Home
Jobs
MUFG
AVP - Junior Cybersecurity Technical Delivery Manager

AVP - Junior Cybersecurity Technical Delivery Manager

On site

London, United Kingdom

Full Time

26-02-2025

Share this job:

Score my CV Apply

Job Specifications

Do you want your voice heard and your actions to count?

Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.

With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.

Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.

Overview Of The Department/Section

IT Risk, Security & Control department covers cyber security strategy maintenance and tactical planning and operations to provide IT Security protection, governance, risk management and reporting. This includes promoting the global Information Security Standards and Procedures (ISSP) requirements and local security requirements.

The department deploys, supports and monitors security solutions such as virus protection, vulnerability management, compliance monitoring and threat/incident management activities to reduce risk.

NUMBER OF DIRECT REPORTS

None

MAIN PURPOSE OF THE ROLE

To manage the technical delivery of various cybersecurity projects and contribute to the overall success of the Cybersecurity programme function by:

Ensuring that projects are delivered according to scope, on time and within budget
Assisting the programme manager by providing programme support activities - hygiene, project steerco, finance etc

Key Responsibilities

Key responsibilities include, but not limited to:

Interpret cybersecurity relevant regulatory and other requirements or best practices and translate these to business aligned cybersecurity programme requirements.
Manage the delivery of cybersecurity projects within agreed scope, cost and timescale across Bank and Securities.
The delivery manager will be responsible for support and execution of the following deliverables as required: charter and roadmap, role matrix, status reports, programme schedules, issues and risk log, communication protocol and escalation plan, scope change assessment and change requests. Also business requirements specification and requirements traceability matrix.
Assisting the programme manager by providing programme support activities - hygiene, project steerco, finance etc

Work Experience

Work Experience:

Essential:

Experience in managing multiple projects with broad scope, ambiguity, and high degree of difficulty
Experience in managing cybersecurity technology projects such as implementation of DLP, Cyber infrastructure replacement, Cloud monitoring tools etc.
Demonstrable proficiency in a wide range of information IT security technologies and embedded security; at the minimum knowledge must cover key cybersecurity domains such as Identity and Access Management, Threat Intelligence, Risk Evaluation, Security Assessment/Testing, Incidence Management and Vendor/Cloud products assessment
Possessing high level of analytical ability where problems are typically unusual and difficult
Ability to maintain a working knowledge of cybersecurity principles and elements
Understand global program structure, launch plan and timing, and global program ownership
Demonstrable experience of senior stakeholder management and relevant management reporting.
Ability to coach team members through knowledge transfer and constructive feedback

Education / Qualifications:

Essential:

Degree educated and / or equivalent experience.

Skills And Experience

Functional / Technical Competencies:

Essential (Must Have)

Experience of working within Cybsersecurity team as a Technical Delivery Manager or within core Cybersecurity BAU function
Mastery of Project Delivery Life Cycle (PDLC) Controls
Proven understanding of current best practice approach to security assurance and the application of security frameworks
Experience in project and development methodologies covering; architecture pattern development, requirements analysis, design review and project risk assessment.
Planning and prioritizing multiple project work streams in response to rapidly developing and changing portfolios.
Turning business problems into optimal technical security designs, aligning user needs with systems requirements and organizational goals.
Experience of supplier and third party risk management
Structured project management experience in deploying security-related initiatives
Broad experience in computer and network systems, including IT security
Ability to handle ambiguity and make decisions and recommendations with limited data
Understanding of various Cyber/IT Security frameworks e.g. NIST; ISO-27001; PCI-DSS; EBA-ICT and FFIEC
Solid analytical/problem-solving skills with capability to identify solutions to unusual and complex problems

MUFG operate a hybrid working policy with 3 days per week in the office.

We are open to considering flexible working requests in line with organisational requirements.

MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity and inclusion in recruitment and employment, and oppose all forms of discrimination on the grounds of age, sex, gender, sexual orientation, disability, pregnancy and maternity, race, gender reassignment, religion or belief and marriage or civil partnership.

We make our recruitment decisions in a non-discriminatory manner in accordance with our commitment to identifying the right skills for the right role and our obligations under the law.

