Vice President, Senior Audit Manager, Cybersecurity and Infrastructure
On site
London, United Kingdom
Full Time
09-04-2025
Job Specifications
Do you want your voice heard and your actions to count?
Discover your opportunity with Mitsubishi UFJ Financial Group (MUFG), one of the world’s leading financial groups. Across the globe, we’re 120,000 colleagues, striving to make a difference for every client, organization, and community we serve. We stand for our values, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
With a vision to be the world’s most trusted financial group, it’s part of our culture to put people first, listen to new and diverse ideas and collaborate toward greater innovation, speed and agility. This means investing in talent, technologies, and tools that empower you to own your career.
Join MUFG, where being inspired is expected and making a meaningful impact is rewarded.
MUFG (Mitsubishi UFJ Financial Group) is one of the world's leading financial groups. Headquartered in Tokyo and with approximately 350 years of history, MUFG is a global network with around 2,300 offices in over 50 countries including the Americas, Europe, the Middle East and Africa, Asia and Oceania, and East Asia. The group has over 150,000 employees, offering services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing.
As one of the top financial groups globally with a vison to be the world's most trusted, we want to attract, nurture and retain the most talented individuals in the market. The size and range of MUFG's global business creates opportunities for our employees to stretch themselves and reap the rewards, whilst our common values, to behave with integrity and responsibility, and to build a culture which is fair, transparent, and honest, underpin everything that we do. We aim to be the financial partner of choice for our clients, whatever their requirements, building long-term relationships, serving society, and fostering shared and sustainable growth for a better world.
MUFG’s shares trade on the Tokyo, Nagoya, and New York (NYSE: MTU) stock exchanges. The group’s operating companies include, but are not limited to, Bank of Tokyo-Mitsubishi UFJ, Mitsubishi UFJ Trust and Banking (Japan's leading trust bank), Mitsubishi UFJ Securities Holdings (one of Japan's largest securities firms), and MUFG Americas Holdings.
Please visit our website for more information - mufgemea.com.
EMEA Internal Audit Office (EIAO), as the Bank’s third Line of Defence, and in accordance with the Global Institute of Internal Auditors (IIA) International Standards (IIA Standards), provides independent assurance to the Board and Executive Management on the quality and effectiveness of governance, risk management and internal controls to monitor manage and mitigate key risks to achieving the Bank’s objectives.
NUMBER OF DIRECT REPORTS
TBC
MAIN PURPOSE OF THE ROLE
An exciting new opportunity has emerged for a Senior Audit Manager to join our IT audit team within the EMEA Internal Audit function. Senior Audit Managers are responsible for executing and delivering all audit engagements assigned to them by the Chief Auditor and Heads of Audit. In terms of understanding our structure Audit Directors will supervise audit teams in the scoping, planning and delivery of audit engagements and the role of the Senior Audit Manager is to support the Audit Director. The role includes some responsibilities in relation to annual planning and the risk universe.
Key Responsibilities
Supporting the planning of audits by the Heads of Audit and Audit Directors and assist the Heads of Audit with their respective Portfolios, risk universe sections, risk assessments and audit plans.
Assisting with strategy and approach papers for entities and risks within their Head of Audit’s portfolio, as directed.
To have, or to develop, specialist areas of subject matter expertise, specifically related to IT Infrastructure and Cybersecurity. These areas will be agreed by the Heads of Audit based on the team’s skills assessment matrix.
Deliver continuous monitoring assignments for agreed entities under the supervision of Audit Directors.
Maintain constructive relationships with stakeholders so that audit planning and delivery is achieved smoothly and professionally.
Lead audit engagement to the required methodology standard. May have responsibility for multiple engagements concurrently.
Provide ongoing feedback to the Audit Director during and at the end of each engagement; escalate any performance related issues to the Audit Director or Head of Audit. May include coaching team members.
Support the implementation of good practice throughout the team by maintaining a strong understanding of the audit methodology.
Display strong appreciation of risk and control in banking.
Coordinate Management Action Plans directly with stakeholders. This may involve the testing of remediated controls and closure of issue.
Assist the Head of Audit in preparing third party submissions for the Chief Auditor.
Work collaboratively with all Internal Audit & Credit Exam colleagues regionally and globally.
