MUFG

About the Company

MUFG (Mitsubishi UFJ Financial Group) is one of the world's leading financial groups. Headquartered in Tokyo and with over 360 years of history, MUFG has a global network with over 2,100 locations in more than 40 markets including the Americas, Europe, the Middle East and Africa, Asia and Oceania. The Group has over 120,000 employees and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. Through close partnerships among our group companies, the Group aims to be the world's most trusted financial group, flexibly responding to all of the financial needs of its customers, serving society, and fostering shared and sustainable growth for a better world. MUFG's shares trade on the Tokyo, Nagoya, and New York stock exchanges. Watch our profile video: https://youtu.be/htyOjA1H6bQ Details of MUFG's Group companies can be found at the following websites: http://www.bk.mufg.jp/global http://www.tr.mufg.jp/english https://mufgamericas.com https://www.mufgemea.com http://www.hd.sc.mufg.jp/english
©2024Mitsubishi UFJ Financial Group, Inc. All rights reserved. The MUFG logo and name is a service mark of Mitsubishi UFJ Financial Group, Inc.

Listed Jobs

Company Name

MUFG

Job Title

Vice President, EMEA Red Team Lead

Job Description

Job title: Vice President, EMEA Red Team Lead Role Summary: Lead and shape MUFG’s global adversary simulation program for the EMEA region, driving sophisticated red team operations and enhancing enterprise threat detection and response. Manage a team of senior operators, mentor junior talent, and collaborate with threat intelligence, detection engineering, and business continuity functions to strengthen the bank’s overall security posture. Expectations: - Deliver rigorous, realistic adversary simulations that validate and improve MUFG’s security architecture and incident response. - Provide strategic guidance to enhance threat detection capabilities and incident handling processes. - Develop, coach, and retain high‑performance red team talent across EMEA. - Maintain visibility and evidence of security controls, IT risk management, and compliance across the EMEA bank. Key Responsibilities: 1. Design, execute, and debrief complex red team engagements across cloud, on‑premises, and application layers. 2. Identify gaps in security controls, risk mitigations, and response workflows; recommend actionable improvements. 3. Collaborate with threat intelligence, detection engineering, and SOC teams to integrate offensive insights into defensive playbooks. 4. Report findings and remediation plans to executive leadership, aligning security initiatives with business objectives. 5. Ensure consistent application of information security, IT risk, and business continuity controls across all EMEA operations. 6. Drive continuous improvement of red team methodology, tooling, and training programs. 7. Partner with global security functions to harmonize security standards and incident response across MUFG. Required Skills: - Deep expertise in offensive security tools (e.g., Metasploit, Cobalt Strike, Burp Suite). - Strong knowledge of threat intelligence, detection engineering, and incident response frameworks. - Proven leadership and mentorship experience in security teams. - Excellent communication and influence skills with senior stakeholders. - Ability to assess complex IT risk and control environments in a financial services context. - Familiarity with compliance frameworks (e.g., PCI‑DSS, ISO 27001, NIST). Required Education & Certifications: - Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. - Minimum of 10‑15 years in security roles; 5 + years in a senior red‑team or offensive security leadership position. - Certifications: CISSP, CISM, CRTO, OSCP, CEH, or equivalent. - Additional advanced credentials such as GCIA, GCIH, or specialized red‑team certifications are highly desirable.

London, United kingdom

On site

Senior

10-12-2025

Company Name

MUFG

Job Title

Vice President, Incident Respond Lead

Job Description

**Job Title** Vice President, Incident Response Lead **Role Summary** Lead and oversee the organization’s incident response capability, ensuring robust prevention, detection, analysis, containment, and recovery processes for all cyber, IT, and information risk incidents. Align incident response strategy with global security governance, regulatory requirements, and business objectives while collaborating with internal and external stakeholders, including auditors, management committees, and external regulators. **Expectations** - Deliver an integrated, auditable incident response framework that protects the organization’s assets and reputation. - Maintain a proactive threat intelligence posture and continually refine incident response playbooks. - Demonstrate decisive leadership during incidents, coordinating cross‑functional teams and ensuring minimal business impact. - Serve as the primary liaison for incident reporting, escalation, and post‑incident reviews with senior leadership and external auditors. **Key Responsibilities** - Develop, implement, and continually improve the organization’s Incident Response Plan, policies, and procedures in accordance with ISO 27001, NIST 800‑61, and relevant regulatory mandates. - Lead, mentor, and manage the Incident Response Team, ensuring high levels of readiness, skill development, and clear command‑and‑control during incidents. - Coordinate incident investigations, manage documentation, evidence collection, root‑cause analysis, and remediation actions. - Oversee the integration of threat intelligence feeds, security monitoring tools, and automation to support early detection and rapid response. - Ensure consistent application of security controls across business units and technology infrastructure. - Prepare and present incident reports, metrics, and lessons‑learned to executive management, technology governance committees, and external auditors. - Manage incident‑related communication with stakeholders, including public relations, legal, compliance, and regulatory bodies when applicable. - Continuously benchmark and adopt best practices, emerging technologies, and industry standards to elevate the organization’s security posture. **Required Skills** - Executive‑level leadership with a proven track record in cyber incident response and information security management. - Deep understanding of threat landscape, cyber attack techniques, and risk assessment methodologies. - Experience with security frameworks (ISO 27001, NIST, SOC 2, PCI‑DSS) and regulatory compliance (GDPR, FFIEC, SOC 2). - Strong analytical and investigative skills; ability to synthesize technical evidence into actionable conclusions. - Excellent communication, stakeholder‑management, and cross‑functional collaboration. - Ability to manage complex, high‑pressure incidents while maintaining clear decision‑making and documentation. - Familiarity with security operations tools (SIEM, SOAR, EDR) and incident‑management platforms. **Required Education & Certifications** - Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (Master’s preferred). - Industry certifications: CISSP, CISM, CRISC, CEH, GIAC, or equivalent. - Additional certifications (e.g., CISA, ISO 27001 Lead Implementer) are highly desirable. ---