About the Company

MUFG (Mitsubishi UFJ Financial Group) is one of the world's leading financial groups. Headquartered in Tokyo and with over 360 years of history, MUFG has a global network with over 2,100 locations in more than 40 markets including the Americas, Europe, the Middle East and Africa, Asia and Oceania. The Group has over 120,000 employees and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. Through close partnerships among our group companies, ... Know more

Related Jobs

Company Name: TieTalent
Job Title: Cyber Security Assurance Tester and IR Specialist
Job Description: About Six Degrees is a leading secure, integrated cloud services provider, where everyone is welcome. We believe success lies in harnessing a truly diverse and inclusive culture. Our business protects UK organisations with the goal of enabling them to operate effectively and securely in the cloud, by giving them secure platforms to innovate and grow. We support our customers on their digital transformation journey regardless of their maturity. Our vision is to be the UK’s number one provider of secure, integrated cloud services to the small to mid-size market. Our Cyber Security Assurance team are one of the most experienced and highly qualified teams of penetration testers in the UK. Also experts in forensics, the team is responsible for testing 1000’s of applications, systems, environments and devices every year. The team routinely research vulnerabilities, compile threat intelligence and assist clients in shoring-up their data security. The Internal Penetration Testing & Incident Response Specialist will be a key member of the Cyber Security Assurance team, responsible for proactively identifying, assessing, and mitigating security risks internally within the organisation. They will work under general supervision, handling both internal penetration testing activities and aiding incident response operations for both external clients as well as internal operations. The role requires a methodical and analytical approach to security testing, as well as the ability to act decisively in response to security incidents. They will act as a subject matter expert for internal penetration testing and threat response, applying appropriate tools, techniques, and methodologies in accordance with relevant standards and legislation. They will work on complex and non-routine testing scenarios, providing actionable insights to improve the organisation’s security posture. The role requires close collaboration with internal teams, supporting security investigations, incident handling, and threat mitigation efforts. The Cyber Security Assurance Tester and IR Specialist will need to have experience in running common penetration testing types and being able to manage complex incidents that may malware reversing, forensics and log analysis. You will need be certified with the following certificates such as Cyber Scheme Team Member, CREST Registered Tester, CREST (CPIA), Intrusion Analyst (CRIA), CREST Certified Incident Manager (CCIM) In the context of a broader security initiative, this role will serve as the internal component of the client-facing penetration testing team, reporting to senior management. Exceptional communication skills are crucial, as the individual will be responsible for producing clear and professional written reports, technical evaluations, and briefings for key stakeholders. Regular collaboration with internal teams will be necessary, necessitating the ability to convey technical findings in a manner that highlights their business implications. The individual will also focus on enhancing their knowledge in penetration testing, threat intelligence, and incident response, ensuring that testing methodologies and response strategies are in line with industry best practices. This position is ideal for a security professional who is proactive and adaptable, capable of integrating offensive security testing with swift responses to cyber threats within the organization. Our Benefits In return for the passion our people bring to everything they do, we want them to enjoy a range of benefits that enrich their lives. We are a Real Living Wage employer, and through our additional employee benefits we feel we’ve got something that will help everybody live their best life. We recognise the immense joy and significance of family leave for our employees, which is why Six Degrees provide an enhanced maternity and paternity leave package. We’re also keen to support people with flexible working, so everyone can have the personal time they need whilst still doing great work here at Six Degrees. We have some fantastic benefits on offer, with everyone being given Private Medical Insurance, Life Assurance, a matched pension scheme and 25 days holiday and as a happy birthday from Six Degrees, all employees get a day off for their Birthday. Throughout the business, our people have a causes and initiatives that they support and that is close to their heart. That’s why we give everyone the chance to volunteer one day year in addition to annual leave to make a difference. What is more, we also make a contribution to any additional benefits you may wish to choose. Every Six Degrees employee has instant access to private medical care is available, as well as mental health and employee wellbeing support 24/7. Whether it’s a wellness benefit, such as gym benefits, fitness programmes and genetics wellness testing to our life benefits with discounted rates on travel, critical illness and dental insurance. We also provide discounts on well-known brands, in restaurants, supermarkets, the list goes on! Our Recruitment Process At Six Degrees, we prioritise efficiency in our recruitment process, as we believe it is essential for you to connect with potential colleagues and have a positive candidate experience. Our team will thoroughly evaluate all applications, and if your qualifications align with our needs, our Talent Acquisition team will reach out to schedule a call. If all goes well, you will be invited to participate in an interview with your prospective line manager and team members, where you will discuss your suitability for the position and learn more about Six Degrees. For certain critical roles, we may conduct a second and final interview, which could include a task specific to the role. Following the completion of the assessment process, we look forward to welcoming you to the Six Degrees family Nice-to-have skills Penetration Testing City of London, England Work experience Pentester Security Analyst Languages English