From time to time, may also be required to take a team role in non-‘BAU’ initiatives e.g. a working group.
Work Experience
Essential:
Extensive experience of working in an IT Audit function within the Wholesale/Investment Banking Sector, or similar Big-4 experience with relevant industry exposure;
Extensive experience of delivering integrated audit engagements, working closely with business audit teams.
Technology infrastructure and cybersecurity audit knowledge and demonstrable understanding of key risks and corresponding audit techniques, including, but not limited to, threat and vulnerability management, security monitoring, Cloud, networks and databases.
Demonstrable experience of leading multiple concurrent complex audits.
Preferred:
Experience of working in a 1st line technology role.
Skills And Experience
Functional / Technical Competencies:
Essential
Relevant technology and industry qualifications e.g. CISA, CISSP, CISM, CIA, ACA
Personal Requirements
Excellent communication skills
Results driven, with a strong sense of accountability
A proactive, motivated approach.
The ability to operate with urgency and prioritise work accordingly
Strong decision making skills, the ability to demonstrate sound judgement
A structured and logical approach to work
Strong problem solving skills
A creative and innovative approach to work
Excellent interpersonal skills
The ability to manage large workloads and tight deadlines
Excellent attention to detail and accuracy
A calm approach, with the ability to perform well in a pressurised environment
Strong numerical skills
We are open to considering flexible working requests in line with organisational requirements.
MUFG is committed to embracing diversity and building an inclusive culture where all employees are valued, respected and their opinions count. We support the principles of equality, diversity an...
About the Company
MUFG (Mitsubishi UFJ Financial Group) is one of the world's leading financial groups. Headquartered in Tokyo and with over 360 years of history, MUFG has a global network with over 2,100 locations in more than 40 markets including the Americas, Europe, the Middle East and Africa, Asia and Oceania. The Group has over 120,000 employees and offers services including commercial banking, trust banking, securities, credit cards, consumer finance, asset management, and leasing. Through close partnerships among our group companies, ... Know more
Related Jobs
- Company Name
- Lloyds Banking Group
- Job Title
- Senior Infrastructure Specialist - Network Security & Assurance
- Job Description
- JOB TITLE: Senior Infrastructure Specialist - Network Security & Assurance SALARY: £70,929 - £78,810 LOCATION(S): Manchester or Leeds WORKING PATTERN: Our work style is hybrid, which involves spending at least two days per week, or 40% of our time, at our locations noted above. About this Opportunity Join us at Lloyds Banking Group as a Network Security Senior Infrastructure Specialist and play a pivotal role in protecting the UK's largest digital bank. This opportunity sits within our Network Security Prevention, Detection, Compliance and Assurance team - part of the wider Network Security & Traffic Management Lab - which manages critical controls like Intrusion Prevention/Detection Systems (IPS/IDS) and Network Detection & Response (NDR) across our on-prem and multi-cloud environment. In this role, you'll lead the technologies that enforce our network security policies and keep our systems compliant in a dynamic, evolving threat landscape. It's a chance to drive automation in network security, influence future security architecture, and ensure we meet internal controls and external regulatory requirements - all while working in an inclusive, collaborative team that values your growth and ideas. As a Network Security Senior Infrastructure Specialist, you will: Lead network policy compliance and automation: Design, build, and maintain tools that enforce network security policies and automate firewall rule changes, ensuring our firewall rulesets remain clean, efficient, and compliant with best practices. Monitor and assure security compliance: Implement mechanisms to continuously track network security compliance across our cloud and on-prem environments, providing evidence and reports to satisfy internal audit and external regulators. Drive security improvements: Proactively identify gaps or risks in network security posture and work with architects to shape new policies or architectural enhancements. Your insights will help influence future network security strategy and frameworks. Collaborate and innovate: Work closely with multi-functional teams in Cyber Security and IT to integrate compliance tooling and processes, improving our overall security monitoring and response capabilities. You'll also evaluate emerging solutions (such as compliance-as-code) to keep us at the forefront of automation. Mentor and guide others: Act as a technical leader within the team, sharing your expertise. You'll mentor junior engineers and influence a culture of continuous improvement, ensuring the whole team grows its network security skills. Why Lloyds Banking Group We're on an exciting journey to transform our Group and the way we're shaping finance for good. We're focusing on the future, investing in our technologies, workplaces, and colleagues to make our Group a great place for everyone. Including you. What you'll need Demonstrable experience in network security or infrastructure roles, with deep technical knowledge of security boundary devices such as firewalls and intrusion detection/prevention systems Firewall policy expertise: Good understanding of firewall rule sets and network security policy standard practices - you know how to design and review rules that are effective, compliant, and minimize risk. Automation & tooling skills: Hands-on experience with automation workflows and policy administration tools (for example, AlgoSec, Skybox, Tufin, FireMon or similar), or exposure to "compliance-as-code" frameworks. You're comfortable using technology to simplify complex processes. Compliance and controls knowledge: Familiarity with regulatory standards and certification frameworks (e.g. ISO 27001, PCI-DSS) and experience participating in audits or maintaining key security controls. You understand how to translate regulatory requirements into practical network security measures. Leadership and collaboration: Demonstrable ability to lead initiatives and mentor junior technical staff. You enjoy sharing knowledge, guiding colleagues, and building an inclusive team environment. You communicate effectively and can influence partners when refining security policies or processes. Don't worry if you don't tick all these boxes; we're open minded and keen to invest in enthusiastic and positive people! About working for us Our focus is to ensure we're inclusive every day, building an organisation that reflects modern society and celebrates diversity in all its forms. We want our people to feel that they belong and can be their best, regardless of background, identity, or culture. We were one of the first major organisations to set goals on diversity in senior roles, create a menopause health package, and a dedicated Working with Cancer initiative. And it's why we especially welcome applications from under-represented groups. We're disability confident. So, if you'd like reasonable adjustments to be made to our recruitment processes, just let us know We also offer a wide-ranging benefits package, which includes A generous pension contribution of up to 15% An annual performance-related bonus Share schemes including free shares. Benefits you can adapt to your lifestyle, such as discounted shopping. 30 days' holiday, with bank holidays on top A range of wellbeing initiatives and generous parental leave policies Want to do amazing work, that's interesting and makes a difference to millions of people? Join our journey.
- Company Name
- Primark
- Job Title
- Cyber Security Operations Analyst
- Job Description
- Because your new ideas are our way new ways of working. Evolve, your way. Our technology team is actively shaping the next wave of advancements. Engaged with innovative initiatives, your expertise will propel our business into the future. Collaborating with a creative team of tech enthusiasts, you’ll contribute your unique skills to fuel our technological advancements. What You’ll Get People are at the heart of what we do here, so it’s essential we provide you with the right environment to perform at your very best. Let’s talk lifestyle: Healthcare, pension, and potential bonus. 27 days of leave, plus bank holidays and if you want, you can buy 5 more. Because Primark is all about tailoring to you, we offer Tax Saver Tickets, fitness centre, and a subsidised cafeteria. What You’ll Do as a Cyber Security Operations Analyst We want you to feel challenged and inspired. Here, you’ll develop your skills across a range of responsibilities: Build and maintain expert knowledge and understanding of our security technologies, building the delivery of process and system improvements, proactively seeking continuous improvement supported with plans, ensuring best practices are incorporated Executing the approval process for security-related tickets in Primarks service desk system for the Primark environment Contribute to the execution of Security Operations Centre (SOC) capabilities, ensuring efficient and effective operation of detection, threat and incident response Participant in the triaging events from a wide range of sources, including reports from employees, security systems and threat intelligence data Perform analysis and response to detected events, escalating issues where appropriate Conduct reviews of events, incidents, trends, industry publications and make recommendations on improvements Supporting the wider team with reporting in our metrics reporting Enforcing standardised and consistent processes, troubleshooting, and best practice applied to current process and capabilities Contribute to cyber security planning, requirements, design, implementation, Independent Verification & Validation, including tooling decisions through discussion, presentations, reviews, and written communication What You’ll Bring Here at Primark, we want everyone to feel valued – so please bring your authentic self to work, of course with some other key experience and abilities for this role in particular: 3+ years enterprise cybersecurity IT experience, ideally with Cloud technologies and On premise experience Experience in Cyber Security Operations with a track record in Incident Response and Investigations Solid foundation in modern operating systems and networking protocols Experience of working in multi-skilled teams Strong appreciation & adherence to processes, defined roles & responsibilities and high-quality delivery An appropriate degree, equivalent qualification or experience A recognised security certification is desirable e.g. GIAC, CompTIA, Microsoft, CISM, CISA, CISSP or CRISC About Primark At Primark, people matter. They’re the beating heart of our business and the reason we’ve grown from our first store in Dublin in 1969 to a £9bn+ turnover business and over 80,000 colleagues and over 440 stores in 17 countries today. Our values run through everything we do. In essence, we're Caring and always strive to put people first. We're also Dynamic, bravely pushing the boundaries to stay ahead. And finally, we succeed Together. If you need any reasonable adjustments or have an accessibility request, during your recruitment journey, such as extended time or breaks between online assessments, a sign language interpreter, mobility access, or assistive technology please contact your talent acquisition specialist. All offers of employment are subject to background checks, including right to work, reference education and for some roles criminal, and financial checks. If you have any concerns, please reach out to our talent acquisition team to discuss.
