About the Author

THOMAS (NATE) THORNTON

Cybersecurity Leader | Security Operations | Program & Audit Governance

PROFESSIONAL SUMMARY

Cybersecurity leader with end-to-end accountability for a 24x7 Security Operations Center serving the Americas at a global tier-1 financial institution. Owns detection coverage, control effectiveness, and audit posture for all regional entities, and is leading the enterprise centralization of SOC services across global regions. Currently re-architecting the SOC program around AI to accelerate detection and response, reduce analyst toil, and create the efficiency required to scale the function globally. Combines operational depth in incident response with executive-facing program leadership, and a proven record of scaling high-performing, multinational security teams. CISSP-certified.

CORE COMPETENCIES

Security Operations & 24x7 Monitoring • Incident Response & Crisis Command • SOC Strategy, Centralization & Operating Model • AI-Enabled Security Operations & Program Transformation • Detection Coverage & Control Effectiveness • Regulatory & Audit Management (FFIEC, NIST CSF, SOX, ISO 27001) • Executive, Board & Regulator Engagement • Multi-Million-Dollar Budget & Roadmap Ownership • Team Scaling, Talent Development & Succession • Vendor & Security Tool Portfolio Management • Global & Cross-Functional Program Delivery

PROFESSIONAL EXPERIENCE

MUFG Bank, Ltd.

July 2017 – Present

Progressive leadership across four roles at one of the world’s largest financial institutions, advancing from enterprise project management to ownership of the Americas SOC and global SOC centralization.

Head of Security Operations Center, Americas (Person-in-Charge)

May 2025 – Present

Own the cybersecurity monitoring program for all MUFG Americas legal entities, with full accountability for detection coverage, control effectiveness, and audit posture across the region.
Lead the global centralization of SOC services; Americas-led processes and standards have been adopted as the enterprise baseline for all other regional entities.
Drive key components of the re-architecture of the SOC program around AI, embedding AI-enabled capability across the process to increase speed and efficiency and unlock the operating leverage needed to scale the function globally.
Direct adoption of AI across multiple workflows across multiple teams to compound team throughput, directly supporting the firm’s global SOC centralization strategy.
Established a net-new program to onboard applications into monitoring controls, producing an auditable, defensible, and repeatable framework that is becoming the firm’s standard of record.
Set multi-year strategy, develop multi-million-dollar budgets, and build roadmaps that balance detection maturity, regulatory obligations, and business priorities.
Direct multiple concurrent high-priority initiatives, setting requirements, aligning cross-functional and international partners, and overseeing execution through delivery.
Serve as program owner through internal and external audits, closing cycles with zero findings.
Partner directly with executive leadership to deliver the secure go-live of multiple business-critical systems in parallel, ensuring monitoring controls are in place at launch.
Brief global executive leadership and key stakeholders on program health, emerging threats, and strategic direction.

Security Operations Center (SOC) Manager, US

March 2024 – May 2025

Directly managed a multi-function SOC team across monitoring, triage, and response, ensuring consistent 24x7 coverage with strong hand-offs across shifts and geographies.
Overhauled the firm’s incident reporting process, materially reducing the time between initial filing and first assessment by the security team.
Commanded multiple high-severity incidents, coordinating across business, legal, technology, and executive stakeholders to contain risk and minimize business disruption.
Designed and launched a new-hire onboarding program that increased engagement and significantly shortened the ramp from start date to independent casework.
Built individual development plans, mentored analysts through promotions into senior and specialist roles, and strengthened retention and job satisfaction across the team.
Delivered regular executive reporting on SOC performance, coverage, and security events to global senior leadership.

Operations Manager, Security Operations

July 2019 – March 2024

Led programs for the Cyber Security Operations team, specializing in initiatives addressing key regulatory risks.
Served as the primary relationship owner for SOC consumers and partner teams across the firm’s global footprint.
Partnered across the department to shape strategy and convert it into achievable roadmaps aligned to enterprise security objectives.
Delivered multiple high-profile regulatory initiatives under compressed timelines, closing several high-visibility regulatory issues.
Directed technology deployments, maturity assessments, and process improvements across multiple operational domains, strengthening firm-wide security posture.
Created and delivered executive-facing reporting on complex technical subjects, including recurring presentations to global senior leadership.

Information Technology Project Manager

July 2017 – July 2019

Delivered one of the firm’s first global projects on time, on scope, and on budget, establishing a partnership model later used as the template for globalizing other enterprise functions.
Built a labor-forecasting tool adopted as an organization-wide best practice, significantly reducing forecast variance and the time required to produce forecasts.
Coordinated 200+ contributors on a program with a budget exceeding $10M, delivering without cost overruns.

SELECTED PROGRAM HIGHLIGHTS

Security Stack Deployment

Led deployment of 25+ cybersecurity tools and their associated functions into a new network within six months, materially strengthening the organization’s security posture.
Orchestrated work across multiple departments, legal entities, and workstreams while navigating complex regulatory, technology, and business requirements.

Identity & Access Management (IAM) Remediation

Led IAM review and remediation for 200+ applications in two months, lifting compliance with security policy and closing a key regulatory issue.
Directly managed a team of 10+ across multiple workstreams and influenced executive stakeholders to close work on time against a hard regulatory deadline.
Designed a lightweight work-tracking and productivity system that scaled from the direct team to program-level oversight of 100+ contributors.

Global Security Monitoring Deployments

Executed multiple greenfield SOC deployments into new regions under tight timelines and budgets.
Bridged cultural and language gaps to form cohesive global teams across legal entities.
Designed and deployed a scalable global SOC operating model and architecture.

CERTIFICATIONS & PROFESSIONAL DEVELOPMENT

Certified Information Systems Security Professional (CISSP) — ISC2, 2023
MUFG Project Management Academy — MUFG Union Bank, 2017 – 2019

EDUCATION

Bachelor of Engineering, Mechanical — McGill University, May 2017

TECHNICAL PROFICIENCIES

Frameworks & Compliance: FFIEC CAT, NIST CSF, SOX, ISO 27001

Security Operations: SIEM, incident response & command, root cause analysis, log review and analysis

AI: Claude Code, Microsoft Copilot, GitHub Copilot, integration of AI automation capabilities into production workflows

Network & Architecture: Firewalls, proxies, LAN/WAN, DMZ, network segmentation, high availability, disaster recovery, load balancing

Cloud & Platforms: Auto-scaling, object storage, managed databases, serverless, Windows, UNIX/Linux

Identity & Access: Access control, IAM remediation programs

Tools: Python, ServiceNow, Jira, Confluence, Microsoft Project, Excel, PowerPoint

Nate Thornton