Principal IT Risk & Control
Mumbai, IN
Nomura
Nomura Holdings website. Group companies, news releases, services, CSR, IR, careers information.Department overview
The GCIO function oversees group-wide technology, operations and our data office. Our purpose is to support Nomura’s business strategy and deliver consistent group-wide services based on common operating principles. We are aligned to our key businesses across the group and operate enterprise-wide functions for risk management, governance and controls, supply chain and infrastructure.
The Chief Controls Office (CCO) is a key function within GCIO and our purpose is aligned to the GCIO Strengthen & Protect strategic pillar. We are a global team focused on strengthening our non-financial risk management framework enabling the business to accelerate strategic delivery, whilst enhancing our ability to dynamically manage risks and evidence that we are operating in control.
CCO function is on a multi-year global transfosssrmation journey which starts with building the right foundations especially the right skills and capabilities within our global team.
Role description
Nomura in Powai is looking for a Controls Assurance Lead. Reporting to the Global Head of Controls Assurance, this role will support the design, implementation and operation of the controls assessment framework within GCIO globally. The role is wide ranging and will contribute to all aspects of controls assurance, including but not limited to establishing a global assurance Centre of Excellence (CoE), designing the controls assurance approach and testing methodology, creating and executing the periodic assurance book of work and managing senior stakeholders.
This is an excellent opportunity for an experienced Controls Assurance Lead/Manager looking for a career development opportunity. They will play a pivotal role within GCIO – CCO in establishing and managing the Global GCIO controls assurance function. We are looking for a subject matter expert in Controls Assurance with strong influencing and problem-solving skills who can develop and maintain productive working relationships across GCIO globally, and stakeholders in 2LOD and 3LOD.
Key responsibilities:
Framework Development
- Design and implement a robust controls assurance framework that aligns with the CCO transformation objectives and relevant laws and regulations.
- Develop the controls assurance approach, testing methodology and periodic assurance plan for GCIO.
Stakeholder Engagement
- Collaborate with Senior stakeholders to syndicate the controls assurance framework, incorporate feedback and obtain approval, as required.
- Develop and maintain robust relationships with key stakeholders in the three lines of defense, acting as a subject matter expert in Controls Assurance, to facilitate collaboration and progress towards maturity of the assurance framework.
Deliver Controls Assurance Plan
- Lead a team of assurance analysts to test the design adequacy and operating effectiveness of GCIO controls, delivering the approved controls assurance plan.
- Provide assurance to senior executives and key stakeholders on the effectiveness of the GCIO control environment.
Monitoring and Reporting
- Develop reporting capabilities to support the creation of management information on the effectiveness and efficiency of GCIO controls.
Talent Development
- Build and lead a high-performing team of IT & Cyber resilience risk professionals, providing mentorship, training, and professional development opportunities.
Skills & Experience Required
- Proven experience in controls assurance, or internal audit, with strong focus on transformation, establishing new framework, methodology etc.
- Strong understanding of regulatory requirements and industry best practices related to controls assurance, relevant to GCIO risks – such as Information Technology (IT), Information Security (IS), and/ or Data Management
- Exceptional communication skills, both verbal and written, with the ability to influence and engage stakeholders at all levels.
- Experience operating in a regulated environment and managing stakeholders across the Three Lines of Defense.
- Strong organization skills and attention to detail.
- Familiarity with cyber security, resilience and related domains preferred.
- Prior experience with Service Now Integrated Risk Management (SNOW - IRM) preferred.
Qualifications
- Bachelor’s degree in Information Technology (IT), Computer Science, or a related field; relevant certification (e.g., CISA, CISSP) preferred
Nomura Competencies – Vice President
Trusted Partner
- Understand clients’ needs and issues and provides solutions utilizing Nomura Group company’s resources; earn the clients’ trust.
- Acquire a wide range of knowledge as an employee of Nomura, instead of focusing only on one’s own area of expertise; play a part in improving the company’s service level and corporate value.
Entrepreneurial leadership
- Take on new challenges for improvement and cultivate a corporate culture of challenge by driving change in business operations.
Teamwork Collaboration
- Ensure views are not biased, accept different opinions and perspectives, and collaborate with other members to create common values.
Influence
- Provide appropriate guidance to others and act in a manner that places emphasis on the performance and growth of the organization.
Integrity
- Improve further the understanding and awareness of corporate philosophy, professional ethics, compliance, risk management, and code of conduct, and make decisions and take actions from a managerial position.
Diversity Statement
Nomura is committed to an employment policy of equal opportunities and is fundamentally opposed to any less favourable treatment accorded to existing or potential members of staff on the grounds of race, creed, colour, nationality, disability, marital status, pregnancy, gender or sexual orientation. If you require any assistance or reasonable adjustments due to a disability or long-term health condition, please do not hesitate to contact us.
Right to Work
Nomura is an Equal Opportunity Employer
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: CISA CISSP Compliance Computer Science Governance Monitoring Risk management RMF Strategy
Perks/benefits: Career development Startup environment
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.