Associate, Principal IT Risk

**Company overview**

**Department overview**:
The GCIO function oversees group-wide technology, operations and our data office. Our purpose is to support Nomura’s business strategy and deliver consistent group-wide services based on common operating principles. We are aligned to our key businesses across the group and operate enterprise-wide functions for risk management, governance and controls, supply chain and infrastructure.

The Chief Controls Office (CCO) is a key function within GCIO and our purpose is aligned to the GCIO Strengthen & Protect strategic pillar. We are a global team focused on strengthening our non-financial risk management framework enabling the business to accelerate strategic delivery, whilst enhancing our ability to dynamically manage risks and evidence that we are operating in control.

The CCO function is on a multi-year global transformation journey which starts with building the right foundations especially the right skills and capabilities within our global team.

**Role description**:
This is an associate role, offering great potential for involvement across Group CIO - IT Business units, and within our Chief Controls Office team globally - as well as interfacing closely with the Operational Risk department, Legal, Compliance, Regulatory Affairs, Vendor Management, Internal and External Audit.

If you are looking for an opportunity to be at the heart of the Technology risk management, leveraging your hands-on experience in Chief Controls Office or Risk management role, and sound knowledge of risk and controls principles, this may be an ideal opportunity for you. You will work with our IT Business Units and Group CIO senior management to fully understand and actively manage the Firm’s Technology risk profile. In your risk management oversight role, you will be able to navigate a landscape of competing priorities - understanding where to strike the balance between managing risks and acknowledging or accepting certain risks. In this capacity you will be advising Technology management and team on those matters requiring their attention and those which are of lesser importance.

You will be a Risk & Control lead within the team and you will need to leverage your leadership and influencing skills to continue to develop a strong working relationship across our Technology teams globally and Business stakeholders.

**Key areas of oversight and engagement**:

- Partner, advise, and support stakeholders across Group CIO implement and deliver an effective control environment and proactively manage their key risks within appetite
- Support the definition, creation and implementation of key artefacts and documents (policies, standards, controls, risk appetite statements)
- Ensure the firm’s Operational Risk Management Framework, including the Firm’s Risk Management Enhancement Programme (RMEP), is demonstrably embedded with the Group CIO and that Management Information (MI) is available to verify embedment
- Conduct controls testing and advise where control enhancements are required
- Oversee the annual Internal and External audits of Group CIO
- Participate in the firm’s risk management forums and committees as necessary, e.g. Operational Risk Management Forum, Technology Governance Forum etc.
- Liaise with the second and third lines of defence to ensuring that their requirements are taken into account within the Group CIO risk management framework
- Assess and advise on the risk management requirement for new and emerging technologies, e.g., Cloud, Secure by Design, AI.

**Skills, experience, qualifications and knowledge required**:

- Bachelor’s degree of Information Technology, Compliance, Risk and Control or relevant qualification
- Minimum 5 years of relevant risk & control experience within Investment Banking, Audit and consulting firm, or related environment.
- Industry Knowledge of Non-Financial Risk (NFR) frameworks and regulatory compliance requirements.
- Effective communication skills with strong adaptability and attention to details
- Able to think laterally and is comfortable with negotiating, possess an ability to seek buy in from key stakeholders
- Possess strong analytical skills and an ability to quickly learn new products and systems, need to be able to thrive in a constantly changing environment
- Strong experience of managing stakeholder across the 3 Lines of Defence (LOD) will be an advantage
- Proven experience as a trusted advisor to senior management on NFR framework matters, providing guidance and oversight will be an advantage
- Audit, Governance, Security industry certification such as CISA, CISM, CRISC, CISSP, CPA, CMIIA or equivalent professional qualification

**Diversity Statement**

Nomura is committed to an employment policy of equal opportunities, and is fundamentally opposed to any less favourable treatment accorded to existing or potential members of staff on the grounds of race, creed, colour, nationality, disability, marital status, pregnancy, gende