Apply now »

Job Title:  Deputy ICT Risk & Information Security Officer - Vice President

Job Code:  11667
Country:  DE
City:  Frankfurt
Skill Category:  IT\Technology
Description: 

 

 

Job Title: Deputy ICT Risk & Information Security Officer      

Corporate Title: Vice President

Business Area: Technology – Information Security

Employment Type: Full-time, Hybrid Working Model                  

Location: Frankfurt am Main, Germany

 

Company Overview

Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com

 

Role Overview

Deputy ICT Risk & Information Security Officer

The role of the ICT Risk & Information Security Officer (ISO) is established by the NFPE Management Board as a dedicated control function to manage and oversee ICT and Information Security (IS) risks as it relates to NFPE, in particular monitoring and analysis of Information Security risks and controls with respect to regulatory requirements, industry standards and Nomura policies. To strengthen and complement the NFPE ISO team, we are seeking a Deputy ISO.

 

The NFPE Deputy ISO requires a broad understanding of Information Security, IT Risk Management, IT Services and the controls that are relevant to proper oversight within the institution and with regard to third parties.

 

The position requires demonstrated expertise in Information Security and regulatory compliance, with professional qualifications and experience commensurate with the role's responsibilities.

 

 

Key Responsibilities:

 

ICT & Information Security Risk Management  and Information Security Governance

 

  • Regulatory Compliance & Framework Management: Ensure alignment and compliance of Information Security controls with applicable regulatory frameworks, including but not limited to EU DORA and BaFin's MaRisk
  • Information Security Framework Implementation: Drive the implementation and oversight of global information security strategies, policies, and standards while ensuring alignment with business objectives, regulatory requirements, and the institution's IT strategy
  • Serve as Primary Security Contact: Act as the main liaison for information security matters with internal and external stakeholders, coordinating with the global CISO organization on cross-border and group-wide security initiatives
  • Monitor Security Performance: Track security metrics, key risk indicators, and overall information security status e.g.  vulnerabilities, threats, business impact analysis, and mitigation strategies
  • Risk Assessment & Board Advisory: Perform ICT risk and Information Security assessments (incl. Third Party service providers and internal projects), provide regular and ad hoc reporting and advisory services to the management board on. Support annual ICT risk management framework reviews
  • Regulatory Relations & Audit Support: Serve as liaison with regulatory authorities on Information Security matters and support both internal and external security audits and regulatory requests
  • Group & Industry Representation: Represent NFPE (IT) in Nomura Group Committees, Forums, and industry Working Groups to ensure effective risk management integration
  • Security Awareness & Training: Develop and deliver organization-wide training programs on Information Security, ICT risk management, and regulatory compliance while fostering a culture of digital operational resilience through enhanced awareness of security risks and regulatory obligations

 

 

IS Incident Management

 

  • Incident Management Framework: Establish and maintain a comprehensive Information Security incident management framework with clear reporting channels and guidelines for employees to confidentially report incidents
  • Incident Response Coordination: Oversee security incident response processes, ensuring timely detection, reporting, and resolution of incidents, including DORA Major ICT Incident and Significant Cyber Threat notifications to competent authorities
  • Post-Incident Analysis & Improvement: Conduct thorough post-incident analysis and ensure implementation of lessons learned to strengthen future incident response capabilities

 



Skills, Experience, Qualifications and Knowledge:

 

Required Qualifications

  • Solid experience in Information Security, preferably in financial services
  • Deep knowledge of EU and German regulatory frameworks, particularly:
    • DORA (Digital Operational Resilience Act)
    • MaRisk / BAIT (Bankaufsichtliche Anforderungen an die IT)
    • NIS2 (Network and Information Security Directive 2)
    • CRA (EU Cyber Resilience Act)
  • Experience in dealing with EU regulatory authorities
  • Proven expertise in IT governance or Security frameworks (e.g., ISO2700x, COBIT, CRI)
  • Demonstrated experience in first or second line of defence roles within financial institutions
  • Strong background in ICT risk management frameworks and methodologies
  • Professional Information Security certifications (e.g., CISSP, CISM, CISA)
  • Strong stakeholder management skills
  • Fluent in German and English (written and spoken)

 

 

Preferred Qualifications

  • Experience in global financial institutions
  • Knowledge of international financial regulations
  • Advanced degree in Information Security, Computer Science, or related field
  • Experience with third-party risk management
  • Additional related certifications (e.g., CRISC, CGEIT)

 

 

What We Offer

  • Opportunity to shape and influence the CISO framework of a global financial institution
  • Competitive compensation package
  • Collaborate across multiple entities within a diverse, international team structure
  • Career advancement opportunities with potential for both local and global development pathways

 

Interested candidates who meet these qualifications are invited to submit their applications.

 

Nomura Competencies

Explore Insights & Vision

  • Identify the underlying causes of problems faced by you or your team and define a clear vision and direction for the future.

 

Making Strategic Decisions

  • Evaluate all the options for resolving the problems and effectively prioritize actions or recommendations.

 

Inspire Entrepreneurship in People

  • Inspire team members through effective communication of ideas and motivate them to actively enhance productivity.

 

Elevate Organizational Capability

  • Engage proactively in professional development and enhance team productivity through the promotion of knowledge sharing.

 

Inclusion

  • Respect DEI, foster a culture of psychological safety in the workplace and cultivate a "Risk Culture" (Challenge, Escalate and Respect).



Diversity Statement

Nomura is committed to an employment policy of equal opportunities and is fundamentally opposed to any less favourable treatment accorded to existing or potential members of staff on the grounds of race, creed, colour, nationality, disability, marital status, pregnancy, gender or sexual orientation. If you require any assistance or reasonable adjustments due to a disability or long-term health condition, please do not hesitate to contact us.

 

Nomura is an Equal Opportunity Employer

Apply now »