Vice President, Business Information Security Officer & Policy Management

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

Corporate Technology is accountable for the operation, development and support of all applications across all areas of the business. Corporate Technology ensures IT strategy, architecture and solutions are aligned to business requirements. The BISO role is part of the IT Security team. IT Security are collectively responsible for the following areas: Cyber Support and Engineering, Security Operations Centre covering pen tests, red and blue teams, Cyber and Risk Change portfolio, Threat Intelligence and Vulnerability Management for the Group and Identity and Access Management.

NUMBER OF DIRECT REPORTS

2

MAIN PURPOSE OF THE ROLE 

Responsible for providing strategic information security leadership and oversight across all business units in the region. This role bridges global security strategy and regional business execution, ensuring that security, risk, and compliance objectives are effectively implemented, measured, and governed.

The position partners closely with regional executives, technology leadership, and global security functions to embed a culture of security, drive control adoption, and maintain regulatory confidence.

This role will work alongside the EMEA regional CISO on supporting the strategy, initiatives and roadmap for information security in MUFG EMEA. Working with key stakeholders internally to help embed security into the culture, whilst embedding technical controls into the mission critical business systems:

Risk Advisory & Control Adoption

• Serve as the trusted advisor to business and technology units on security risks and control implementation.
• Support adoption of global security controls and standards within regional operations.
• Provide security input on new business initiatives, digital transformation, and third-party relationships.

2. Security Training & Awareness

• Develop, tailor, and oversee delivery of security awareness programs by business line.
• Drive execution of phishing simulations and targeted learning interventions.
• Measure awareness effectiveness and report to management.

3. Security Champion Network

• Establish and maintain a regional security champion community within business and operations teams.
• Promote local ownership of security best practices and risk reduction initiatives.
• Provide ongoing engagement, training, and recognition programs for champions.

4. Security Strategy, Planning & Reporting

• Translate global and regional security objectives into actionable EMEA programs.
• Develop strategic plans, key risk metrics (KRIs/KPIs), and executive dashboards.
• Contribute to quarterly and annual reporting cycles for CISO and business leadership.

5. Finance, Budgeting & Resourcing

• Support regional security budgeting, forecasting, and resource allocation.
• Track spend against plan and provide variance analysis.
• Assist in developing business cases for new initiatives or investments.

6. Security Program Governance

• Oversee the implementation and governance of global security programs in EMEA.
• Ensure adherence to enterprise security policies and frameworks.
• Coordinate across multiple stakeholders to maintain governance and accountability.

7. Risk, Compliance & Audit Coordination

• Act as the single point of contact for IT Security related audits and compliance engagements.
• Manage audit readiness, evidence coordination, and remediation tracking.
• Maintain strong relationships with internal audit, compliance, and regulatory teams.

8. Reporting & Global/Regional Coordination

• Coordinate EMEA security reporting and represent the region in global BISO forums.
• Ensure consistency of risk posture and alignment with global metrics and governance.
• Provide regional input into global policy updates and program design.

KEY RESPONSIBILITIES

Communication & Training

• Manage the Cyber & Risk training program.
• Ensuring Cyber integration with the business and technology.
• Communicating Risk & Cyber information across Bank EMEA and Securities.
• Be an escalation point for concerns about IT Security.
• Be a positive collaborator.

People Management

• Ensure that the function is appropriately organised and adequately resourced by staff with appropriate skillsets to achieve its strategic objectives.

• Lead, direct and manage staff within the function to ensure that they:
  • Understand the responsibilities applicable to their roles
  • Comply with the firm’s policies and procedures
  • Conduct themselves in a manner commensurate with the firm’s values
• Actively manage performance, develop talent, identify key positions and persons and create sustainable success plans.
• Oversee appropriate training is in place to fulfil current and future skill requirements.

Culture and Leadership

• Actively lead the integration of Bank and Securities technology functions.
• Promote the MUFG values-led culture which is inclusive and diverse.
• Promote a dynamic, delivery driven culture that works alongside business units to provide responsive resolutions and value driven solutions.
• Collective leadership by example on staff cyber education and awareness to embed a proactive cyber culture.
• Find ways to strengthen working relationships with stakeholders, including business teams.
• Lead by example in building relationships across the bank, establishing a stronger peer network and helping to strengthen collaboration.
• Build strong relationships with internal and external stakeholders to understand industry best practice, influence change and promote technical credibility.

WORK EXPERIENCE

• Experienced in information security, technology risk, or related disciplines within financial services sector.
• Experienced in IT security and control policy with specific experience of FFEIC, SOX, COBIT, NIST, CRI Profile and ISO standards.
• Conversant in the security & risk trends across banking and other industries.
• Experienced with the Defence in Depth approach
• Strong track record of managing teams and building effective partnerships with peers.
• Strong experience in delivering training
• Professional information security certifications (i.e. CISSP, CISM, CRISC or similar experience).
• Cloud Security experience and a good understanding of privacy legislation (Data Protection Act 2018 / GDPR).

SKILLS AND EXPERIENCE

Functional / Technical Competencies:

• Strong strategic and analytical thinking.
• Excellent communication and stakeholder management.
• Proven ability to balance technical, business, and regulatory priorities.
• Collaborative, pragmatic, and outcomes-driven leadership style.
• Demonstrated experience of risks & controls.
• A deep understanding of IT Control, Security and Cyber risks:
  • Defence in Depth model.
  • Network defence, IDS and DMZ
  • Network protocols and firewall standards
  • Detective monitoring – SIEM
  • Vulnerability Management
  • Access and Privileged Access Management
• Experienced in writing and maintaining IT documents, such as standards and procedures.
• Demonstrates an understanding of strategic business and IT issues impacting the financial services market.
• Strong understanding of risk and its application across technology and the business.
• Good understanding of project lifecycles.

Education / Qualifications:

• Degree educated and / or equivalent experience.

PERSONAL REQUIREMENTS

• Excellent Leadership skills
• Excellent communication skills
• Ability to manage constructive conflict effectively
• Strong facilitation skills
• Ability to build strong and lasting relationships across the bank
• Results driven, with a strong sense of accountability, focused on business outcomes
• A proactive, motivated approach.
• The ability to operate with urgency and prioritise work accordingly
• Strong decision-making skills, the ability to demonstrate sound judgement
• A structured and logical approach to work
• Strong problem-solving skills
• A creative and innovative approach to work
• Excellent interpersonal skills
• Excellent attention to detail and accuracy
• Strong numerical skills
• A confident approach, with the ability to provide clear direction to your team
• Excellent managerial/leadership experience
• The ability to articulate and implement the vision/strategy for the planning department

We are open to considering flexible working requests in line with organisational requirements.

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.

We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.