Penetration Testing Team Lead - AVP

Do you want your voice heard and your actions to count

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG) one of the worlds leading financial groups. Across the globe were 120000 colleagues striving to make a difference for every client organization and community we serve. We stand for our values building long-term relationships serving society and fostering shared and sustainable growth for a better world.

With a vision to be the worlds most trusted financial group its part of our culture to put people first listen to new and diverse ideas and collaborate toward greater innovation speed and agility. This means investing in talent technologies and tools that empower you to own your career.

Join MUFG where being inspired is expected and making a meaningful impact is rewarded.

Overview of the Department/Section:

MUFG (Mitsubishi UFJ Financial Group) is one of the worlds leading financial groups. Headquartered in Tokyo and with approximately 350 years of history MUFG is a global network with around 2300 offices in over 50 countries including the Americas Europe the Middle East and Africa Asia and Oceania and East Asia. The group has over 150000 employees offering services including commercial banking trust banking securities credit cards consumer finance asset management and leasing.

As one of the top financial groups globally with a vison to be the worlds most trusted we want to attract nurture and retain the most talented individuals in the market. The size and range of MUFGs global business creates opportunities for our employees to stretch themselves and reap the rewards whilst our common values to behave with integrity and responsibility and to build a culture which is fair transparent and honest underpin everything that we do.We aim to be the financial partner of choice for our clients whatever their requirements building long-term relationships serving society and fostering shared and sustainable growth for a better world.

MUFGs shares trade on the Tokyo Nagoya and New York (NYSE: MTU) stock exchanges. The groups operating companies include but are not limited to Bank of Tokyo-Mitsubishi UFJ Mitsubishi UFJ Trust and Banking (Japans leading trust bank) Mitsubishi UFJ Securities Holdings (one of Japans largest securities firms) and MUFG Americas Holdings.

Please visit our website for more information - .

Technology is responsible for the operation development and support of all technology across all areas of the local and international business. We ensure the IT strategy architecture solutions and service delivery are firmly aligned to business requirements and long-term strategy of the group.

Technology comprises the following functions:

Architecture and Development team - which is responsible for the provision of shared services including architecture middleware new systems development quality assurance and release management.
Middle Risk and Back Office Team - which is responsible for all the applications used by these areas including the main trading system Murex.

Front Office Solutions - which provides a business-oriented focus to all technological developments that affect the trading floor.
Infrastructure team - which supports the operation of all production services voice and data networks other voice systems and desktop systems.

Programme Office and Purchasing - which is responsible for definition prioritisation and delivery of the annual investment portfolio as well as procurement and software licence management.

IT Risk and Control - which is responsible for implementing and managing all technology related controls over IT and information risk and business continuity supports the provision of disaster recovery solutions performs risk assessments and manages business recovery plans and the business recovery facility. Information Security is also the responsibility of this function.

Main Purpose of the Role:

To ensure effective management and control of information security IT and information risk for MUSI by ensuring all appropriate Security IT and common-sense controls are in place that these controls are being followed and that this is evidenced across the whole business and IT department.

The role will involve liaising with the other information security functions within the MUS international business and MUFG group to ensure a consistent approach to all controls standards and policies is adopted across the organisation.

To ensure all necessary Information Security controls are in place and that an appropriate strategy to protect the firm from all Cyber external and internal threats is defined and being implemented.

To develop implement and manage compliance with appropriate IS and IT Security policies standards and procedures.

To support the relationship and associated reporting requirements between Technology and internal and external bodies e.g. auditors management committees Tokyo head office regulators (via Compliance) Operational Risk.

Key Responsibilities:

In this role you will be responsible for information/ cyber security across MUFGs banking arm and securities business under a dual-hat arrangement. Under this arrangement you will act and make decisions on behalf of both the bank and the securities business subject to the same remit and level of authority and irrespective of the entity which employs you.

Develop and maintain governance structure of red team operations and train and mentor other members of the Red Team.

Develop and execute penetration testing plans including network web application and social engineering assessments.

Collaborate with SOC team and selected vendor to plan and execute annual purple team testing

Identify security risks and vulnerabilities through simulated attacks and helping the organization understand the potential impact.

Manage Red Team tools and the Security Testing & Validation Platform

Lead and manage a team of security professionals and vendor resources to conduct regular risk assessments to identify and exploit vulnerabilities mis-configurations within EMEA internal & external infrastructure.

Implement and maintain governance of any assessments finding remediation progress and create regular reporting for tech and executives

Collaborating with other technology teams (i.e. infra app and etc) to develop and improve defensive strategies and security measures to prevent real-world attacks.

Stay up-to-date with the latest cybersecurity threats trends and technologies to ensure the teams methods and tools are current and effective.

Strong understanding of blue team detection use cases

Create executive report from technical assessment report

Maintain an up to date working knowledge of current laws regulations and best practices relating to information security.

Support Information Security incidents where requested.

Support Operational Security duties where requested.

Manage grey and black box testing solution including identified threats and vulnerabilities

Availability for out-of-hours support when necessary

Skills and Experience:

Minimum of 3 years experience as a pen tester

Skilled in developing implants and able to obtain and maintain persistence within corporate systems while avoiding detection from common security tools.

Demonstrated knowledge of tactics related to malicious insider activity organized crime/fraud groups and threat actors both state and non-state understanding of offensive and pentest technologies

Ability to provide remediations recommendation based on test and automated security testing result

Deep understanding of how an advance persistent threat and their tactics procedure and technics

Solid understanding of Enterprise Backend to Frontend system architecture

Familiarity with defender techniques security monitoring and SIEM tools

Strong ability to analyse and distil complex issues and present succinct updates to management and associated committees.

The ability to create clear documentation relating to Operational Processes and Procedures.

Please note MUFG operate a hybrid work policy with 3 days per week in the office.

We are open to considering flexible working requests in line with organisational requirements.

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued respected and their opinions count. We support the principles of equality diversity and inclusion in recruitment and employment and oppose all forms of discrimination on the grounds of age sex gender sexual orientation disability pregnancy and maternity race gender reassignment religion or belief and marriage or civil partnership.

We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.