Head of Information Security Transformation

**Overview**

The Head of Information Security Transformation plays a critical role in leading and executing cybersecurity initiatives for MUFG PMS globally. This position is responsible for ensuring that projects are completed on time, within budget, and aligned with strategic security objectives. This role will manage a team of cybersecurity experts, overseeing resource allocation and balancing capacity needs across multiple projects while supporting the execution of the Information Security strategy, aligning security objectives with business outcomes through expert advice and early engagement. You will act as a trusted strategic advisor, guiding internal and external stakeholders on best practices in information security, architecture & design, identity access management, risk management and vulnerability remediation within a hybrid cloud and on-premise technology environment globally.

**Key Accountabilities and main responsibilities**

Strategic Focus
- Develop and implement global cybersecurity project delivery strategies, ensuring alignment with the Group’s overarching security goals and regulatory obligations
- Deliver on the information security strategy and controls roadmap, collaborating with the CISO to ensure comprehensive development and execution.
- Collaborate with senior leadership to integrate cybersecurity objectives into broader organisational plans and strategies, enabling business and client outcomes.
- Support the CISO in the development of the overall information security strategy and roadmap.
- Work with Technology leaders to define Information Security inputs for technology roadmaps.

Operational Management
- Define global security reference architecture including baseline configuration for security tools.
- Prioritise and sequence cybersecurity initiatives to optimise resource utilisation and address the most critical risks and business impacts.
- Act as the interface between Information Security and the Business from a project delivery perspective.
- Provide expert advice to business leaders to ensure information security risks are understood and mitigated where possible.
- Oversee the planning, execution, and monitoring of cybersecurity projects, ensuring efficient and high-quality delivery.
- Implement effective project management frameworks and methodologies, including Agile where appropriate, to drive flexibility and responsiveness.
- Optimise resource capacity by assigning team members to projects in alignment with project demands and strategic priorities.
- Ensure clear communication and coordination with IT, business units, and external vendors, facilitating smooth project execution and resolving conflicts as needed.
- Increase delivery, consistence, visibility and awareness of information security services and advice.
- Provide security tooling and support aligned to strategy and SLAs in an efficient and easy to engage manner.
- Provide balanced advice to key stakeholders and project resources which aligns with International Information Security frameworks and reduces the risk of control weaknesses being introduced by projects.

People Leadership
- Lead a team of cybersecurity experts, providing guidance, mentorship, and professional development opportunities.
- Foster a culture of collaboration, accountability, and continuous improvement within the team.
- Develop strategies to enhance the skills and knowledge of team members, preparing them to adapt to new challenges and technologies.
- Balance and align team members’ workloads, ensuring effective resource allocation while promoting team well-being and engagement.

Governance & Risk
- Identify, assess, and manage risks associated with project delivery, implementing proactive mitigation strategies to minimise impact.
- Ensure compliance with security policies, regulatory requirements, and industry standards across all projects.
- Regularly review and report project progress, risks, and key metrics to senior leadership, maintaining transparency and accountability.
- Maintain robust governance practices, ensuring adherence to financial and operational controls, and manage project budgets effectively.

The above list of key accountabilities is not an exhaustive list and may change from time-to-time based on business needs.

**Experience & Personal Attributes**
- Thorough understanding of information security operations and governance concepts, including best practices, techniques, processes, and technologies
- 5+ years of experience in project delivery within cybersecurity or IT environments, with a proven track record of delivering complex projects successfully
- Strong experience with control frameworks such as ISO27001, NIST, CPS234, and COBIT
- Extensive experience with security technologies, including Intrusion Detection, Anti-virus/anti-malware, Database Activity Monitoring, Data Loss Prevention, Penetration Testing, Firewalls, and Security Log management tools
- Ability to identify key risks, issues, trends, and pat