Vice President, Threat and Vulnerability Management Team Lead

Vice President, Threat and Vulnerability Management Team Lead at MUFG. The role defines, develops, and leads the strategic direction for safeguarding the organisation’s infrastructure and applications by proactively identifying, assessing, and remediating security vulnerabilities. The position sits within the Digital Engineering Services & Solutions (DES) department of the Technology Division and includes oversight of an outsourced offshore third-party service.

The function integrates secure practices into the development lifecycle, aligns with service transition processes to ensure internal controls and regulatory standards, and serves as the central coordination point for all vulnerability-related activities across DES. The candidate will lead a team and foster a culture of technical excellence, defining best practices for risk identification and remediation, and influencing stakeholders to protect the organization against external threats.

• Lead the design, development, operation and management of the TVM strategy and roadmaps, aligning with business requirements, services, strategic goals, and IT risk appetite.
• Develop short, medium, and long-term strategic goals for DES TVM and document the current environment and future roadmap.
• Define measurable processes and reporting metrics; establish KRIs and governance, producing KPI, MI, and risk management data for senior management.
• Identify cost-saving and optimisation opportunities within MUFG Global/EU regions and the wider MUFG group.
• Lead a team of Threat and Vulnerability Engineers to deliver best-practice operations and strategic development in line with MUFG policies.
• Oversee deployment of routine and out-of-band security patches across IT infrastructure and automate patch deployments with post-deployment checks.
• Triages vulnerabilities into categories (Fix, Acknowledge, Investigate) using industry risk rating methodologies.
• Manage vulnerabilities using ServiceNow AVR and VR modules, integrating dashboards and workflows for visibility and accountability.
• Collaborate with technology teams to analyse vulnerabilities and impacts for stakeholders; work with application teams to ensure secure coding and timely remediation.
• Prioritise weaknesses using manual and automated methods (including SAST/SA) with policy enforcement and risk-based prioritisation.
• Engage with Cyber Security, IT Risk, Auditors, and external partners to ensure controls are met and vulnerability remediation is completed.
• Act as primary SME for TVM within DES; build relationships across Bank and Securities functions and promote MUFG values and diversity.

• Proven experience leading a team of Threat and Vulnerability Engineers in a large-scale environment.
• Strong strategic thinking and ability to co-develop and drive the function’s technical vision, strategy, and roadmap aligned with business goals and risk appetite.
• Extensive experience with infrastructure and cloud platforms (AWS, Azure, Oracle) and vulnerability management programs (scanning, pen testing, security awareness).
• Proficiency with vulnerability tools (Tenable, Qualys, Rapid7, Veracode, JFrog Xray) and threat intelligence/incident response tools; experience with automated vulnerability scanning and incident response processes.
• Familiarity with security frameworks (NIST, ISO 27001) and threat intelligence/incident response concepts; ability to analyse threats and mitigate risk.
• Excellent communication skills for governance, risk oversight, and cross-functional collaboration; ability to translate technical risks for non-technical stakeholders.

• Recognised cybersecurity certification: CISSP and/or CISM. Desirable: CCSP.
• Knowledge of Ivanti LANDesk, Qualys, Splunk; Windows Server/Desktop, RHEL/OEL Linux; PowerShell and Python scripting.
• Experience leading security initiatives and process automation in large-scale environments.
• Additional familiarity with CyberArk PAM, ServiceNow SecOps Vulnerability Response, VMware/Nutanix, databases (MSSQL, Oracle, MongoDB), and AD/LDAP/Kerberos.

• Excellent communication and interpersonal skills; ability to manage conflict and build strong relationships across the bank.
• Results-driven with accountability and a strategic, delivery-focused approach.
• Strong decision-making and the ability to work under pressure with tight deadlines.
• Ability to lead a high-performing team and promote a values-led, inclusive culture; ability to motivate and develop staff cyber education.
• Flexible working options may be considered in line with organizational requirements.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Business Development and Sales
• Industries: Financial Services and Banking

MUFG is committed to equality, diversity and inclusion in recruitment and employment. We oppose all forms of discrimination and strive to create an inclusive culture where all employees are valued and can contribute fully.