Vice President, Vulnerability Management Lead

MUFG (Mitsubishi UFJ Financial Group) is a leading global financial group with approximately 150,000 employees. We are headquartered in Tokyo and operate in over 50 countries with offices worldwide. Our values emphasize integrity, long-term relationships, serving society, and sustainable growth. We aim to be the world’s most trusted financial group and are committed to investing in talent, technologies, and tools to empower careers.

MUFG’s IT Security department covers cyber security strategy, governance, risk management and reporting. It promotes Head Office Information Security Standards and Procedures (ISSP) requirements and local security requirements, and supports security solutions to reduce risk.

Main purpose of the role: Vulnerability Management Lead to oversee and execute the end-to-end vulnerability management program for the EMEA region within a global financial institution. The role requires strong hands-on experience in vulnerability scanning, policy compliance, and the ServiceNow SecOps Vulnerability Response (VR) module, along with proven leadership in managing hybrid teams.

Key responsibilities:

• Lead EMEA vulnerability management and policy compliance lifecycle: scanning, prioritization, reporting, and remediation governance.
• Perform hands-on vulnerability analysis across infrastructure, cloud, and applications.
• Provide comprehensive solutions to complex problems, and lead major initiatives in risk reduction surrounding vulnerabilities.
• Manage and guide offshore vulnerability analysts, ensuring high-quality and timely delivery.
• Operate and enhance ServiceNow SecOps VR workflows, dashboards, and automation.
• Ensure compliance with internal security policies and EMEA regulatory requirements (e.g., EBA, DORA, FCA).
• Collaborate with MUS international information security functions and MUFG group to adopt a consistent approach to controls, standards and policies.
• Collaborate with IT and application teams globally to drive remediation and risk reduction.
• Support reporting relationships between Technology and internal/external bodies (auditors, management committees, Tokyo head office, regulators via Compliance, Operational Risk).
• Provide reporting, KPIs, and executive visibility on vulnerability posture.
• Support audits, risk assessments, and emerging vulnerability (zero-day) response.

Work experience:

Essential:

• 10+ years of experience in Vulnerability Management & Policy Compliance.
• Hands-on experience with ServiceNow SecOps VR module.
• Deep understanding of cybersecurity frameworks, governance, and risk management practices.
• Strong understanding of CVE/CVSS, threat intelligence, and remediation workflows.
• Experience managing offshore/onshore teams.
• Excellent communication and stakeholder management skills.
• Background in financial services or regulated environments preferred.
• Relevant certifications (CISSP, CISM, Security+, ServiceNow SecOps) are a plus.

Skills and experience:

Functional / Technical Competencies:

• Experience as a Vulnerability Management & Policy Compliance SME.
• Understanding of Vulnerability Management principles.
• Understanding of Risk Assessment Methodologies.
• Knowledge of CVSS or CCSS scoring systems.
• Knowledge of data models such as CPE and data normalization tools.
• Process-oriented with keen attention to detail.
• Knowledge of common vulnerabilities, attack vectors and mitigation techniques.
• Ability to anticipate problems and execute strategic solutions.
• Broad knowledge of IT security and application development platforms.
• Knowledge of vulnerability attack methods, exploit results, and attack chains.
• Ability to think strategically and manage audits and audit relationships.

Education / qualifications:

Essential:

• Degree educated and/or equivalent experience.

Personal requirements:

• Excellent communication skills.
• Results driven with strong accountability.
• Proactive, motivated approach.
• Ability to operate with urgency and prioritise work.
• Strong decision making and sound judgement.
• A structured and logical approach to work.
• Strong problem solving skills.
• Creative and innovative approach to work.
• Excellent interpersonal skills.
• Ability to manage large workloads and tight deadlines.
• Attention to detail and accuracy.
• Calm under pressure.

We are open to flexible working requests in line with organisational requirements. MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued. We support equality, diversity and inclusion in recruitment and employment and oppose all forms of discrimination on age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership. We make recruitment decisions in a non-discriminatory manner in accordance with our commitment to the right skills and the law.