- Company Name
- DXC Technology
- Job Title
- Security Architect
- Job Description
- Job Description Job Title: Security Architect Location: NEWCASTLE Salary: Competitive Security Clearance: MOD SC (willing and able to obtain DV) About DXC Technology DXC Technology is a global IT services leader, providing cutting-edge technology solutions to modernize and secure IT infrastructure. With expertise in cybersecurity, cloud computing, and digital transformation, DXC empowers organizations to achieve operational excellence. Role Overview As a Security Architect, you will be responsible for enhancing the security posture of DXC’s client services by ensuring full compliance with the NIST 800-53 framework. You will evaluate existing security controls, map them to NIST standards, and develop new controls and documentation to improve compliance and overall security. Key Responsibilities Architect and oversee the implementation of security solutions in compliance with NIST 800-53 Work closely with the customer’s architecture team to develop and implement security strategies Identify security risks, define security requirements, and recommend remediation strategies Develop and enforce security policy standards to ensure compliance with customer security requirements Provide technical leadership on security projects and mentor junior team members Stay up to date with DXC’s portfolio of security products and services, recommending best-fit solutions Support incident investigations and security control enhancements Ensure security architectures align with industry frameworks such as TOGAF and SABSA Key Deliverables Gap Analysis Report: Assessing current security posture against NIST 800-53 Security Control Mapping: Documenting alignment of existing controls with compliance frameworks Implementation Plans: Designing and deploying new security controls Updated Security Documentation: Policies, procedures, and system security plans Essential Qualifications & Experience BSc/MSc in IT Security or a related field, or relevant industry experience 5+ years of experience in security architecture, with at least 2 years in a similar role Strong knowledge of NIST 800-53, ISO27001, PCI DSS, and COBIT Experience with security frameworks (SABSA, TOGAF) Understanding of threat and risk analysis methodologies Experience in cloud security (Azure, AWS, Google) Ability to work in high-security HMG and MOD environments Desirable Certifications CompTIA Security+, CISSP, CISM, CCSP, TOGAF, SABSA SCF CESG Certified Cyber Professional (CCP) in Security Architecture or Risk Management ISO27001 Lead Auditor Why Join DXC Technology? At DXC, you will work on high-profile security projects, collaborating with some of the industry’s top professionals. We provide a dynamic, high-security environment where your expertise will directly contribute to national security and business resilience. Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here.
