Cyber Security Program Delivery

About Us: MUFG Bank, Ltd. is Japan's premier bank, with a global network spanning in more than 40 markets. Outside of Japan, the bank offers an extensive scope of commercial and investment banking products and services to businesses, governments, and individuals worldwide. MUFG Bank's parent, Mitsubishi UFJ Financial Group, Inc. (MUFG) is one of the world's leading financial groups. Headquartered in Tokyo and with over 360 years of history, the Group has about 120,000 employees and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. The Group aims to be the world's most trusted financial group through close collaboration among our operating companies and flexibly respond to all the financial needs of our customers, serving society, and fostering shared and sustainable growth for a better world. MUFG's shares trade on the Tokyo, Nagoya, and New York stock exchanges. MUFG Global Service Private Limited: Established in 2020, MUFG Global Service Private Limited (MGS) is 100% subsidiary of MUFG having offices in Bengaluru and Mumbai. MGS India has been set up as a Global Capability Centre / Centre of Excellence to provide support services across various functions such as IT, KYC/ AML, Credit, Operations etc. to MUFG Bank offices globally. MGS India has plans to significantly ramp-up its growth over the next 18-24 months while servicing MUFG's global network across Americas, EMEA and Asia Pacific. Job Profile: MUFG Global Service is seeking a seasoned cybersecurity leader to drive enterprise-wide security initiatives across IT Governance, Risk & Compliance (GRC), Cyber Operations, Engineering, and Threat Intelligence. This role blends strategic oversight with technical depth, focusing on building cyber capabilities, managing programs, and leading high-performing teams. Roles and Responsibilities: IT Governance, Risk & Compliance (GRC) - Develop and maintain IT GRC frameworks aligned with ISO 27001, NIST, COBIT, and other standards that are relevant to the MUFG Global Service. - Lead risk assessments, control evaluations, and compliance audits across IT systems. - Ensure regulatory compliance and manage audit engagements. - Drive continuous improvement in IT Security policies, procedures, and controls. Cyber Engineering: - Architect and implement secure infrastructure solutions across cloud, on-prem, and hybrid environments. - Lead deployment and integration of security technologies (SIEM, EDR, IAM, DLP, etc.) - Collaborate with IT and Application Owners to embed security into Design, Build and Operate stages. - Conduct technical assessments of new tools and platforms for security impact. - Strong understanding of cloud security, network architecture, and secure software development Program & People Management: - Lead cross-functional programs focused on security transformation and compliance maturity. - Manage a team of cybersecurity analysts, engineers, and SME. - Set performance goals, conduct reviews, and support career development. - Collaborate with executive leadership to align security initiatives with business objectives. Cyber Workforce Development: - Build and execute a strategic roadmap for developing cybersecurity talent across the organization. - Establish career pathways, competency models, and role-based training aligned with industry frameworks. - Launch mentorship, internship, and upskilling programs to attract and retain top cyber talent. - Partner with HR, academia, and industry groups to foster a diverse and inclusive cyber workforce. - Track workforce readiness metrics and align talent development with evolving threat landscapes. Cybersecurity Operations & Incident Response: - Lead and mature the Incident Response (IR) program, including playbook development, tabletop exercises, and post-incident reviews. - Coordinate with legal, PR, and business units during major incidents and breaches. - Ensure timely detection, containment, eradication, and recovery from cyber threats. Threat Intelligence & Red Teaming: - Build and manage threat intelligence capabilities to proactively identify and assess emerging threats. - Lead and simulate adversarial tactics and test organizational defenses. - Collaborate with Regional Red/Blue Team to enhance detection and response capabilities. Cyber Awareness: - Design and execute cybersecurity training programs for technical and non-technical staff. - Foster a culture of security awareness through campaigns and simulations. - Mentor junior cybersecurity and GRC professionals to build internal talent pipelines. Penetration Testing & Vulnerability Management - Oversee internal and external penetration testing programs across applications, networks, and cloud environments. - Prioritize and remediate vulnerabilities based on risk impact and business context. - Ensure continuous scanning, patching, and reporting of security weaknesses. - Maintain metrics and dashboards for vulnerability lifecycle management. Job Requirements: - Bachelor's degree in computer science, Information Security, or related field - 10–16 years of experience in IT GRC, Cybersecurity Operations, Cyber Engineering, People Management and Program Delivery - Certifications such as CISSP, CISM, CRISC, CEH, OSCP, GCIA, GCIH, or PMP are preferred. - Proven track record of leading enterprise-wide security and compliance programs - The candidate should demonstrate strategic and technology capabilities of the below (at least few must be hands-on) Category: - SIEM & Log Management - Endpoint Detection & Response (EDR) - Identity & Access Management (IAM) - Vulnerability Management - Penetration Testing & Red Teaming - Threat Intelligence - Cloud Security - Network Security - Data Protection & DLP Tools & Technologies: - Splunk, IBM QRadar, LogRhythm, Azure Sentinel - CrowdStrike Falcon, Sentinel One, Carbon Black - Okta, Azure AD, SailPoint, CyberArk - Tenable Nessus, Qualys, Rapid7, Insight - Burp Suite, Metasploit, Cobalt Strike, Kali Linux - Recorded Future, MISP, Anomaly, ThreatConnect - AWS Guard Duty, Azure Defender, Prisma Cloud, Wiz - Palo Alto Networks, Fortinet, Cisco Firepower - Symantec DLP, Microsoft Purview, McAfee DLP Equal Opportunity Employer The MUFG Group is committed to providing equal employment opportunities to all applicants and employees and does not discriminate on the basis of race, colour, national origin, physical appearance, religion, gender expression, gender identity, sex, age, ancestry, marital status, disability, medical condition, sexual orientation, genetic information, or any other protected status of an individual or that individual's associates or relatives, or any other classification protected by the applicable laws.