London, United Kingdom

On site

Full Time

03-03-2025

Company Name: Tesco
Job Title: Principal Enterprise Security Architect
Job Description: What’s in it for you We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more! Annual bonus scheme of up to 45% of base salary Car Cash Allowance Holiday starting at 25 days plus a personal day (plus Bank holidays) Private medical insurance Retirement savings plan - save between 6% - 10% and Tesco will contribute 1.5 times this amount 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave About The Role Here at Tesco Cyber, we are seeking a highly skilled and experienced Enterprise Security Architect, who will be responsible for ensuring that all enterprise-built platforms and solutions align with our existing security framework and industry standards. This role requires a deep understanding of security principles, technologies, and best practices to protect our information assets and ensure compliance with regulatory requirements. The focus will be on collaborating with key stakeholders across various domains to enable our technology colleagues to work efficiently and manage their environments effectively. You will perform comprehensive risk assessments, develop strategies to mitigate threats, and ensure alignment with organizational security principles and best practices. You will be responsible for Design and implement robust security architectures for enterprise-wide capabilities, which our technology teams rely on regularly to operate their services and perform their day-to-day tasks efficiently, addressing identified threats and vulnerabilities. Conduct thorough risk assessments for new systems and existing environments, reviewing their designs and architectures to ensure they meet modern security requirements, identifying security risks, and recommending mitigation strategies. Influence and guide other teams to implement security solutions by collaborating across functions to integrate security principles and ensure systems align with business needs. Ensure all enterprise-built platforms align with our existing security framework and industry standards, while collaborating with other enabling and architecture teams to integrate security into all aspects of the organization's operations. Evaluate and enhance security processes to improve their efficiency and comprehensiveness. Continuously monitor and respond to emerging security trends and threats to workplace environments, virtualization technologies, and databases. Develop and maintain security architecture documentation, including policies, diagrams, and procedural guides. Act as an SME and advise on the security of the M365 platform, workplace solutions, and infrastructure control plane capabilities such as virtualization layers (VMWare). Lead and participate in internal technology initiatives to implement secure enterprise systems, ensuring alignment with security frameworks and organizational goals to enhance security posture. You will need Soft Skills Proven leadership experience as a technical individual contributor in complex organizations. Analytical mindset with a proactive approach to identifying and solving security challenges. Strong communication and interpersonal skills to articulate complex security concepts to diverse audiences. Ability to work collaboratively with cross-functional teams while managing multiple initiatives. Demonstrated curiosity and flexibility in applying knowledge and advice. Technical Skills Demonstrable experience and expertise in designing, implementing, and applying balanced controls from security frameworks such as NIST, CIS, ISO 27001, and MITRE. Expertise in security controls and best practices for cloud-based workplace environments. Proficiency in Microsoft 365 security, compliance capabilities, identity and access management, and threat protection, including Microsoft Defender, Microsoft Entra, and Microsoft Purview. Expertise with virtualization platforms, ideally on VMware security solutions, including VMware NSX, VMware Carbon Black Cloud, and Horizon. Familiarity with virtualization security best practices and endpoint security. Proficiency in securing databases (e.g., SQL, NoSQL), with a focus on encryption, authentication, and monitoring solutions. Proficiency in risk analysis, security controls management planning, and disaster recovery planning. Experience with security technologies such as firewalls, intrusion detection/prevention systems, and encryption. Qualifications & Experience Strong knowledge of security frameworks and standards (e.g., NIST, ISO 27001). Bachelor's degree in Computer Science, Information Technology, or a related field. Minimum of 10 years of experience in information security, with at least 5 years in a security architecture role. Professional certifications such as SABSA, CISSP, CISM, or TOGAF are highly desirable. Professional certifications in risk management such as CRISC are desirable.

Farringdon, United Kingdom

On site

Full Time

26-02-2025

Company Name: Morgan Stanley
Job Title: Lead Application Security Engineer - VP
Job Description: JR000996 Glasgow Morgan Stanley is looking for a motivated Engineering lead to join the Cybersecurity department, who will be charged with enabling security controls in the CI/CD pipelines by rolling out SAST, SCA or DAST tools with a significant impact to the development community and to the security posture of firm’s applications. In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Software Engineering Manager position at VP, P5 level, which is part of the job family responsible for developing and maintaining software solutions that support business needs. Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals. Interested in joining a team that's eager to create, innovate and make an impact on the world? Read on. What You’ll Do Work with a team of engineers to implement Morgan Stanley specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications. Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes. Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc. With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines. Support security standards, create templates and patterns to increase the efficiency and adoption of security program. Work with our partners to implement, manage, and optimizing security measures within our GitHub repositories and pipelines to continuously improve code security and protect against vulnerabilities. These Skills Will Help You Succeed In This Role Bachelor’s degree with 10+ years of work experience in the IT field 3+ years software development experience using Python, Java or JavaScript 3+ years of cumulative experience across the following: OWASP Secure Coding Practices Common software and web application security vulnerabilities Application security scanning tools Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins) Even Better If You Have A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field Business acumen to support the implementation of SAST, DAST, SCA, Container Security, API Security and IaC tools across the enterprise Ability to perform code reviews with minimal assistance A self-starter, with a strong desire for learning new technologies and applying them to solve problems Expertise in monitoring, alerting, reporting, data analysis is desired. Experience with two or more of the application build environments like Jenkins, Gradle, Maven. Familiarity with public cloud services a plus Experience with two or more of the Secure SDLC tools like Github Advanced Security, Snyk, WhiteSource, Sonatype, X-Ray, Wiz. Experience with Threat Analysis. Experience with DevSecOps, Secure SDLC. DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus Experience with evaluation, integration and onboard of application security tools is a plus What You Can Expect From Morgan Stanley We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 85 years. At our foundation are five core values — putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back — that guide our more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find trusted colleagues, committed mentors and a culture that values diverse perspectives, individual intellect and cross-collaboration. We Firm is differentiated by the caliber of our diverse team. While our company culture and commitment to inclusion define our legacy and shape our future, helping to strengthen our business and bring value to clients around the world. Learn more about how we put this commitment to action: morganstanley.com/diversity. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. We're committed to bringing passion and customer focus to the business. Certified Persons Regulatory Requirements If t his role is deemed a Certified role and may require the role holder to hold mandatory regulatory qualifications or the minimum qualifications to meet internal company benchmarks. Flexible work statement Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more. Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.

