Lead Information Security Analyst

Nomura Overview:

Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit

Nomura Services, India supports the group's global businesses. With world-class capabilities in trading support, research, information technology, financial control, operations, risk management and legal support, the firm plays a key role in facilitating the group's global operations.

At Nomura, creating an inclusive workplace is a priority. Our approach to inclusion encompasses a variety of initiatives, including sensitization campaigns, implementing conducive policies & programs, providing infrastructure support and engaging in community events. Over time, we have made meaningful progress in these areas, and this commitment has been well-recognized across the industry. We are proud recipients of the prestigious Top 10 Employers award by the India Workplace Equality Index (IWEI), IWEI Gold Employer of Choice awards, India CSR Leadership Award 2024 for Holistic Village Development Program and the YUVA Unstoppable Changemaker Awards.

Job Title:

Global Cyber Threat Intelligence – Vulnerability Intelligence Lead

Corporate Title:

Senior Analyst

Division:

Group IT Head Office (部)

Department / Group:

Information Security (課)

Location:

India

1) Job/Group Overview:

Nomura is an Asia-based financial services group with an integrated global network spanning over 30 countries. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Retail, Asset Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leaders.  

Nomura employs a robust Information Security department, members of which are located in all of its major regions, namely EMEA, Americas, India and Japan. This team is responsible for designing, implementing and maintaining Nomura's Global Cyber Threat Intelligence (GCTI) strategy and practise across all these regions.

The team's focus is to serve as the single point of contact for all Information Security related CTI queries, concerns and technologies. The team provides a high standard of user and business support in a responsive and timely manner across all businesses, takes responsibility and ownership for maintaining the global/regional strategy, and delivers the operational deployment of global/regional security services in a manner consistent with the common business goals and objectives in the region.

2) Key Responsibilities:

The candidate will need to have a solid grounding within both Cyber Threat Intelligence and understanding of wider cyber security practices 

• Lead a team of CTI analysts in tracking, analyzing and reporting on emerging vulnerabilities and associated exploitation trends.
• Develop and maintain CTI processes for ingesting and prioritizing vulnerability data from open-source, commercial and government sources.
• Conduct and oversee enrichment of CVEs based on threat actor capability, intent and exploitability in the wild.
• Track and analyze Proof of Concepts (POC) to recommend detection and mitigation strategies.
• Represent GCTI in vulnerability-related threat briefings, incident response, continuous testing and tabletop exercise.
• Deliver threat intelligence products (strategic, operational and tactical) focused on high-risk vulnerabilities and exploit campaigns.
• Liaise with Internal security teams such as SOC, Vulnerability management, threat hunting and others.
• Support executive communication with summaries of significant vulnerability threats.

Additional Responsibilities

• Create, develop, and manage tools and scripts/process to assist in the monitoring of cyber risk, intelligence sources, and automation of processes.
• Work closely with other pillar leads within GCTI on ad hoc tasks.
• Proactively engage in the GCTI Request For Information (RFI) process and contribute to ongoing investigations in a fast passed environment. 
• Project management of Intelligence Lifecycle, including documentation.
• Occasional off-hours and weekend work required.

3) Requirements (indicate mandatory and/or preferred)

Mandatory

• Approximately 8+ years of experience in Information Security, including a minimum of 3 year in Cyber Threat Intelligence.
• Proficient with OSINT gathering techniques and dark web monitoring concepts.
• Knowledge of cyber threat intelligence models (e.g. MITRE ATT&CK, Kill Chain, Diamond Model) and experience in applying them to analysis.
• Knowledge of methodologies and techniques for identifying, prioritizing, and classifying cyber threats.
• Experience tracking and understanding threats from: Nation State threat actors, cybercrime, extremist groups, hacktivism, malware, vulnerabilities, fraud, and social engineering techniques.
• Strong verbal and written communication skills.
• Good organization, communication, and coordination skills are essential for this position.

Preferred

• Any security certifications, such as:  CTIA, CISSP, CISM, CISA, Security+, CEH, CCSK, or similar industry recognized certifications.
• Knowledge of controls frameworks such as NIST CSF, NIST SP 800-53, ISO 27001/2, CIS, and FISC.
• Experience working in a global team

4) Personal Characteristics:

• Strong communication skills, ability to work comfortably with different regions.
• Good team player, ability to work on a local, regional and global basis and as part of joint cross location teams and cross functional teams.
• Ability to be pro-active and self-manage tasks through to completion.
• Able to perform under pressure.

Nomura Leadership Behaviours:

Leadership
Behaviours

Description

Element

Exploring Insights & Vision

Comprehensively analyse the nature
of the problems we face and set our
focus toward the future vision

• Gather Intelligence
• Create a vision
• Identify an issue

Making Strategic Decisions

Analyse options and feasibility to resolve issues, in making
judgments and recommendations

• Identify countermeasures
• Assess feasibility
• Make a judgment

Inspiring Entrepreneurship in People

Promotes the vision and goals to others in such a way that inspires commitment and independent contributions

• Influence
• Inspire
• Commit

Elevating Organizational Capacity

Maximize organizational productivity through leadership development and
engagement

• Have an ownership in own development
• Support other's growth
• Encourage organizational growth

Inclusion

Respect diverse perspectives and
promote psychological safety
and the creation of a risk culture

• Foster psychological
  safety
• Encourage the active
  participation of all talent
• Foster a risk culture

We are committed to providing equal opportunities throughout employment including in the recruitment, training and development of employees. We prohibit discrimination in the workplace whether on grounds of gender, marital or domestic partnership status, pregnancy, carer's responsibilities, sexual orientation, gender identity, gender expression, race, color, national or ethnic origins, religious belief, disability or age.

*Applying for this role does not amount to a job offer or create an obligation on Nomura to provide a job offer. The expression "Nomura" refers to Nomura Services India Private Limited together with its affiliates.