- Company Name
- AVEVA
- Job Title
- Senior Manager - Human Centric Security (EMEA)
- Job Description
- AVEVA is creating software trusted by over 90% of leading industrial companies. Job Title: Senior Manager - Human Centric Security (EMEA) Location: London or Cambridge, UK Employment Type: Full-time The job The Regional Senior Manager for Human Centric Security is responsible for overseeing the physical security operations for the EMEA region and ensuring the safety and protection of AVEVA colleagues, guests, assets and buildings. This role requires strategic leadership, the ability to work cross-functionally and an in-depth understanding of physical security systems, risk management and regulatory compliance. This role demands excellent stakeholder management and consultancy skills with experience of engaging with stakeholders at all levels. This role also requires travelling globally and work flexible hours as needed to support the business in the location that AVEVA operates in. Whilst the position sits within AVEVA, collaboration with our operational units within Schneider Electric, RIB and ETAP, will be required. Key Responsibilities Responsible for defining and delivering the Physical and Access Control strategy, roadmap and program, including compliance monitoring and enforcement. Lead, develop, improve and deliver all aspects of Physical and Access Security services: Physical Site Protection, Access Control, Monitoring and Response, Site and Functional Resilience, Security Site Inspections, Security Investigations and Workplace Violence within the region. Develop, embed and execute comprehensive Physical Security and Access Control policies and procedures to mitigate risks and to protect AVEVA's people, assets and reputation. Collaborate with site leadership to develop and enforce site-specific security directives tailored to local needs and regulations as well conducting periodic site assessment and addressing gaps identified. Develop and maintain-depth physical security site profiles, including mapping physical security design and installation and associated details. Lead on communication with the site leaders and key stakeholders to raise the site understanding of security policy, process and initiatives. Act as a first point of contact for security concerns and questions and escalate appropriately. Oversee the management of physical security measures, such as access control systems, surveillance, and emergency response procedures. Be the regional point of contact for the Global Security Operations Centre, managing escalations and incidents to an effective and prompt resolution. Manage site and functional resilience to enable critical operations to continue to operate in the event of an incident affecting site. Managing Workplace Violence mitigation and be the conduit between Legal, HR and Local Law Enforcement agencies. Responsible for supplier management of physical and access services and monitoring supplier performance in line with contractual obligations. On-going compliance testing in line with key security policies. Lead and provide expert leadership with regional physical security incidents and investigations (People, Buildings or Asset related) ensuring prompt effective resolution. Responsible for providing key Physical Security and Access services to Schneider Electric’s business units: ETAP and RIB. Analyse security data and intelligence to identify trends, assess risks, and recommend proactive measures to enhance the overall security posture. Providing support to the Travel Safety and Events service, in particular risks assessments and event security preparation, planning and execution. Represent AVEVA's physical security interests and collaborate with external stakeholders, such as law enforcement, government agencies, and industry partners to ensure AVEVA can appropriately respond to emergency issues. Ensure the team operates within budget and resource constraints, optimizing efficiency and cost-effectiveness. Stay abreast of industry best practices, emerging threats, and technological advancements to continuously improve AVEVA's physical security capabilities. Establish and maintain relationships with key external stakeholders, including Schneider Electric ecosystem, subject matter experts, organisations, and suppliers, to facilitate information sharing around improving organisational security and resilience. Prepare and present reports on Physical Security and Access matters to senior leadership. Lead, motivate, and mentor direct reports, including communicating clear expectations, setting performance objectives, providing regular and timely constructive feedback, ensuring balanced workload and providing guidance on professional growth. Ensure all services are documented with SOPs/Playbooks and KPIs, to report on performance and delivering continuous improvement. Essential Requirements Minimum 7 years of progressive experience in security management, with a proven track record of leading global physical security teams. Extensive knowledge of physical security and risk management, ideally in the context of an international organisation experience in high risk and complex operating environments. Exceptional communications and relationship building skills; effective at building trust and confidence. Strong interpersonal skills and ability to work well under pressure while juggling multiple tasks as required. Demonstrate ability to work with diverse and cross-cultural teams to achieve common objectives. Strong leadership and people management skills, with the ability to inspire and motivate a diverse geographically distributed team. Experienced in developing and implementing Human Centric Security policies. Desired Skills Experience in leading Trust, Impact, Curiosity and with Inspiration. Excellent skills in developing strong trusted relationships built on understanding their needs and delivering what’s promised. Ability to manage expectations and avoids ‘surprises’ to provide a superior customer and client experience and build long-term relationships. Strong interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels. Excellent ability to manage multiple tasks within set deadlines whilst managing expectations of invested parties. Excellent verbal and written communication skills, with the ability to convey complex information clearly and concisely to executive leaders and diverse global audiences. Expert in strategic decision-making with board organisational impact. Expert in presentation skills, capable of engaging and inspiring audiences from diverse cultural backgrounds. Encourages and drives innovation when problem solving. Expert at deconstructing large complex problems into solutions that can be easily understood and executed by business and digital teams. Able to assess control effectiveness in terms of business risks, compliance position and develop strategies to manage non-compliances Highly skilled at planning and leading teams to perform compliance reviews against policy and standa...