Cyber Security Risk and Controls Associate
Cyber Security Risk and Controls Associate
Nomura
Nomura Holdings website. Group companies, news releases, services, CSR, IR, careers information.View all jobs at Nomura
Job title: Cyber Security Risk and Controls Associate
Corporate Title: Associate
Department: Information Security (CISO) - Technology
Location: London (hybrid)
Company overview
Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com.
Department Overview
The Information Technology department at Nomura is at the forefront of innovation, driving technology solutions that empower our business and enhance client experiences. We leverage cutting-edge technologies to develop and maintain robust systems and infrastructure, ensuring the security, reliability, and efficiency of our operations. Join our team and be part of a dynamic and collaborative environment that embraces technological advancements to deliver value and drive our digital transformation journey.
Key objectives critical to success:
We are seeking an experienced Cyber Security Risk and Controls Expert who will lead in the following areas:
- Support the regional Security Risk and Controls (SRC) lead, working in coordination with regional Head of Cyber Security
- Evaluating the security posture of vendors to ensure compliance with organizational security policies and industry standards.
- Take key learnings from regulator findings, relating to policy, standards, and the Cyber Risk framework, to improve thematically the approach to Cyber Risk Management, ensuring it meets industry best practice.
- Understand key business, Cyber Risk and strategies within the Bank to ensure the Cyber Risk strategy aligns with and supports the wider strategies within the Bank.
- Ensure Cyber Risk Management is aligned to existing frameworks and programmes with enterprise Cyber Risk and operational Cyber Risk.
- Support and embed practices for effective and timely reporting, responding to internal and external audits.
Stakeholder Management and Business Alignment
- Build trusted working relationships with other security functional teams, Cyber Risk and compliance counterparts, and business unit stakeholders.
- Understand the impact of our deliverables on the business including ensuring a cost / benefit analysis is conducted to ensure service value add is understood.
Regulatory and Business Conduct
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Code of Conduct.
- Effectively and collaboratively identify, escalate, mitigate and resolve Cyber Risk, conduct and compliance matters.
- Demonstrate leadership ability to ensure that the team achieves the outcomes set out in the Bank's Conduct Framework and Principles.
- Provide ongoing reporting of Cyber Risk exposure into governance meetings and to key stakeholders and escalate any blockages
Skills, experience, qualifications and knowledge required:
- Ability to create effective work relationships across functions & borders
- Understanding of the regulatory environment and developments related to the financial services industry
- Strong change management, stakeholder and relationship management experience, ideally from within the financial services industry
- Sound knowledge of Cyber Risk governance frameworks & processes; security frameworks such as ISO27001, NIST, CIS, CRI Controls
- Experience of writing security risk assessment reports, security policies and standards
- Analytical / critical thinking skills
- Previous experience in the financial industry in areas of Risk and Governance
- Experience with Cyber Security risk assessments, risk-based decision making and risk-treatment processes
- Excellent communicator and experience of responding to audits
- Previous experience in a similar role
- An understanding of high-level cyber threat scenarios and how they can contribute to the development of a threat focused Cyber Risk framework
- Politically aware and able to facilitate outcomes where priorities and personalities are in conflict
- A self-starter, able to take initiation, to navigate within the approved parameters to work out a sensible and practical recommendation or decision
- Embrace the value of cultural diversity
- Communication Skills:
- Excellent English oral and written skills
- Ability to communicate and explain complicated Cyber Risk issues to business stakeholders in and across the bank in a simple and business-friendly way
- ISACA CISA, CRISC, CISM, CISSP certified and currently maintaining that certification
- Understand clients’ needs and issues, and respond with high-quality proposals
- Acquire capabilities to perform one’s responsibilities and contribute to being a Trusted Partner
- Produce new ideas that might challenge the status-quo or oneself
- Seek advice from senior colleagues and utilize it for improved results
- Collaborate with members from relevant departments
Influence
- Contribute to the success of the organization both quantitatively and qualitatively, and act with awareness of the impact on others
- Serve as role model and provide guidance to junior employees
Integrity
- Have a good understanding of corporate philosophy, professional ethics, compliance, risk management, and code of conduct, and make decisions and take actions accordingly
Right to Work
The UK Government have taken steps to reduce net migration to the UK by limiting the number of overseas workers from outside the EEA coming to the UK for employment. Please note that whilst we are able to consider applications from overseas workers from outside the EEA (who require a Tier 2 (General) visa) we can only employ them if we can provide evidence that there are no other suitable candidates for this vacancy from inside the EEA.
Please contact us if you are visiting our offices and require any form of personal assistance or physical adaptations to be provided for your appointment. A member of staff will be happy to help.
Diversity Statement
Nomura is committed to an employment policy of equal opportunities and is fundamentally opposed to any less favourable treatment accorded to existing or potential members of staff on the grounds of race, creed, colour, nationality, disability, marital status, pregnancy, gender or sexual orientation. If you require any assistance or reasonable adjustments due to a disability or long-term health condition, please do not hesitate to contact us.
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
