Head of Information Security Transformation

Overview

The Head of Information Security Transformation plays a critical role in leading and executing cybersecurity initiatives for MUFG PMS globally. This position is responsible for ensuring that projects are completed on time, within budget, and aligned with strategic security objectives. This role will manage a team of cybersecurity experts, overseeing resource allocation and balancing capacity needs across multiple projects while supporting the execution of the Information Security strategy, aligning security objectives with business outcomes through expert advice and early engagement. You will act as a trusted strategic advisor, guiding internal and external stakeholders on best practices in information security, architecture & design, identity access management, risk management and vulnerability remediation within a hybrid cloud and on-premise technology environment globally.
  Key Accountabilities and main responsibilities Strategic Focus

• Develop and implement global cybersecurity project delivery strategies, ensuring alignment with the Group’s overarching security goals and regulatory obligations
• Deliver on the information security strategy and controls roadmap, collaborating with the CISO to ensure comprehensive development and execution.
• Collaborate with senior leadership to integrate cybersecurity objectives into broader organisational plans and strategies, enabling business and client outcomes.
• Support the CISO in the development of the overall information security strategy and roadmap.
• Work with Technology leaders to define Information Security inputs for technology roadmaps.

Operational Management

• Define global security reference architecture including baseline configuration for security tools.
• Prioritise and sequence cybersecurity initiatives to optimise resource utilisation and address the most critical risks and business impacts.
• Act as the interface between Information Security and the Business from a project delivery perspective. 
• Provide expert advice to business leaders to ensure information security risks are understood and mitigated where possible.
• Oversee the planning, execution, and monitoring of cybersecurity projects, ensuring efficient and high-quality delivery.
• Implement effective project management frameworks and methodologies, including Agile where appropriate, to drive flexibility and responsiveness.
• Optimise resource capacity by assigning team members to projects in alignment with project demands and strategic priorities.
• Ensure clear communication and coordination with IT, business units, and external vendors, facilitating smooth project execution and resolving conflicts as needed.
• Increase delivery, consistence, visibility and awareness of information security services and advice.
• Provide security tooling and support aligned to strategy and SLAs in an efficient and easy to engage manner. 
• Provide balanced advice to key stakeholders and project resources which aligns with International Information Security frameworks and reduces the risk of control weaknesses being introduced by projects.

People Leadership

• Lead a team of cybersecurity experts, providing guidance, mentorship, and professional development opportunities.
• Foster a culture of collaboration, accountability, and continuous improvement within the team.
• Develop strategies to enhance the skills and knowledge of team members, preparing them to adapt to new challenges and technologies.
• Balance and align team members’ workloads, ensuring effective resource allocation while promoting team well-being and engagement.

Governance & Risk

• Identify, assess, and manage risks associated with project delivery, implementing proactive mitigation strategies to minimise impact.
• Ensure compliance with security policies, regulatory requirements, and industry standards across all projects.
• Regularly review and report project progress, risks, and key metrics to senior leadership, maintaining transparency and accountability.
• Maintain robust governance practices, ensuring adherence to financial and operational controls, and manage project budgets effectively. 

The above list of key accountabilities is not an exhaustive list and may change from time-to-time based on business needs.
  Experience & Personal Attributes

• Thorough understanding of information security operations and governance concepts, including best practices, techniques, processes, and technologies
• 5+ years of experience in project delivery within cybersecurity or IT environments, with a proven track record of delivering complex projects successfully
• Strong experience with control frameworks such as ISO27001, NIST, CPS234, and COBIT
• Extensive experience with security technologies, including Intrusion Detection, Anti-virus/anti-malware, Database Activity Monitoring, Data Loss Prevention, Penetration Testing, Firewalls, and Security Log management tools
• Ability to identify key risks, issues, trends, and patterns in complex security problems
• Sound knowledge of security best practice controls and control frameworks
• Ability to define pragmatic solutions for security requirements in a fast-paced environment
• Ability to work accurately under pressure, following processes and procedures
• Well-developed communication skills, capable of clearly and concisely describing complex issues and actions
• Knowledge of enterprise risk frameworks and best practice risk management processes
• Experience managing a team and planning the capacity of technical resources
• Exposure to large financial services organisations and understanding the associated risks
• Thorough understanding of information security operations and governance concepts, including best practices, techniques, processes, and technologies.
• 5+ years of experience in project delivery within cybersecurity or IT environments, with a proven track record of delivering complex projects successfully
• Extensive experience with security technologies, including Intrusion Detection, Anti-virus/anti-malware, Database Activity Monitoring, Data Loss Prevention, Penetration Testing, Firewalls, and Security Log management tools
• Ability to identify key risks, issues, trends, and patterns in complex security problems
• Formal Information Security or Project Management certifications such as CISSP, CISM, PMP, or equivalent are highly desirable.
• Demonstrate accountability - takes ownership of decisions and proactively leads change. 
• Technical Proficiency: Strong understanding of cybersecurity principles and technologies to communicate effectively with technical teams and stakeholders.
• Problem-Solving & Analytical Abilities: Demonstrates a proactive approach to identifying and resolving issues, with strong decision-making capabilities.
• Strategic Thinking: Ability to prioritise and manage multiple projects in a fast-paced, dynamic environment. 
• Demonstrate a high level of energy and resilience to operate in challenging environment.
• Demonstrate a high level of autonomy in delivering outcomes.
• Decision Making - Making decisions at the appropriate time, considering the needs of the situation, priorities, constraints, and the availability of necessary information.

 

MUFG Pension & Market Services is a global, digitally enabled business that empowers a brighter future by connecting millions of people with their assets – safely, securely and responsibly. 

Through our two businesses MUFG Retirement Solutions and MUFG Corporate Markets, we partner with a diversified portfolio of global clients to provide robust, efficient and scalable services, purpose-built solutions and modern technology platforms that deliver world class outcomes and experiences. 

A member of MUFG, a global financial group, we help manage regulatory complexity, improve data management and connect people with their assets, through exceptional user experience that leverages the expertise of our people combined with scalable technology, digital connectivity and data insights.