cloud, and applications.
Provide comprehensive solutions to complex problems, lead major initiatives in risk reduction surrounding vulnerabilities.
Manage and guide offshore vulnerability analysts, ensuring high-quality and timely delivery.
Operate and enhance ServiceNow SecOps VR workflows, dashboards, and automation.
Ensure compliance with internal security policies and EMEA regulatory requirements (e.g., EBA, DORA, FCA).
The role will involve liaising with the other information security functions within the MUS international business and MUFG group to ensure a consistent approach to all controls, standards and policies is adopted across the organisation.
Collaborate with IT and application teams globally to drive remediation and risk reduction.
To support the relationship and associated reporting requirements between Technology and internal and external bodies e.g. auditors, management committees, Tokyo head office, regulators (via Compliance), Operational Risk.
Provide reporting, KPIs, and executive visibility on vulnerability posture.
Support audits, risk assessments, and emerging vulnerability (zero-day) response.

WORK EXPERIENCE

Essential:

Proven experience (10+ years) in Vulnerability Management & Policy Compliance.
Hands-on experience with ServiceNow SecOps VR module.
Deep understanding of cybersecurity frameworks, governance, and risk management practices.
Strong understanding of CVE/CVSS, threat intelligence, and remediation workflows.
Experience managing offshore/onshore teams.
Excellent communication and stakeholder management skills.
Background in financial services or regulated environments preferred.
Relevant certifications (CISSP, CISM, Security+, ServiceNow SecOps) are a plus.

SKILLS AND EXPERIENCE

Functional / Technical Competencies:

Essential

Experience as a Vulnerability Management & Policy Compliance SME.
Understanding of Vulnerability Management principles.
Understanding of Risk Assessment Methodologies.
Knowledge of industry standard scoring models such as CVSS (Common Vulnerability Scoring System) or CCSS (Common Configuration Scoring System).
Knowledge of industry standard data models such as CPE (Collection Processing Engine) and data normalization tools.
Process oriented with keen attention to detail.
Knowledge of common vulnerabilities, attack vectors and mitigation techniques.
Ability to proactively anticipate problems and execute solutions at a strategic level.
Wide knowledge of application and IT products, interoperability, and extensive knowledge of IT security.
Knowledge of application development platforms.
Knowledge of vulnerability attack methods, exploit results, attack chains.
Ability to think strategically.
Active involvement in internal and external audits and experience of managing Audit relationships.

Education / Qualifications:

Essential

Degree educated and / or equivalent experience.

PERSONAL REQUIREMENTS

Excellent communication skills
Results driven, with a strong sense of accountability
A proactive, motivated approach.
The ability to operate with urgency and prioritise work accordingly
Strong decision making skills, the ability to demonstrate sound judgement
A structured and logical approach to work
Strong problem solving skills
A creative and innovative approach to work
Excellent interpersonal skills
The ability to manage large workloads and tight deadlines
Excellent attention to detail and accuracy
A calm approach, with the ability to perform well in a pressurised environment

We are open to considering flexible working requests in line with organisational requirements.

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.

We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.