Job Description

Company overview
Nomura is an Asia-based financial services group with an integrated global network spanning over 30 countries. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Retail, Asset Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com
Job Summary:
Nomura is searching for a senior Cybersecurity professional to provide support for Cybersecurity Operational & executive KRIs which is a part of Cybersecurity Governance and Risk function within Global IT Security. The candidate will be a member of Asia ex Japan (AEJ) IT Security team, supporting regional and global cyber security teams. The candidate will support the regional IT Security head and the global Cybersecurity Governance and Risk lead to enhance the risk management methodologies and frameworks, identify and develop appropriate metrics such as key risk indicators (KRIs) to measure risks and highlight trends or themes. The metrics will be presented to senior management forums. The candidate will have excellent communication skills and work with teams across the globe on a daily basis. The candidate may be expected to take up additional responsibilities within the AEJ IT security team.

In this position, the senior cyber security professional is expected to:

• Assess the current framework, KRI metrics, processes etc. pertaining to Cybersecurity operational KRIs and provide recommendations on missing parameters and improvement plans
• Help the organization in building board level cybersecurity KRIs
• Develop operational & executive reports and dashboards to provide an update on risk posture to key stakeholders, risk owners and leadership team
• Maintain a strong understanding of risk management methodologies and frameworks.
• Present cybersecurity KRI data on a consistent basis
• Help project prioritization for quarterly planning activities that could mitigate the risks
• Educate and build awareness of cybersecurity risk management across the organization.
• Strong analytical skills along with the ability to effectively communicate complex security related information including risk identification, assessment, and remediation activity
• Knowledge and practical experience with the following risk management frameworks: ISO, NIST.
• Experience with creating and utilizing risk KPIs and KRIs with data visualization tooling
• Support and maintain relationships with global IT security teams, brand, legal, communications, IT, Risk, Finance, Control and HR groups.
• Liaise with Internal security teams such as SOC, Vulnerability Management, Digital Risk, Threat Hunting and others to enhance overall cybersecurity management programs.
• Work with external agencies and information sharing networks when needed
• Occasional off-hours and weekend work required.

Additional Responsibilities:

• Support compliance of various regulatory requirements in AEJ, including internal Audit queries for IT Security and related queries and actions related to Cybersecurity Governance and Risk.
• Support regional reporting needs including to boards, executive committees, CIO office and tech governance forum

Qualifications:
Essential experience includes:

• Minimum 10 years of experience in Banking industry with experience in Consulting under Cyber Risk Management or IT Project Management
• Experience in Governance & Cyber Risk Management, covering creation or improve metrics from regulatory/audit findings, control gaps in Cyber Risk framework, items on risk registers
• 5 years of experience in leading team of business analysts or data scientists in areas of supporting the Global Head of Governance & Cyber RIsk
• Understand key business, Cyber Risk and strategies within the Bank to ensure the Cyber Risk strategy aligns with and supports the wider strategies within the Bank by means of IT and Cyber Metrics
• Ensure Cyber Risk Management is aligned to existing frameworks and programmes with enterprise Cyber Risk
• Support and embed practices for the effective and timely reporting to appropriate Cyber Risk committees on the evolution and progress of the Cyber Risk Strategy and regular status updates for reporting to the CISO
• Build trusted working relationships with other security functional heads, Risk and compliance counterparts, and business unit stakeholders
• Understand the impact of our deliverables on the business including ensuring a cost / benefit analysis is conducted to ensure service value add is understood
• Provide ongoing reporting of Cyber Risk exposure into governance meetings and to key stakeholders and escalate any blockages
• Must possess the ability to multitask, prioritize, and manage time effectively
• Must have strong analytical skills and attention to detail
• Preferred certifications (e.g. CISSP, CISM, CRISC, PMP)
• Bachelor\'s degree required; higher education preferred

Diversity Statement
Nomura is committed to an employment policy of equal opportunities, and is fundamentally opposed to any less favourable treatment accorded to existing or potential members of staff on the grounds of race, creed, colour, nationality, disability, marital status, pregnancy, gender or sexual orientation.
DISCLAIMER: This is for reference only, and whilst this is intended to be an accurate reflection of the current job, it is not necessarily an exhaustive list of all responsibilities, duties, skills, efforts, requirements or working conditions associated with the job. The management reserves the right to revise the job and may, at his or her discretion, assign or reassign duties and responsibilities to this job at any time.

eFinancialCareers