Background Information:

Information Security Third Party Cyber Risk Management team conducts security assessment on vendor/third party supporting Nomura business teams for all of Nomura globally. There are various trigger points which ensure Information Security team is involved in the end to end lifecycle of Third Party engagement process and can perform necessary due diligence on the Third Party from Cyber Security perspective on information access and handling in line with Nomura policies and standard requirements.

Position Specifications:

Duties & Responsibilities:

Job Overview:
Responsibilities:

• Maintain strong governance on the third-party cyber risk assessment (TPCRM) process in terms of complying with regional and global requirements.
• Work in a strategic and operational capacity to enhance the Third Party Cyber Security Risk Management process in align with CISO goals.
• Identify non-compliances in Third Party Cyber Security control landscape and create and discuss the assessment reports with stakeholders.
• Perform Third Party Cyber Security assessments by coordinating with various business departments and Third Parties.
• Provide recommendations to the Third Party to remediate identified non-compliances and document remediation plans.
• Periodically track non-compliances reported to the Third Parties for closure and validate the evidences shared by Third Parties.
• Ensure periodic reporting on all the open items and completed assessments.
• Liaise with stakeholders such as business owner, technology owner, legal team etc. to include the Information Security requirements in the contracts with third party vendor
• Maintain and update inventory of assessments and define re-assessment calendars.
• Carry out re-assessments based on defined re-assessment calendars.
• Generate daily/weekly/monthly KRI & KPI reports for internal and senior management consumption.
• Work in a strategic and operational capacity to enhance the Third Party Cyber Security Risk Management process based on various international regulatory requirements and industry best practices.
• Work with various stakeholders to automate the assessment and risk management process.
• Work in a strategic and operational capacity to identify the overall Supplier Threat and Risk posture for the firm.
• Foster a close partnership with our Firm wide Cybersecurity Threat Intelligence team (to interpret and manage risk as well as evolve processes and function).

Knowledge, Skill, Experience Required:

Essential:

• Knowledge of regulatory frameworks and experience with regulatory compliance
• Familiarity with security standards (e.g., CRI, ISO 27001, NIST)
• In-depth understanding of information security principles and practices
• Knowledge of current cyber threats and mitigation strategies
• Strong collaboration skills along with the ability to effectively communicate complex security-related information to a business audience, including risk identification, assessment, and remediation activity.
• Excellent communication skills with the ability to articulate complex cyber threat information to technical and non-technical audiences.
• Demonstrable ability to create and maintain collaborative relationships in a large, multinational organization.
• Strong understanding of cyber security principles and technologies.

Beneficial:

• Specialist training or skills in one or more of the following:

• Security certification (CISA/CISM/CISSP/CRISC/ISO-27001 etc.).
• Cloud Security Certifications.

Personal Characteristics:

• Strong communication skills, ability to work comfortably with different regions
• Good team player, ability to work on a local, regional and global basis and as part of joint cross location initiative.
• Strong analytical and problem-solving abilities
• Ability to work independently and as strong team player in global team
• Ability to run with multiple tasks concurrently and manage expectations appropriately.