Job Title:  Sr. Principal Risk & Control Specialist

Overview:
 
Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com
 
Nomura Services India, (Powai) supports Nomura’s businesses around the world. Powai’ s world class capabilities in trading support, research, information technology, financial control, operations, risk management and legal support have played a key role in facilitating Nomura’s global operations and are an integral part of Nomura’s global expansion plans. The Powai operation is a critical part of the platform to support the growth of Nomura’s global business.

Responsibilities:

• Provide Wholesale IT management with adequate risk and control reporting providing full picture of key risks and control metrics.
• Perform oversight and challenge of the relevant IT activities to ensure they conform to applicable IT policies and procedures and the overall Operational Risk Framework.
• Challenge technical teams’ controls and remediation actions to ensure they are effective and fit for purpose. Actions can be in response to Audit or regulatory findings, self-identified issues, event or ineffective control remediations.
• Provide local regional support to management in managing regulatory matters including regulatory inspections, assessment and tracking of regulatory and audit findings remediation activities and representing the area in regional management forums
• Support technology teams with Internal and External audit activities, including advisement on audit requests, review of audit findings and proposed remediation actions, as well as challenging completeness and sustainability of completed actions.
• Collaborate with regional Chief Control Office staff in assessing new regional regulations and its impact to Wholesale technology. Support regulatory inspections and inquiries.
• Oversee and support the Risk and control Self-assessment (RCSA) process for WS IT Business Units ensuring appropriate challenge being provided to preserve the purpose of the framework.
• Conduct deep dive analysis on key events and non-compliance areas
• Support, and advice, Wholesale IT management on Technology Risk and Control framework including global IT policies & standards mandates, key processes and exception management.
• Improve overall IT Risk & Control awareness across Wholesale IT
• Participate in regional and local Risk and Control forums and governance bodies, as deemed necessary

Requirements:

• Bachelor’s degree in information technology or similar field
• Minimum 7 years of relevant IT Risk & Control experience within Investment Banking, Data and Operation function, Wealth Management or related environment.
• Strong understanding of Operational Risk Framework and its components including Policies, Controls, Risk Taxonomy, Operational Events, RCSA, Targeted Risk Assessment amongst others.
• Knowledge of the Three Lines of Defence model in financial industry.
• Familiarity with Excel (Marco), Business Objects Reporting, Power Point, Power BI, GRC tools, ServiceNow, Confluence.
• Collaborator with strong communication skills and ability to present to senior audience in IT and business, with strong adaptability and attention to details.
• Able to think laterally and is comfortable with negotiating and securing buy in from key stakeholders.
• Possess Strong analytical skills and an ability to quickly learn new products and systems, need to be able to thrive in a constantly changing environment.
• One or more certification in CISA, CISM, CRISC, CISSP, or other IT governance, risk, or audit or security professional qualification.

Essential Skillsets/Experiences:

• Experience in design and supporting IT Governance, IT General Control, IT Security, Audit or Technology compliance framework.
• Experience in external and Internal audit facilitation including evidence fulfilment, findings review and challenge and action adequacy.
• Understanding of regulatory environment in APAC generally, and India specifically, and experience supporting regulatory activities including inspections and ad-hoc inquiries.
• Experience in key technology processes including Incident Management Release and Change Management, SDLC, DevOps, Data Management, Asset Management and Cloud deployments.
• Experience of current technology risks and ability to leverage trends to identify problem areas.
• Exposure and engagement in risk reduction programs such as EoL remediation, Vulnerability Management, solution migration, DevOps transition (big plus)
• Experience in technology risk assessment and knowledge of third-party vendor assessment
• Experience and strong capabilities in presenting to senior audience, regulators and external parties

Equal Opportunity Employer:
 
Nomura is an equal opportunities employer. We are committed to providing equal opportunities throughout employment including in the recruitment, training and development of employees (including promotion, transfers, assignments and beliefs). We prohibit discrimination in the workplace whether on grounds of gender, marital or domestic partnership status, pregnancy, career’s responsibilities, sexual orientation, gender identity, race, color, national or ethnic origins, religious belief, disability or age. Our objective is to attract job applications and applications for development from the best possible candidates and to retain the best people.