Glasgow, United Kingdom

On site

Full Time

26-02-2025

Company Name: Telefónica Tech
Job Title: Information Security Analyst – Level 3
Job Description: Company Description Telefónica Tech is a leading provider of innovative tech services for the B2B market with a worldwide presence and strategic hubs in Spain, Brazil, UK and Germany. The company helps leading brands and organisations across the UK and Ireland unlock the power of integrated technology for all businesses, bringing together in one place a unique combination of, the best people, with the best tech and the best platforms in a simplified manner, to make a real difference to every business, every day. We have an end-to-end portfolio of market leading services and develops integrated technology solutions to accelerate tech adoption through its two core divisions of Tech Cyber security & Cloud and Tech Intelligence of Things. The company has a diverse, highly trained and globally located talent pool of over 2000 employees and serves more than 5.5m customers every day with a service reach in 175 countries. Its dynamic partner ecosystem includes over 300 cutting edge businesses, as well as strategic agreements with all market leaders. Job Description This is a full-time role for a Level 3 Information Security Analyst to join a mature managed services Cyber team who manage the security posture of critical infrastructure and services under an ISO27001 and Cyber Essentials + certified managed service environment. You will be responsible for conducting Adversary Emulation which include penetration tests as well as red-teaming exercises for health care enterprises. This is a technical, hands-on role, and the successful candidate will be responsible for showcasing how an adversary can take advantage of vulnerable systems in an organization to get initial access to enterprise assets and then move laterally to widen the impact. They will also be responsible for providing very specific guidance to mitigate these security gaps/mis-configs/vulnerabilities. The successful candidate will be responsible for conducting Adversary emulation on various enterprise environments including but not limited to On-prem Infrastructure, Cloud, Web Apps, Non-Web Apps, IOT, Mobile Apps and Devices, Scada environments, etc. Skills & Experience: Extensive experience in conducting penetration tests for Applications, IT Infrastructure Services, Cloud, IOT, Scada, Network devices, Mobile Platforms, Hardware appliances, etc. Experience in planning and executing Whitebox, Blackbox, and Greybox penetration testing. Experience in planning and executing red teaming exercises including general reconnaissance, social engineering, breach simulations etc. Experience in conducting automated as well as manual penetration tests. Experience in conducting manual config reviews for Network devices, Servers, IOT devices, Applications etc. In depth understanding for general security principles. In depth understand of how security technologies like firewalls, EDR, SIEM, TVM operate in a coherent manner, and how to avoid unnecessary alerts while executing an Adversary Emulation exercise. Excellent communication, reporting, and presentation skills. Ability to plan, prioritise, be proactive and manage own workload. Understand up-to-date security threats and common exploits. Have an open attitude to sharing knowledge and information. Excellent analytical and problem-solving skills. Desire to learn new technologies. A motivated attitude to learn and challenge comfort zone. To keep up to date with the latest security and technology developments. Desirable Cyber security certification (e.g. OSCP, CRTO, OSCE, OSWP, etc). Scripting Experience. Additional Information Must have the right to live and work in the UK or Republic of Ireland. Due to our location, access to own transport is essential. Must meet Security Clearance requirements if this is a requirement of the role and any offer would be conditional upon the successful candidate passing BPSS which includes a criminal record check. We don’t believe hiring is a tick box exercise, so if you feel that you don’t match the job description 100%, but would still be a great fit for role, please get in touch.

Belfast, United Kingdom

On site

Full Time

26-02-2025