Associate, IT Risk and Control Lead (Hong Kong)
Central, HK, HK
Nomura
Nomura Holdings website. Group companies, news releases, services, CSR, IR, careers information.Company overview
Nomura is a global financial services group with an integrated network spanning approximately 30 countries and regions. By connecting markets East & West, Nomura services the needs of individuals, institutions, corporates and governments through its three business divisions: Wealth Management, Investment Management, and Wholesale (Global Markets and Investment Banking). Founded in 1925, the firm is built on a tradition of disciplined entrepreneurship, serving clients with creative solutions and considered thought leadership. For further information about Nomura, visit www.nomura.com
Job Title: Hong Kong IT Risk and Control Lead
Corporate Title: Associate
Department: IT Governance and Control
Location: Hong Kong
Department overview:
The GCIO function oversees group-wide technology, operations and our data office. Our purpose is to support Nomura’s business strategy and deliver consistent group-wide services based on common operating principles. We are aligned to our key businesses across the group and operate enterprise-wide functions for risk management, governance and controls, supply chain and infrastructure.
The Chief Controls Office (CCO) is a key function within GCIO and our purpose is aligned to the GCIO Strengthen & Protect strategic pillar. We are a global team focused on strengthening our non-financial risk management framework enabling the business to accelerate strategic delivery, whilst enhancing our ability to dynamically manage risks and evidence that we are operating in control.
The CCO function is on a multi-year global transformation journey which starts with building the right foundations especially the right skills and capabilities within our global team.
Role description:
This is an associate role, offering great potential for involvement across Group CIO - IT Business units, and within our Chief Controls Office team globally – as well as interfacing closely with the Operational Risk department, Legal, Compliance, Regulatory Affairs, Vendor Management, Internal and External Audit.
If you are looking for an opportunity to be at the heart of the Technology risk management, leveraging your hands-on experience in Chief Controls Office or Risk management role, and sound knowledge of risk and controls principles, this may be an ideal opportunity for you. You will work with our IT Business Units and Group CIO senior management to fully understand and actively manage the Firm’s Technology risk profile. In your risk management oversight role, you will be able to navigate a landscape of competing priorities – understanding where to strike the balance between managing risks and acknowledging or accepting certain risks. In this capacity you will be advising Technology management and team on those matters requiring their attention and those which are of lesser importance.
You will be a Risk & Control lead within the team and you will need to leverage your leadership and influencing skills to continue to develop a strong working relationship across our Technology teams globally and Business stakeholders.
Key areas of oversight and engagement:
- Partner, advise, and support stakeholders across Group CIO implement and deliver an effective control environment and proactively manage their key risks within appetite
- Support the definition, creation and implementation of key artefacts and documents (policies, standards, controls, risk appetite statements)
- Ensure the firm’s Operational Risk Management Framework, including the Firm’s Risk Management Enhancement Programme (RMEP), is demonstrably embedded with the Group CIO and that Management Information (MI) is available to verify embedment
- Conduct controls testing and advise where control enhancements are required
- Oversee the annual Internal and External audits of Group CIO
- Participate in the firm’s risk management forums and committees as necessary, e.g. Operational Risk Management Forum, Technology Governance Forum etc.
- Liaise with the second and third lines of defence to ensuring that their requirements are taken into account within the Group CIO risk management framework
- Assess and advise on the risk management requirement for new and emerging technologies, e.g., Cloud, Secure by Design, AI.
Skills, experience, qualifications, and knowledge required:
- Bachelor’s degree of Information Technology, Compliance, Risk and Control or relevant qualification
- Minimum 5 years of relevant risk & control experience within Investment Banking, Audit and consulting firm, or related environment.
- Industry Knowledge of Non-Financial Risk (NFR) frameworks and regulatory compliance requirements.
- Proven experience as a trusted advisor to senior management on NFR framework matters, providing guidance and oversight.
- Strong experience of managing stakeholder across the 3 Lines of Defence (LOD)
- Fluent in English is a must. Fluent in Mandarin will be an advantage.
- Effective communication skills with strong adaptability and attention to details
- Able to think laterally and is comfortable with negotiating, possess an ability to seek buy in from key stakeholders.
- Possess strong analytical skills and an ability to quickly learn new products and systems, need to be able to thrive in a constantly changing environment.
- Audit, Governance, Security industry certification such as CISA, CISM, CRISC, CISSP, CPA, CMIIA or equivalent professional qualification
Diversity Statement
Nomura is committed to an employment policy of equal opportunities, and is fundamentally opposed to any less favourable treatment accorded to existing or potential members of staff on the grounds of race, creed, colour, nationality, disability, marital status, pregnancy, gender or sexual orientation.
DISCLAIMER: This Job Description is for reference only, and whilst this is intended to be an accurate reflection of the current job, it is not necessarily an exhaustive list of all responsibilities, duties, skills, efforts, requirements or working conditions associated with the job. The management reserves the right to revise the job and may, at his or her discretion, assign or reassign duties and responsibilities to this job at any time.
Nomura is an Equal Opportunity Employer
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Banking CISA CISM CISSP Cloud Compliance CRISC Governance Risk management RMF Strategy Vendor management
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.