Job Title:  Information Security Associate - Security Risk & Control Lead

Job title: Information Security Associate - Security Risk & Control Lead
Corporate Title: Associate
Department: Technology
Location: Jacksonville

The pay range for this position at commencement of employment is expected to be between $95,000 and $110,000 annually.

Company overview

Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com.

Aon’s Benefit Index®, Nomura’s benefits rank #1 amongst our competitors

Department overview

The Information Technology department at Nomura is at the forefront of innovation, driving technology solutions that empower our business and enhance client experiences. We leverage cutting-edge technologies to develop and maintain robust systems and infrastructure, ensuring the security, reliability, and efficiency of our operations. Join our team and be part of a dynamic and collaborative environment that embraces technological advancements to deliver value and drive our digital transformation journey.

Role description

We are seeking an experienced Information Security Associate to join our Cyber Risk Governance team lead in the Jacksonville, Florida office. This strategic role combines regulatory compliance expertise with vendor risk management leadership, serving as a critical bridge between technical security requirements and business operations.

Primary Responsibilities

US Cyber Regulations Expertise

• Maintain comprehensive knowledge of existing and emerging US cyber regulations
• Conduct thorough risk assessments on current and proposed cyber regulatory requirements
• Demonstrate proficiency with established cybersecurity frameworks (NIST, ISO 27001, SOC 2, etc.)
• Stay current with evolving regulatory landscape and assess impact on organizational compliance
• Lead and support regulatory compliance initiatives including SEC cybersecurity regulations, NYDFS Cybersecurity Regulation (23 NYCRR 500), and other applicable regulatory requirements
• Develop, implement, and maintain cybersecurity frameworks and map them to internal control structures
• Respond to Due Diligence Questionnaires (DDQs) from clients, vendors, and business partners
• Manage responses to regulatory inquiries and examinations from various oversight bodies
• Conduct risk assessments and gap analyses to ensure ongoing compliance
• Collaborate with cross-functional teams to implement control enhancements and remediation activities
• Monitor regulatory developments and assess impact on organizational compliance posture
• Prepare compliance reports and presentations for senior management and board committees
• Support audit activities and coordinate with internal and external auditors

Vendor Risk Management Leadership

• Serve as primary point of contact for vendor risk assessment activities across the US region
• Apply expertise in various vendor risk assessment frameworks and methodologies
• Collaborate effectively with regional and global business stakeholders to facilitate vendor onboarding processes
• Identify, analyze, and communicate risks associated with third-party vendor relationships
• Ensure vendor compliance with firm's security standards and regulatory

Skills, experience, qualifications and knowledge required

Technical Skills

• Deep understanding of cybersecurity frameworks and best practices
• Proven experience with vendor risk assessment methodologies
• Strong knowledge of US cyber regulatory environment
• Comprehensive understanding of risk management principles and practices
• Previous experience with any GRC platforms such as RegRoom, Cube a plus

Soft Skills

• Minimum 4+ years of relevant information security experience
• Excellent written and verbal communication abilities
• Strong stakeholder management and relationship-building skills
• Ability to translate complex technical risks into business-friendly language
• Collaborative approach to working with cross-functional teams
• Detail-oriented with strong analytical and problem-solving capabilities

Preferred Qualifications

• Relevant cybersecurity certifications (CISSP, CISA, CRISC, etc.)
• Experience in financial services or highly regulated industries
• Background in regulatory compliance and audit processes
• Project management experience

Nomura Competencies

Explore Insights & Vision

• Identify the underlying causes of problems faced by you or your team and define a clear vision and direction for the future.

Making Strategic Decisions

• Evaluate all the options for resolving the problems and effectively prioritize actions or recommendations.

Inspire Entrepreneurship in People

• Inspire team members through effective communication of ideas and motivate them to actively enhance productivity.

Elevate Organizational Capability

• Engage proactively in professional development and enhance team productivity through the promotion of knowledge sharing.

Inclusion

• Foster a culture of inclusion and psychological safety in the workplace and cultivate a "Risk Culture" (Challenge, Escalate and Respect).

*base pay offered may vary depending on multiple individualized factors, including market location, corporate and functional title and duties, job-related knowledge and advanced degrees, skills, and experience. The total compensation package for this position may also include other elements, including a sign-on bonus, restricted stock units, discretionary awards and eligibility for commissions for applicable sales roles in addition to a full range of medical, financial, and/or other benefits (including 401(k) eligibility and various paid time off benefits, such as vacation, sick time, and parental leave), dependent on the position offered. Details of participation in these benefit plans will be provided if an employee receives an offer of employment.

If hired in the U.S., employee will be in an “at-will position” and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors”.

Nomura is an Equal Opportunity Employer