N

Principal Information Security Specialist

Nomura · State of Mahārāshtra, India

~₹55L (est.)10–18 yrs experiencePosted 3w ago
Apply now →

Job description

Job Code: 10579 Country: IN City: Mumbai Skill Category: IT\\Technology Description: **Nomura Overview:** Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com. Nomura Services, India supports the group’s global businesses. With world-class capabilities in trading support, research, information technology, financial control, operations, risk management and legal support, the firm plays a key role in facilitating the group’s global operations. At Nomura, creating an inclusive workplace is a priority. Our approach to inclusion encompasses a variety of initiatives, including sensitization campaigns, implementing conducive policies & programs, providing infrastructure support and engaging in community events. Over time, we have made meaningful progress in these areas, and this commitment has been well-recognized across the industry. We are proud recipients of the prestigious Top 10 Employers award by the India Workplace Equality Index (IWEI), IWEI Gold Employer of Choice awards, India CSR Leadership Award 2024 for Holistic Village Development Program and the YUVA Unstoppable Changemaker Awards. ### **JOB DESCRIPTION** ### **Job title: Information Security GRC Specialist** ### **Corporate Title: Vice-President** ### **Department: Information Security** **Department Overview** Nomura has a robust global Information Security department, members of which are located in all of our major regions, namely Japan, Americas, India, Asia Excluding Japan (AeJ) and EMEA. This role will report directly to the CISO located in Japan and will be a senior member of the Global Information Security Leadership team. **Key Objectives Critical to Success** **Nomura is searching for a senior Information Security professional (VP corporate title) to be part of global security Governance, Risk, and Compliance** (GRC) **function within the global CISO Team. The candidate will support the regional Head of Information Security (located in Japan) and the global Security Head of** GRC **(located in Singapore) to enhance the unified risk and control framework (CRI) that is mapped across NIST 2.0 and multiple global cyber regulations. The ideal candidate is very knowledgeable in performing assessment and analysis of cyber risks and control gaps as well as developing actionable recommendations and action plans to close control gaps and mitigate risks. The candidate is expected to be experienced in Security Risk Management & Governance, Security Control Management, and Regulatory Compliance, as well as Vendor & Third-Party Risk Management.****The position plays a critical role in establishing business-aligned risk and control management framework, driving adoption of risk assessment best practices, and ensuring compliance with regulatory and industry standards.** **It is important to note that although the candidate is located in Japan, the position is part of a global CISO Team and will not only assume regional responsibilities, but will also be responsible for contributing to the development of the global Security GRC strategy and roadmap, policies, standards, processes, etc. It is also expected that the candidate supports the other regions as needed with regards to Security GRC requirements.** **Responsibilities** - Be a point of contact for all the regional regulatory requirements, internal and external audit queries, and ensure that the CISO Risk Register is maintained and updated regularly with new risks, issues, control gaps, recommendations, etc. - Manage required reporting to regional management as required. - Support global security GRC requirements as well as assist other regions whenever needed. - Track and manage the requirements of information security policies, standards, and processes. - Demonstrate strong knowledge and practical experience in Information Security Management frameworks such as ISO, NIST, CRI, etc. - Experience in managing regulatory inquiries and audits, including coordinating responses and remediation efforts. - Perform security threat and risk assessments on key topics following our methodology; as needed, collaborate with the Security Architecture and Engineering Team regarding technical solutions and controls. - Demonstrate hands-on experience in business-aligned risk assessments on information systems, applications, and third-party vendors, cloud platforms. - Demonstrate strong collaboration skills along with the ability to effectively communicate complex security related information to a business audience including risk identification, assessment, and remediation activity. - Remain up to date with security risk and control methodologies and frameworks, assessment techniques, and evolving cyber threats and risks – and share new developments with the regional and global teams as needed. - Maintain relationships with the global information security teams (e.g., Security Architecture, Data Protection, Cyber Threat Intel), legal, communications, IT, risk, finance, control, and HR groups. - Educate and contribute to increasing awareness of security risk and control management across the organization. - Support and embed practices for the effective and timely reporting to appropriate security risk and control committees on the evolution and progress of the Information Security Strategy including regular status updates for reporting to the Group CISO. - Understand the impact of our deliverables on the business including ensuring a c