London, United kingdom

On site

Senior

10-12-2025

Company Name

MUFG

Job Title

Assistant Vice President, IAM Junior Engineer

Job Description

**Job Title:** Assistant Vice President, IAM Junior Engineer **Role Summary:** Provide engineering support and enforce identity and access management (IAM) policies for MUFG’s banking and securities divisions. Operate under a dual‑hat model to ensure consistent governance, conduct access reviews, manage privileged access, resolve incidents, and maintain documentation and knowledge bases. **Expectations:** - Apply IAM policies and procedures uniformly across both entities. - Demonstrate strong communication, teamwork, and decision‑making in a high‑pressure environment. - Proactively identify process improvements and support broader risk & security teams. - Maintain high accuracy and accountability in all deliverables. **Key Responsibilities:** - Engineer support for RSA IGL (or equivalent) IAM platform. - Create, mature, and execute access review cycles. - Implement and maintain privileged access controls. - Investigate and close IAM‑related incidents; manage password/access queries. - Update knowledge management database and standard operating procedures. - Conduct knowledge‑transfer sessions for newly onboarded applications. - Maintain trackers, systems, and documentation for IAM processes. - Perform AD account and group management; enforce least‑privilege principles. **Required Skills:** - Practical experience with RSA IGL or similar IAM tools. - SQL/PL‑SQL and Oracle database proficiency. - Web services (REST/SOAP) and Java/JSP development experience. - Basic web development (HTML, CSS, JavaScript). - Windows/Linux server administration. - PowerShell scripting knowledge. - Incident management and resolution processes. - Strong attention to detail, written and verbal English proficiency. - Excellent interpersonal and communication skills. - Proficiency with Microsoft Office (including Visio). - Ability to work independently, make sound judgments, and handle pressure. **Required Education & Certifications:** - Bachelor’s degree in Computer Science, Information Technology, Cyber Security, or related field (or equivalent professional experience). - Relevant IAM or security certifications (e.g., CISSP, CISM, ISO 27001 Lead Implementer) are desirable but not mandatory.

London, United kingdom

On site

Senior

20-01-2026

Company Name

MUFG

Job Title

Cyber Risk Oversight

Job Description

**Job Title:** Cyber Risk Oversight **Role Summary:** Support the Operational Risk Management (ORM) team in strengthening the firm’s Second Line of Defence for Information Security and Cyber Risk across the EMEA region. Develop and embed policies, procedures, controls, and risk assessments, ensure regulatory compliance, and provide expert challenge to First Line owners while driving cyber‑risk awareness and resilience. **Expactations:** - Deliver and maintain a robust cyber‑risk framework aligned with regulatory expectations. - Monitor and interpret regulatory changes; recommend and implement necessary enhancements. - Conduct independent oversight, testing, and assurance of technology and cyber controls. - Provide expert analysis of KPI/KRI trends, challenge First Line assessments, and support risk‑based decision‑making. - Supervise junior staff on BAU and change initiatives when required. - Communicate risk posture to senior management and key stakeholders. **Key Responsibilities:** - Embed the Operational Risk framework for technology and cyber risks in partnership with First Line teams and Head Office. - Track regulatory developments in technology and cyber security; propose updates to control frameworks. - Develop and execute medium‑ to long‑term objectives, including enhanced oversight and testing of controls and RCSA processes. - Participate in cyber‑security projects and change initiatives, providing risk input and oversight. - Perform deep‑dive analysis of technology and cyber KPI/KRI data; issue SME‑level challenges to the First Line. - Conduct Second Line risk evaluations for new products, systems, and material change projects. - Maintain and promote a 3‑LoD model; drive cyber‑risk awareness across the region. - Ensure compliance with internal policies, laws, and regulator requirements; stay current on regulatory updates. **Required Skills:** - Strong knowledge of banking and securities products/services. - Extensive experience in information security, technology, and cyber risk management within financial services. - Ability to identify, analyze, and clearly communicate technology and cyber risks to diverse audiences. - Proficiency in risk assessment, control testing, KPI/KRI monitoring, and incident/issue management. - Familiarity with regulatory frameworks (e.g., GDPR, FCA, EBA, Basel III) and their impact on cyber risk. - Project‑management competence and stakeholder‑engagement skills. - Analytical mindset with strong quantitative and qualitative assessment capabilities. **Required Education & Certifications:** - Bachelor’s degree in Computer Science, Information Security, Risk Management, Finance, or a related field. - Professional certifications such as CISSP, CISM, CRISC, CISA, or equivalent are highly preferred.

London, United kingdom

On site

26-01-2026