Principal Information Security Specialist

Nomura Overview:

Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit

Nomura Services, India supports the group's global businesses. With world-class capabilities in trading support, research, information technology, financial control, operations, risk management and legal support, the firm plays a key role in facilitating the group's global operations.

At Nomura, creating an inclusive workplace is a priority. Our approach to inclusion encompasses a variety of initiatives, including sensitization campaigns, implementing conducive policies & programs, providing infrastructure support and engaging in community events. Over time, we have made meaningful progress in these areas, and this commitment has been well-recognized across the industry. We are proud recipients of the prestigious Top 10 Employers award by the India Workplace Equality Index (IWEI), IWEI Gold Employer of Choice awards, India CSR Leadership Award 2024 for Holistic Village Development Program and the YUVA Unstoppable Changemaker Awards.

Department Overview

Nomura has a robust global Information Security department, members of which are located in all of our major regions, namely Japan, Americas, India, Asia Excluding Japan (AeJ) and EMEA. This role will report directly to the CISO located in Japan and will be a senior member of the Global Information Security Leadership team.

Key Objectives Critical to Success

Nomura is searching for a senior Information Security professional (VP corporate title) to be part of global security Governance, Risk, and Compliance (GRC) function within the global CISO Team. The candidate will support the regional Head of Information Security (located in Japan) and the global Security Head of GRC (located in Singapore) to enhance the unified risk and control framework (CRI) that is mapped across NIST 2.0 and multiple global cyber regulations. The ideal candidate is very knowledgeable in performing assessment and analysis of cyber risks and control gaps as well as developing actionable recommendations and action plans to close control gaps and mitigate risks. The candidate is expected to be experienced in Security Risk Management & Governance, Security Control Management, and Regulatory Compliance, as well as Vendor & Third-Party Risk Management. The position plays a critical role in establishing business-aligned risk and control management framework, driving adoption of risk assessment best practices, and ensuring compliance with regulatory and industry standards.

It is important to note that although the candidate is located in Japan, the position is part of a global CISO Team and will not only assume regional responsibilities, but will also be responsible for contributing to the development of the global Security GRC strategy and roadmap, policies, standards, processes, etc. It is also expected that the candidate supports the other regions as needed with regards to Security GRC requirements.

Responsibilities

• Be a point of contact for all the regional regulatory requirements, internal and external audit queries, and ensure that the CISO Risk Register is maintained and updated regularly with new risks, issues, control gaps, recommendations, etc.
• Manage required reporting to regional management as required.
• Support global security GRC requirements as well as assist other regions whenever needed.
• Track and manage the requirements of information security policies, standards, and processes.
• Demonstrate strong knowledge and practical experience in Information Security Management frameworks such as ISO, NIST, CRI, etc.
• Experience in managing regulatory inquiries and audits, including coordinating responses and remediation efforts.
• Perform security threat and risk assessments on key topics following our methodology; as needed, collaborate with the Security Architecture and Engineering Team regarding technical solutions and controls.
• Demonstrate hands-on experience in business-aligned risk assessments on information systems, applications, and third-party vendors, cloud platforms.
• Demonstrate strong collaboration skills along with the ability to effectively communicate complex security related information to a business audience including risk identification, assessment, and remediation activity.
• Remain up to date with security risk and control methodologies and frameworks, assessment techniques, and evolving cyber threats and risks – and share new developments with the regional and global teams as needed.
• Maintain relationships with the global information security teams (e.g., Security Architecture, Data Protection, Cyber Threat Intel), legal, communications, IT, risk, finance, control, and HR groups.
• Educate and contribute to increasing awareness of security risk and control management across the organization.
• Support and embed practices for the effective and timely reporting to appropriate security risk and control committees on the evolution and progress of the Information Security Strategy including regular status updates for reporting to the Group CISO.
• Understand the impact of our deliverables on the business including ensuring a cost/benefit analysis is conducted to ensure service value add is understood.
• Provide ongoing reporting of cyber risk exposure into governance committees, meetings with key stakeholders, and escalate problems.
• Liaise with external agencies and information-sharing networks as needed.

Skills, experience, qualifications and knowledge required

• Must have 10+ years of experience in Information Security GRC preferably in the financial industry, or related roles, with at least 5 years in a senior technical position in the GRC domain.
• Bachelor's degree in computer science, information technology, cybersecurity, or a related field; advanced degree preferred.
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification – or equivalent – is required.
• Strong knowledge of industry best practices, standards, and regulations related to security, such as ISO 27001, NIST, and CRI, while also keeping up to date with other regulators.
• Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and communicate complex security (and technical) concepts to non-technical stakeholders.
• Proven ability to think strategically, prioritize tasks, and make sound decisions under pressure.
• Build trusted working relationships with other security functional heads, risk and compliance counterparts, operational risk teams, and business unit stakeholders.
• Ability to run with multiple tasks concurrently and manage expectations appropriately.
• Exceptional communication and interpersonal skills in English.
• Committed to continuous improvement for team and self.
• High level of integrity, professionalism, and attention to detail.
• Note that there may be occasional off-hours and weekend work required.    

Nomura Leadership Behaviours:

Leadership
Behaviours

Description

Element

Exploring Insights & Vision

Comprehensively analyse the nature
of the problems we face and set our
focus toward the future vision

• Gather Intelligence
• Create a vision
• Identify an issue

Making Strategic Decisions

Analyse options and feasibility to resolve issues, in making
judgments and recommendations

• Identify countermeasures
• Assess feasibility
• Make a judgment

Inspiring Entrepreneurship in People

Promotes the vision and goals to others in such a way that inspires commitment and independent contributions

• Influence
• Inspire
• Commit

Elevating Organizational Capacity

Maximize organizational productivity through leadership development and
engagement

• Have an ownership in own development
• Support other's growth
• Encourage organizational growth

Inclusion

Respect diverse perspectives and
promote psychological safety
and the creation of a risk culture

• Foster psychological
  safety
• Encourage the active
  participation of all talent
• Foster a risk culture

We are committed to providing equal opportunities throughout employment including in the recruitment, training and development of employees. We prohibit discrimination in the workplace whether on grounds of gender, marital or domestic partnership status, pregnancy, carer's responsibilities, sexual orientation, gender identity, gender expression, race, color, national or ethnic origins, religious belief, disability or age.

*Applying for this role does not amount to a job offer or create an obligation on Nomura to provide a job offer. The expression "Nomura" refers to Nomura Services India Private Limited together with its affiliates.