Vice President, Business Information Security Officer in City of London

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 150,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career. Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

Corporate Technology is accountable for the operation, development and support of all applications across all areas of the business. Corporate Technology ensures IT strategy, architecture and solutions are aligned to business requirements. The BISO role is part of the IT Security team. IT Security are collectively responsible for the following areas: Cyber Support and Engineering, Security Operations Centre covering pen tests, red and blue teams, Cyber and Risk Change portfolio, Threat Intelligence and Vulnerability Management for the Group and Identity and Access Management.

NUMBER OF DIRECT REPORTS 2

MAIN PURPOSE OF THE ROLE Responsible for providing strategic information security leadership and oversight across all business units in the region. This role bridges global security strategy and regional business execution, ensuring that security, risk, and compliance objectives are effectively implemented, measured, and governed. The position partners closely with regional executives, technology leadership, and global security functions to embed a culture of security, drive control adoption, and maintain regulatory confidence. This role will work alongside the EMEA regional CISO on supporting the strategy, initiatives and roadmap for information security in MUFG EMEA.

• Risk Advisory & Control Adoption Serve as the trusted advisor to business and technology units on security risks and control implementation. Support adoption of global security controls and standards within regional operations. Provide security input on new business initiatives, digital transformation, and third-party relationships.
• Security Training & Awareness Develop, tailor, and oversee delivery of security awareness programs by business line. Drive execution of phishing simulations and targeted learning interventions. Measure awareness effectiveness and report to management.
• Security Champion Network Establish and maintain a regional security champion community within business and operations teams. Promote local ownership of security best practices and risk reduction initiatives. Provide ongoing engagement, training, and recognition programs for champions.
• Security Strategy, Planning & Reporting Translate global and regional security objectives into actionable EMEA programs. Develop strategic plans, key risk metrics (KRIs/KPIs), and executive dashboards. Contribute to quarterly and annual reporting cycles for CISO and business leadership.
• Finance, Budgeting & Resourcing Support regional security budgeting, forecasting, and resource allocation. Track spend against plan and provide variance analysis. Assist in developing business cases for new initiatives or investments.
• Security Program Governance Oversee the implementation and governance of global security programs in EMEA. Ensure adherence to enterprise security policies and frameworks. Coordinate across multiple stakeholders to maintain governance and accountability.
• Risk, Compliance & Audit Coordination Act as the single point of contact for IT Security related audits and compliance engagements. Manage audit readiness, evidence coordination, and remediation tracking. Maintain strong relationships with internal audit, compliance, and regulatory teams.
• Reporting & Global/Regional Coordination Coordinate EMEA security reporting and represent the region in global BISO forums. Ensure consistency of risk posture and alignment with global metrics and governance. Provide regional input into global policy updates and program design.

KEY RESPONSIBILITIES

• Communication & Training Manage the Cyber & Risk training program. Ensuring Cyber integration with the business and technology. Communicating Risk & Cyber information across Bank EMEA and Securities. Be an escalation point for concerns about IT Security. Be a positive collaborator.
• People Management Ensure that the function is appropriately organised and adequately resourced by staff with appropriate skillsets to achieve its strategic objectives. Lead, direct and manage staff within the function to ensure that they: Understand the responsibilities applicable to their roles, Comply with the firm’s policies and procedures, Conduct themselves in a manner commensurate with the firm’s values. Actively manage performance, develop talent, identify key positions and persons and create sustainable success plans. Oversee appropriate training is in place to fulfil current and future skill requirements.
• Culture and Leadership Actively lead the integration of Bank and Securities technology functions. Promote the MUFG values-led culture which is inclusive and diverse. Promote a dynamic, delivery driven culture that works alongside business units to provide responsive resolutions and value driven solutions. Collective leadership by example on staff cyber education and awareness to embed a proactive cyber culture. Find ways to strengthen working relationships with stakeholders, including business teams. Lead by example in building relationships across the bank, establishing a stronger peer network and helping to strengthen collaboration. Build strong relationships with internal and external stakeholders to understand industry best practice, influence change and promote technical credibility.

WORK EXPERIENCE

• Experienced in information security, technology risk, or related disciplines within financial services sector.
• Experienced in IT security and control policy with specific experience of FFEIC, SOX, COBIT, NIST, CRI Profile and ISO standards.
• Conversant in the security & risk trends across banking and other industries.
• Experienced with the Defence in Depth approach.
• Strong track record of managing teams and building effective partnerships with peers.
• Strong experience in delivering training.
• Professional information security certifications (i.e. CISSP, CISM, CRISC or similar experience).
• Cloud Security experience and a good understanding of privacy legislation (Data Protection Act 2018 / GDPR).

SKILLS AND EXPERIENCE

• Functional / Technical Competencies: Strong strategic and analytical thinking. Excellent communication and stakeholder management. Proven ability to balance technical, business, and regulatory priorities. Collaborative, pragmatic, and outcomes-driven leadership style. Demonstrated experience of risks & controls. A deep understanding of IT Control, Security and Cyber risks: Defence in Depth model, Network defence, IDS and DMZ, Network protocols and firewall standards, Detective monitoring – SIEM, Vulnerability Management, Access and Privileged Access Management. Experienced in writing and maintaining IT documents, such as standards and procedures. Demonstrates an understanding of strategic business and IT issues impacting the financial services market. Strong understanding of risk and its application across technology and the business.